Dump guest page table inside QEMU makes system hang

Message ID	20120823025337.GA27969@cs.nctu.edu.tw
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Date: Thu, 23 Aug 2012 10:53:37 +0800 From: =?utf-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= <chenwj@iis.sinica.edu.tw> To: Max Filippov <jcmvbkbc@gmail.com> Message-ID: <20120823025337.GA27969@cs.nctu.edu.tw> References: <20120821072134.GA81486@cs.nctu.edu.tw> <CAAu8pHsy6WvzE1sCGnZ1e4aYadS2eXVcwsa92j0oTLPG1f5DVw@mail.gmail.com> <CAMo8BfLmtwDDOmw0U95zkpH-q7TFfez45WA0y6EagOnRmWVEUQ@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <CAMo8BfLmtwDDOmw0U95zkpH-q7TFfez45WA0y6EagOnRmWVEUQ@mail.gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) Content-Transfer-Encoding: 7bit Cc: Blue Swirl <blauwirbel@gmail.com>, qemu-devel@nongnu.org, =?utf-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= <chenwj@iis.sinica.edu.tw> Subject: Re: [Qemu-devel] Dump guest page table inside QEMU makes system hang Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

20120823025337.GA27969@cs.nctu.edu.tw

State

New

Headers

Date: Thu, 23 Aug 2012 10:53:37 +0800
From: =?utf-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= <chenwj@iis.sinica.edu.tw>
To: Max Filippov <jcmvbkbc@gmail.com>
Message-ID: <20120823025337.GA27969@cs.nctu.edu.tw>
References: <20120821072134.GA81486@cs.nctu.edu.tw>
	<CAAu8pHsy6WvzE1sCGnZ1e4aYadS2eXVcwsa92j0oTLPG1f5DVw@mail.gmail.com>
	<CAMo8BfLmtwDDOmw0U95zkpH-q7TFfez45WA0y6EagOnRmWVEUQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline
In-Reply-To: <CAMo8BfLmtwDDOmw0U95zkpH-q7TFfez45WA0y6EagOnRmWVEUQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Content-Transfer-Encoding: 7bit
Cc: Blue Swirl <blauwirbel@gmail.com>, qemu-devel@nongnu.org,
	=?utf-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= <chenwj@iis.sinica.edu.tw>
Subject: Re: [Qemu-devel] Dump guest page table inside QEMU makes system hang
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

陳韋任 Aug. 23, 2012, 2:53 a.m. UTC

> >>   The system will hang while booting. However, if I comment
> >> cpu_physical_memory_read in function dump_guest_pgtable, there
> >> is no problem. What I am missing here? Thanks.
> >
> > cpu_physical_memory_read() can cause faults or other side effects like
> > MMIO. Using cpu_get_phys_page_debug() may help.
> >
> 
> Maybe you just need to avoid accessing unsuitable physical addresses?
> Or maybe 'if (env->cr[0] & CR0_PG_MASK)' is not strong enough, may
> (CR0_PG_MASK | CR0_PE_MASK) be better?
> 
> At what stage does it hang? What CR3 value changes are observed before
> the hang?

  It's quite embarrassing. The code I posted before is buggy, and it dumps all
1024 * 1024 page table entries. It takes a lot of time, so that I think the
system hangs. Attach is the code snipt what I am using, which works fine now.
Another question is, I would like to know the hva corresponding to gpa (i.e.,
the guest page pointed by guest pte). Do you happen to know there is such
gpa2hva function in QEMU?

  Thanks.

Regards,
chenwj

Comments

陳韋任 Aug. 23, 2012, 3:55 a.m. UTC | #1

>   It's quite embarrassing. The code I posted before is buggy, and it dumps all
> 1024 * 1024 page table entries. It takes a lot of time, so that I think the
> system hangs. Attach is the code snipt what I am using, which works fine now.
> Another question is, I would like to know the hva corresponding to gpa (i.e.,
> the guest page pointed by guest pte). Do you happen to know there is such
> gpa2hva function in QEMU?

  I think I found one, cpu_physical_memory_map (exec.c). Below is how I
convert gpa to hva by using cpu_physical_memory_map.

    target_ulong pde_addr = (env->cr[3] + 32 * 4) & env->a20_mask;
    target_phys_addr_t len = 4;
    void *ptr = cpu_physical_memory_map(pde_addr, &len, 0);

The only thing I am not sure about is what value of len I should use.

Regards,
chenwj

// we only consider x86 w/o pae 
static void dump_guest_pgtable(CPUX86State *env)
{
    int i, j;
    target_ulong pde_addr, pte_addr;
    target_ulong phyaddr, phyaddr2;
    uint32_t pde, pte;

    pde_addr = (env->cr[3] & ~0xfff) & env->a20_mask;
    // first level page directory, iterate pde
    for (i = 0; i < NUM_ENTRY; ++i)
    {
        phyaddr = (pde_addr + i * 4) & env->a20_mask;
        pde = ldl_phys(phyaddr);
        pd[i] = pde;
        if (!(pde & PG_PRESENT_MASK))
            continue;

        pte_addr = (pde & ~0xfff) & env->a20_mask;
        // second level page table, iterate pte
        for (j = 0; j < NUM_ENTRY; ++j)
        {
            phyaddr2 = (pte_addr + j * 4) & env->a20_mask;
            pte = ldl_phys(phyaddr2);
            if (!(pte & PG_PRESENT_MASK))
                pt[i][j] = 0;
            pt[i][j] = pte;
        }
    }
}

Dump guest page table inside QEMU makes system hang

Commit Message

Comments

Patch