Christoph Egger
2008-Jan-11 11:08 UTC
[Xen-devel] [PATCH][HVM] Fix guest hang producing "PIT: bad access" messages
Hi When the HVM guest atomically reads two bytes from the PIT via "rep insb" and the two bytes crosses pages, then in xen/arch/x86/hvm/i8254.c, handle_pit_io(), p->data_is_ptr is 1 which leads to an unhandled read. Since reading the first byte does not change the guest rip, an endless loop of VMEXIT_IOIO happens. This leads to an endless stream of "PIT: bad access" xen messages => Guest hangs. This has been accurately reproduced on NetBSD/amd64 as HVM guest and this also been seen on 64bit Windows guests. The attached patch handles the page-crossing access in the PIT emulation. Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> -- AMD Saxony, Dresden, Germany Operating System Research Center Legal Information: AMD Saxony Limited Liability Company & Co. KG Sitz (Geschäftsanschrift): Wilschdorfer Landstr. 101, 01109 Dresden, Deutschland Registergericht Dresden: HRA 4896 vertretungsberechtigter Komplementär: AMD Saxony LLC (Sitz Wilmington, Delaware, USA) Geschäftsführer der AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2008-Jan-11 11:52 UTC
Re: [Xen-devel] [PATCH][HVM] Fix guest hang producing "PIT: bad access"messages
Okay, but the patch is buggy (accesses count*size bytes of memory, but actually only one byte-sized port will be accessed) and actually this is indicative of a wider issue in other Xen-emulated devices. We need a more cooked interface to PIO handlers. I''ll take a look. -- Keir On 11/1/08 11:08, "Christoph Egger" <Christoph.Egger@amd.com> wrote:> > Hi > > When the HVM guest atomically reads two bytes from the PIT via "rep insb" > and the two bytes crosses pages, then in xen/arch/x86/hvm/i8254.c, > handle_pit_io(), p->data_is_ptr is 1 which leads to an unhandled read. > > Since reading the first byte does not change the guest rip, an endless loop > of VMEXIT_IOIO happens. This leads to an endless stream of "PIT: bad access" > xen messages => Guest hangs. > > This has been accurately reproduced on NetBSD/amd64 as HVM guest > and this also been seen on 64bit Windows guests. > > The attached patch handles the page-crossing access in the PIT emulation. > > Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2008-Jan-12 11:10 UTC
Re: [Xen-devel] [PATCH][HVM] Fix guest hang producing "PIT: bad access"messages
Fixed by c/s 16709. I tested with the ISO you sent me and NetBSD boots much further, to a reasonable point (failure to init a console). -- Keir On 11/1/08 11:08, "Christoph Egger" <Christoph.Egger@amd.com> wrote:> > Hi > > When the HVM guest atomically reads two bytes from the PIT via "rep insb" > and the two bytes crosses pages, then in xen/arch/x86/hvm/i8254.c, > handle_pit_io(), p->data_is_ptr is 1 which leads to an unhandled read. > > Since reading the first byte does not change the guest rip, an endless loop > of VMEXIT_IOIO happens. This leads to an endless stream of "PIT: bad access" > xen messages => Guest hangs. > > This has been accurately reproduced on NetBSD/amd64 as HVM guest > and this also been seen on 64bit Windows guests. > > The attached patch handles the page-crossing access in the PIT emulation. > > Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Christoph Egger
2008-Jan-14 10:38 UTC
Re: [Xen-devel] [PATCH][HVM] Fix guest hang producing "PIT: bad access"messages
On Saturday 12 January 2008 12:10:58 Keir Fraser wrote:> Fixed by c/s 16709. I tested with the ISO you sent me and NetBSD boots much > further,I can confirm that. I tested with c/s 16712. Thanks for fixing this.> to a reasonable point (failure to init a console).It launches "sysinst", the install application. Press CTRL+Z get back on console. Christoph> > -- Keir > > On 11/1/08 11:08, "Christoph Egger" <Christoph.Egger@amd.com> wrote: > > Hi > > > > When the HVM guest atomically reads two bytes from the PIT via "rep > > insb" and the two bytes crosses pages, then in xen/arch/x86/hvm/i8254.c, > > handle_pit_io(), p->data_is_ptr is 1 which leads to an unhandled read. > > > > Since reading the first byte does not change the guest rip, an endless > > loop of VMEXIT_IOIO happens. This leads to an endless stream of "PIT: bad > > access" xen messages => Guest hangs. > > > > This has been accurately reproduced on NetBSD/amd64 as HVM guest > > and this also been seen on 64bit Windows guests. > > > > The attached patch handles the page-crossing access in the PIT emulation. > > > > Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>-- AMD Saxony, Dresden, Germany Operating System Research Center Legal Information: AMD Saxony Limited Liability Company & Co. KG Sitz (Geschäftsanschrift): Wilschdorfer Landstr. 101, 01109 Dresden, Deutschland Registergericht Dresden: HRA 4896 vertretungsberechtigter Komplementär: AMD Saxony LLC (Sitz Wilmington, Delaware, USA) Geschäftsführer der AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel