On 01.02.2021 16:26, James Dingwall wrote:
> I am building the xen 4.11 branch at
> 310ab79875cb705cc2c7daddff412b5a4899f8c9 which includes commit
> 3b5de119f0399cbe745502cb6ebd5e6633cc139c "86/msr: fix handling of
> MSR_IA32_PERF_{STATUS/CTL}". I think this should address this error
> recorded in xen's dmesg:
>
> (XEN) d11v0 VIRIDIAN CRASH: 3b c0000096 75b12c5 9e7f1580 0
It seems to me that you imply some information here which might
better be spelled out. As it stands I do not see the immediate
connection between the cited commit and the crash. C0000096 is
STATUS_PRIVILEGED_INSTRUCTION, which to me ought to be impossible
for code running in ring 0. Of course I may simply not know enough
about modern Windows' internals to understand the connection.
> I have removed `viridian = [..]` from the xen config nut still get this
> reliably when launching PassMark Performance Test and it is collecting
> CPU information.
>
> This is recorded in the domain qemu-dm log:
>
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: ====>
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> SYSTEM_SERVICE_EXCEPTION: 00000000C0000096 FFFFF800A43C72C5 FFFFD0014343D580
> 0000000000000000
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> EXCEPTION (FFFFF800A43C72C5):
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - Code =
> C148320F
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - Flags
> = 0B4820E2
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Address = 0000A824948D4800
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[0] = 8B00000769850F07
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[1] = 46B70F4024448906
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[2] = 0F44442444896604
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[3] = E983C88B410646B6
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[4] = 0D7401E9831E7401
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[5] = 54B70F217502F983
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[6] = 54B70F15EBED4024
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[7] = EBC0B70FED664024
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[8] = 0FEC402454B70F09
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[9] = 448B42244489C0B6
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[10] = 2444B70F06894024
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[11] = 4688440446896644
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[12] = 0000073846C74906
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[13] = F8830000070AE900
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: -
> Parameter[14] = 8B000006F9850F07
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> EXCEPTION (0000A824848948C2):
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: CONTEXT
> (FFFFD0014343D580):
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - GS =
> 002B
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - FS =
> 0053
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - ES =
> 002B
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - DS =
> 002B
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - SS =
> 0018
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - CS =
> 0010
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - EFLAGS
> = 00000202
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RDI =
> 00000000F64D5C20
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RSI =
> 00000000F6367280
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RBX =
> 000000008011E060
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RDX =
> 00000000F64D5C20
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RCX =
> 0000000000000199
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RAX =
> 0000000000000004
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RBP =
> 000000004343E891
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RIP =
> 00000000A43C72C5
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - RSP =
> 000000004343DFA0
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R8 =
> 0000000000000008
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R9 =
> 000000000000000E
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R10 =
> 0000000000000002
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R11 =
> 000000004343E808
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R12 =
> 0000000000000000
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R13 =
> 00000000F7964E50
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R14 =
> 00000000F64D5C20
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: - R15 =
> 00000000F7964E50
I'm also confused by this - the pointer given for CONTEXT suggests this
is a 64-bit kernel, yet none of the registers - including RIP and RSP -
have non-zero upper 32 bits. Or is qemu truncating these values?
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: STACK:
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 000000004343E810: (0000000000000000 000000004343E891 0000000000000002
> 00000000F75F08A0) ntoskrnl.exe + 0000000000485507
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 000000004343E8E0: (00000000F75F0805 000000004343EB80 00000000F6A62CC0
> 00000000F75F08A0) ntoskrnl.exe + 0000000000486468
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 000000004343EA20: (0000000000000000 0000000000000000 0000000000000000
> 0000000000000000) ntoskrnl.exe + 0000000000458CAE
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 000000004343EA90: (0000000000000000 0000000000000000 000000007DBED000
> 000000007DA00028) ntoskrnl.exe + 00000000001501A3
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 0000000009ABE388: (00000000587D5673 0000000058F40000 0000000006002D2B
> 0000000000000000) 00007FFB5B3207CA
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 0000000009ABE390: (0000000058F40000 0000000006002D2B 0000000000000000
> 00000000160C86D8) 00007FFB587D5673
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 0000000009ABE398: (0000000006002D2B 0000000000000000 00000000160C86D8
> 0000000009ABE3E0) 00007FFB58F40000
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 0000000009ABE3A0: (0000000000000000 00000000160C86D8 0000000009ABE3E0
> 000000008011E060) 00007FFB06002D2B
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK:
> 0000000009ABE3A8: (00000000160C86D8 0000000009ABE3E0 000000008011E060
> 0000000009ABE4A0) 0000000000000000
> [email protected]:xen_platform_log xen platform: XEN|BUGCHECK: <====
>
> The Windows guest is running winpv drivers 8.2.1.
>
> I'm not quite sure what else to examine or change at this point so any
> guidance would be welcome.
The hypervisor log (at maximum log levels) accompanying this might
help some. And of course, if possible, trying on a newer Xen (ideally
current master).
Jan
