Hi, while playing with tools/tests/xen-access I came across domU crashes when I set a page permission to either HVMMEM_access_w or HVMMEM_access_wx and the domU tries to read from the page. I would expect it to generate an event that is delivered to xen-access, but that is not the case. All other HVMMEM_access flags work properly and deliver the event, including read events as well. It seems to me that making a page non-readable for the guest but keeping it writable is what causing the issue but not sure where exactly. The vmexit is caused by a EXIT_REASON_EPT_MISCONFIG which is unhandled in vmx.c. xl dmesg: (XEN) vmx.c:2847:d199 Bad vmexit (reason 0x31) (XEN) domain_crash called from vmx.c:2848 (XEN) Domain 199 (vcpu#0) crashed on cpu#3: (XEN) ----[ Xen-4.3.0 x86_64 debug=n Tainted: C ]---- (XEN) CPU: 3 (XEN) RIP: 0033:[<00007f7d4a0e2a48>] (XEN) RFLAGS: 0000000000010207 CONTEXT: hvm guest (XEN) rax: 0000000000000001 rbx: 00007f7d4a3ae240 rcx: 00007f7d4a0e2a40 (XEN) rdx: 0000000000000400 rsi: 00007f7d4a5d0000 rdi: 0000000000000000 (XEN) rbp: 00007f7d4a3ae160 rsp: 00007fff8c1197f8 r8: 00007f7d4a5ca700 (XEN) r9: 0000000000000000 r10: 0000000000000022 r11: 0000000000000246 (XEN) r12: 0000000000400540 r13: 00007fff8c11a960 r14: 0000000000000000 (XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000000406f0 (XEN) cr3: 0000000019b7a000 cr2: 00007f7d4a5d0000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 002b cs: 0033 (XEN) hap.c:265: d199 failed to allocate from HAP pool<G><2>mem_event.c:518:d0 Ignoring memory event op on dying domain 199 I''m running Xen 4.3 and the issue was present on both an i7-2600 and i3-2310M CPU. Can anyone provide some insight into what might be going on here? Thanks, Tamas
Aravindh Puthiyaparambil (aravindp)
2013-Nov-05 20:10 UTC
Re: Bad vmexit (reason 0x31) with HVMMEM_access_w/x
> Hi, > while playing with tools/tests/xen-access I came across domU crashes > when I set a page permission to either HVMMEM_access_w or > HVMMEM_access_wx and the domU tries to read from the page. I would > expect it to generate an event that is delivered to xen-access, but > that is not the case. All other HVMMEM_access flags work properly and > deliver the event, including read events as well. It seems to me that > making a page non-readable for the guest but keeping it writable is > what causing the issue but not sure where exactly. The vmexit is > caused by a EXIT_REASON_EPT_MISCONFIG which is unhandled in vmx.c. > > xl dmesg: > > (XEN) vmx.c:2847:d199 Bad vmexit (reason 0x31) > (XEN) domain_crash called from vmx.c:2848 > (XEN) Domain 199 (vcpu#0) crashed on cpu#3: > (XEN) ----[ Xen-4.3.0 x86_64 debug=n Tainted: C ]---- > (XEN) CPU: 3 > (XEN) RIP: 0033:[<00007f7d4a0e2a48>] > (XEN) RFLAGS: 0000000000010207 CONTEXT: hvm guest > (XEN) rax: 0000000000000001 rbx: 00007f7d4a3ae240 rcx: 00007f7d4a0e2a40 > (XEN) rdx: 0000000000000400 rsi: 00007f7d4a5d0000 rdi: 0000000000000000 > (XEN) rbp: 00007f7d4a3ae160 rsp: 00007fff8c1197f8 r8: 00007f7d4a5ca700 > (XEN) r9: 0000000000000000 r10: 0000000000000022 r11: 0000000000000246 > (XEN) r12: 0000000000400540 r13: 00007fff8c11a960 r14: 0000000000000000 > (XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000000406f0 > (XEN) cr3: 0000000019b7a000 cr2: 00007f7d4a5d0000 > (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 002b cs: 0033 > (XEN) hap.c:265: d199 failed to allocate from HAP > pool<G><2>mem_event.c:518:d0 Ignoring memory event op on dying domain > 199 > > I''m running Xen 4.3 and the issue was present on both an i7-2600 and > i3-2310M CPU. > > Can anyone provide some insight into what might be going on here?That is because trying to set W or WX produces an EPT entry value that is unsupported. Here is the snippet describing this from the Intel SDM Vol 3 28.2.3.1: AN EPT misconfiguration occurs if any of the following is identified while translating a guest-physical address: * The value of bits 2:0 of an EPT paging-structure entry is either 010b (write-only) or 110b (write/execute). Hope this helps. Thanks, Aravindh