From patchwork Tue May 23 13:40:53 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Boris Ostrovsky <boris.ostrovsky@oracle.com>
X-Patchwork-Id: 9742687
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	37088601C2 for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 23 May 2017 13:44:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 266D32870D
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 23 May 2017 13:44:18 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 1A7DF28642; Tue, 23 May 2017 13:44:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9139D28642
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 23 May 2017 13:44:17 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dDA3n-0000HC-7n; Tue, 23 May 2017 13:41:15 +0000
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <boris.ostrovsky@oracle.com>) id 1dDA3m-0000H2-B7
	for xen-devel@lists.xen.org; Tue, 23 May 2017 13:41:14 +0000
Received: from [85.158.137.68] by server-9.bemta-3.messagelabs.com id
	11/54-26749-9FB34295; Tue, 23 May 2017 13:41:13 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrCIsWRWlGSWpSXmKPExsXSO6nOVfentUq
	kwbY3fBZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8bsmStYCtbKVvyfXtnA+FS8i5GLQ0hgIpPE
	m9+XWLoYOYGcb4wS01vyIBIbGSUW3brJAuFsZ5SY+PkiWJWwQKLEyg8LwGwRAWWJ3l+/oYqmM
	0l8O/iNGcRhFtjGJHHlwQ9mkCo2ASOJs0enM3YxcnDwCthKfDpjBhJmEVCVeD99BtggUYFwib
	eNR8BsXgFBiZMzn4DZnAL2Ejc3LGcHsZkF9CR2XP/FCmHLS2x/OwdsvISAocTnjUuZJzAKzkL
	SPgtJyywkLQsYmVcxahSnFpWlFukaGeklFWWmZ5TkJmbm6BoaGOvlphYXJ6an5iQmFesl5+du
	YgSGbj0DA+MOxqkn/A4xSnIwKYny7klQjhTiS8pPqcxILM6ILyrNSS0+xCjDwaEkwXvPSiVSS
	LAoNT21Ii0zBxhFMGkJDh4lEd4vIGne4oLE3OLMdIjUKUZFKXHe/SAJAZBERmkeXBssci8xyk
	oJ8zIyMDAI8RSkFuVmlqDKv2IU52BUEublBaYBIZ7MvBK46a+AFjMBLXa9qwyyuCQRISXVwOh
	T2ND/ijPVZobMo/UOrpG105wWf/v6L7Jz/vurgRFHvSYaWa1mUP0U5/fjgBp/QtiE+2zSIR/Z
	L8w1ten9V5SzzC/ioN0LfeYLkl8vbT4Utu+0/83+6Y8+V/wMej5jw1zpmtXXlv6OPR0/813Et
	5Q3pw53SXSUTDiTISLyOj5LlC9S4dDJj61KLMUZiYZazEXFiQDuXRTo1wIAAA==
X-Env-Sender: boris.ostrovsky@oracle.com
X-Msg-Ref: server-14.tower-31.messagelabs.com!1495546871!101909232!1
X-Originating-IP: [141.146.126.69]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogMTQxLjE0Ni4xMjYuNjkgPT4gMjc3MjE4\n
X-StarScan-Received: 
X-StarScan-Version: 9.4.12; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 44612 invoked from network); 23 May 2017 13:41:12 -0000
Received: from aserp1040.oracle.com (HELO aserp1040.oracle.com)
	(141.146.126.69)
	by server-14.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 23 May 2017 13:41:12 -0000
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
	by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with
	ESMTP id v4NDf1PT008865
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 23 May 2017 13:41:02 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
	by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id
	v4NDf1q6002086
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 23 May 2017 13:41:01 GMT
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13])
	by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id
	v4NDewgY016089; Tue, 23 May 2017 13:40:59 GMT
Received: from
	dhcp-burlington7-2nd-B-east-10-152-55-162.usdhcp.oraclecorp.com
	(/10.152.52.138) by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Tue, 23 May 2017 06:40:58 -0700
To: Jan Beulich <JBeulich@suse.com>
References: <1494414801-28953-1-git-send-email-igor.druzhinin@citrix.com>
	<8ecd113d-3762-b9ec-b3b7-7c54680a9594@oracle.com>
	<592409E6020000780015BF63@prv-mh.provo.novell.com>
	<964e9b33-973a-8374-c78c-e6e1c10bc097@oracle.com>
	<5924527E020000780015C20F@prv-mh.provo.novell.com>
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Message-ID: <d21f3b6d-d1c5-be00-6a1d-1944099b4bbc@oracle.com>
Date: Tue, 23 May 2017 09:40:53 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <5924527E020000780015C20F@prv-mh.provo.novell.com>
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Cc: Igor Druzhinin <igor.druzhinin@citrix.com>,
	Kevin Tian <kevin.tian@intel.com>,
	George Dunlap <george.dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>, xen-devel@lists.xen.org,
	Julien Grall <julien.grall@arm.com>,
	Jun Nakajima <jun.nakajima@intel.com>
Subject: Re: [Xen-devel] [PATCH v2 for-4.9] x86/mm: Fix incorrect unmapping
	of 2MB and 1GB pages
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

