http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=252
I have been looking into the problem. The alignment check is happening
on a "lock cmpxchg8b". Is it possible for ACs to happen when going
across page boundaries on cmpxchg8b in CPL 0? Is there any scenario when
ACs can happen with cmpxchg8b in CPL 0?
Thanks,
Aravindh
This is what I see on the serial console when the system dies.
(XEN) (file=traps.c, line=960) Non-priv domain attempted
RDMSR(00000000c0000080,00020000,00020000).
(XEN) CPU: 3
(XEN) RIP: e010:[<ffff83000014a750>] get_page+0x108/0x14a
(XEN) RFLAGS: 0000000000010286 CONTEXT: hypervisor
(XEN) rax: 0000000080000002 rbx: 0000000080000003 rcx:
0000000000fcd080
(XEN) rdx: 0000000000fcd080 rsi: ffff830000fcd080 rdi:
ffff8284021e713c
(XEN) rbp: ffff830000213bc8 rsp: ffff830000213b78 r8:
00000000deadbeef
(XEN) r9: 00000000deadbeef r10: ffff8300001aefe0 r11:
0000000000000206
(XEN) r12: ffff8300001cb780 r13: 0000000000000180 r14:
ffffffff802b0aa3
(XEN) r15: ffff880000000000 cr0: 000000008005003b cr3:
00000000e7ea0000
(XEN) Xen stack trace from rsp=ffff830000213b78:
(XEN) ffff8300001cb900 0000000000213f28 00fcd08000213ba8
ffff83000012a4dd
(XEN) 00fcd08000fcd080 8000000200fcd080 8000000280000003
ffff830000fcd080
(XEN) ffff8284021e7128 0000000000000000 ffff830000213c18
ffff830000140f7e
(XEN) ffffffff802b0aa8 0000000000000000 0000000000000008
ffff830000000065
(XEN) ffff8284021e7128 00000000000d8fa1 ffff830000fcd080
00000000d8fa1065
(XEN) ffff830000213c98 ffff8300001422ac 0000000000000000
ffff830000fcd080
(XEN) 0000000100000008 07fffc0200000065 07fffc0230000002
0000000000000000
(XEN) 0000000000000008 ffff8300d8fa3600 ffff830000213c78
ffff830000fcd080
(XEN) 00000000d8fa1067 07fffc0230000003 00000000d8fa1065
ffff8300d8fa3600
(XEN) ffff830000213f08 ffff830000145b3c ffff830000213cc8
000000000012a4dd
(XEN) ffff830000213cc8 000000000012a4ab ffff830000213ce8
ffff83000012a218
(XEN) ffff830000213d38 ffff830000213cf8 00007cffffdec2e7
ffff83000013ae51
(XEN) ffff800000000000 ffffffff80105000 00000000005c2000
ffffffff80105010
(XEN) ffff830000213dd8 ffff830000000008 00000004021b1f70
0000000080000002
(XEN) 0000000080000002 00000004f0000001 0000000080000001
0000000080000002
(XEN) ffff8284021b1f64 80000002f0000001 8000000180000002
ffff8284021b1f50
(XEN) ffff830000213d98 ffff83000014a7b0 ffff830000fcd080
ffff8284021b1f50
(XEN) ffff830000213dd8 ffff8300001415e7 0000000000000000
ffff830000fcd080
(XEN) ffff8284021b1f50 00000000000d7a62 ffff830000fcd080
00000000d7a62027
(XEN) ffff830000213e58 ffff83000014230f 0000000020000000
00000000000d8fa3
(XEN) Xen call trace:
(XEN) [<ffff83000014a750>] get_page+0x108/0x14a
(XEN) [<ffff830000140f7e>] get_page_from_l1e+0x27e/0x28c
(XEN) [<ffff8300001422ac>] mod_l1_entry+0x21d/0x28c
(XEN) [<ffff830000145b3c>] do_mmu_update+0x553/0x14bd
(XEN) [<ffff83000016a940>] syscall_enter+0xa0/0xfa
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 3:
(XEN) CPU3 FATAL TRAP: vector = 17 (alignment check)
(XEN) [error_code=0000]
(XEN) ****************************************
Here is the code snippet which caused the AC to happen.
__asm__ __volatile__(
ffff83000014a736: 48 8b 7d f0 mov
0xfffffffffffffff0(%rbp),%rdi
ffff83000014a73a: 48 83 c7 14 add $0x14,%rdi
ffff83000014a73e: 8b 55 d8 mov
0xffffffffffffffd8(%rbp),%edx
ffff83000014a741: 8b 45 e4 mov
0xffffffffffffffe4(%rbp),%eax
ffff83000014a744: 8b 4d d8 mov
0xffffffffffffffd8(%rbp),%ecx
ffff83000014a747: 89 4d c4 mov
%ecx,0xffffffffffffffc4(%rbp)
ffff83000014a74a: 8b 5d e0 mov
0xffffffffffffffe0(%rbp),%ebx
ffff83000014a74d: 8b 4d c4 mov
0xffffffffffffffc4(%rbp),%ecx
ffff83000014a750: f0 0f c7 0f lock cmpxchg8b (%rdi)
ffff83000014a754: 89 ce mov %ecx,%esi
ffff83000014a756: 89 45 c4 mov
%eax,0xffffffffffffffc4(%rbp)
ffff83000014a759: 89 d0 mov %edx,%eax
ffff83000014a75b: 89 45 d4 mov
%eax,0xffffffffffffffd4(%rbp)
ffff83000014a75e: 8b 45 c4 mov
0xffffffffffffffc4(%rbp),%eax
ffff83000014a761: 89 45 dc mov
%eax,0xffffffffffffffdc(%rbp)
ffff83000014a764: 89 f0 mov %esi,%eax
ffff83000014a766: 89 45 d8 mov
%eax,0xffffffffffffffd8(%rbp)
LOCK_PREFIX "cmpxchg8b %3"
: "=d" (nd), "=a" (y), "=c" (d),
"=m" (*(volatile u64 *)(&page->count_info))
: "0" (d), "1" (x), "c" (d), "b" (nx) );
}
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|