On 05/23/2017 09:17 AM, Jan Beulich wrote:
>>>> On 23.05.17 at 15:00, <boris.ostrovsky@oracle.com> wrote:
>> (d1) Testing HVM environment:
>> (XEN) d1v0 Triple fault - invoking HVM shutdown action 1
>> (XEN) *** Dumping Dom1 vcpu#0 state: ***
>> (XEN) ----[ Xen-4.9-rc  x86_64  debug=y   Tainted:  C   ]----
>> (XEN) CPU:    11
>> (XEN) RIP:    0018:[<000000000010815c>]
>> (XEN) RFLAGS: 0000000000000086   CONTEXT: hvm guest (d1v0)
>> (XEN) rax: 0000000080000011   rbx: 000000000017c000   rcx: 0000000000003000
>> (XEN) rdx: 00000000ffefffff   rsi: 0000000000000000   rdi: 0000000000000000
>> (XEN) rbp: 0000000000136478   rsp: 0000000000136478   r8:  0000000000000000
>> (XEN) r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
>> (XEN) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
>> (XEN) r15: 0000000000000000   cr0: 0000000080000011   cr4: 0000000000000000
>> (XEN) cr3: 0000000000800000   cr2: 000000000010815c
>> (XEN) ds: 0020   es: 0020   fs: 0020   gs: 0020   ss: 0020   cs: 0018
>>
>>
>> 0x10815c is tools/firmware/hvmloader/tests.c:start_paging(), the 'jmp'
>> after we enable paging (load cr0 with bit 31 set).
> Odd. Suggests page tables are completely screwed.
>
>> root@ovs101> xl create -c ~/virt/pvh.conf
>> Parsing config from /root/virt/pvh.conf
>> libxl: notice: libxl_numa.c:518:libxl__get_numa_candidate: NUMA
>> placement failed, performance might be affected
>> S3 disabled
>> S4 disabled
>> CONV disabled
>> xc: error: panic: xc_dom_boot.c:178: xc_dom_boot_domU_map: failed to
>> mmap domU pages 0x1000+0x1062 [mmap, errno=22 (Invalid argument)]:
>> Internal error
> This is even more strange. I can't seem to make a connection to
> the changes in said commit at all. And I did go through p2m-pt.c's
> relevant code another time this morning, without spotting any
> possible oversight by Igor. IOW I'm now really curious what it is
> that I'm not seeing (and that's apparently NPT-specific).

And you haven't been able to reproduce this? I see this fail on two AMD
systems (different processor families).

What's interesting (I just noticed this) is that while PVH fails in the
same manner, HVM crashes differently. The second crash is

(d11) xen: copy e820...
(XEN) d11v0 Triple fault - invoking HVM shutdown action 1
(XEN) *** Dumping Dom11 vcpu#0 state: ***
(XEN) ----[ Xen-4.9-rc  x86_64  debug=n   Tainted:  C   ]----
(XEN) CPU:    0
(XEN) RIP:    0008:[<00000000000da54c>]
(XEN) RFLAGS: 0000000000000093   CONTEXT: hvm guest (d11v0)
(XEN) rax: 000000008ee08e90   rbx: 000000008ee08ec0   rcx: 00000000ffffffff
(XEN) rdx: 0000000000006f74   rsi: 000000009ea91ce8   rdi: 0000000000000000
(XEN) rbp: 0000000000006fd8   rsp: 0000000000006f64   r8:  0000000000000000
(XEN) r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
(XEN) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
(XEN) r15: 0000000000000000   cr0: 0000000000000011   cr4: 0000000000000000
(XEN) cr3: 0000000000000000   cr2: 0000000000000000
(XEN) ds: 0010   es: 0010   fs: 0010   gs: 0010   ss: 0010   cs: 0008


so paging is off and it dies not in hvmloader.

And this:

 
             order = (!(fn_mask & ((1ul << PAGE_ORDER_1G) - 1)) &&


makes the problem go away.

-boris

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index c6ec1a4..0051623 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -560,7 +560,7 @@ int p2m_set_entry(struct p2m_domain *p2m, unsigned
long gfn, mfn_t mfn,
     {
         if ( hap_enabled(d) )
         {
-            unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ?
+            unsigned long fn_mask = (!mfn_eq(mfn, INVALID_MFN) || 1)?
                                      (gfn | mfn_x(mfn) | todo) : (gfn |
todo);