Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strange page fault issue #1

Open
khale opened this issue Jun 20, 2018 · 1 comment
Open

Strange page fault issue #1

khale opened this issue Jun 20, 2018 · 1 comment
Labels
bug Something isn't working

Comments

@khale
Copy link
Member

khale commented Jun 20, 2018
edited
Loading

Overview

page fault handler in nautilus somehow clobbers rax, resulting in a bad address reference on return from handler

Suspected Cause

Stack is going away or getting manipulated during page fault handler, before rax is restored by the low-level exception handler code

  42911e:       e8 6d d6 01 00          callq  446790 <__mmap>
  429123:       48 83 f8 ff             cmp    $0xffffffffffffffff,%rax
  429127:       0f 84 1e fc ff ff       je     428d4b <_int_malloc+0xa4b>
  42912d:       4c 89 ea                mov    %r13,%rdx
  429130:       48 83 ca 02             or     $0x2,%rdx
  429134:       48 89 50 08             mov    %rdx,0x8(%rax) <--- we're getting a page fault here, rax is getting clobbered. Likely this is coming from rax corruption in the nautilus page fault handler


[ 8922.615162] palacios (pcore 0 vm hvm vcore 1): DEBUG: VM_CONSOLE>Forwarding page fault to ROS: rip=0x004290f4 addr=0x7f8c0c245008 err=0x2 (w=1)
[ 8922.616325] palacios (pcore 0 vm hvm vcore 1): DEBUG: hvm: ROS event request
[ 8922.616906] palacios (pcore 0 vm hvm vcore 1): DEBUG: hvm: copying ros event size 80
[ 8922.617994] palacios (pcore 0 vm hvm vcore 1): DEBUG: hvm: copied new ROS event (type=page fault)
[ 8922.618027] palacios (pcore 1 vm hvm vcore 0): DEBUG: hvm: completion of ROS event (rc=0x0)
[ 8922.620584] palacios (pcore 0 vm hvm vcore 1): DEBUG: VM_CONSOLE>Nautilus returning from HVM page fault. CS is 0x30, SS is 0x28 (returning 0x0)
[ 8922.621754] palacios (pcore 0): zone=ffff88020cacee80, order=12
[ 8922.622329] palacios (pcore 0): Order iter=12
[ 8922.622873] palacios (pcore 0): pool=ffff88020d1287e0, block=ffff8800de987000, order=12, j=12
[ 8922.624129] palacios (pcore 0 vm hvm vcore 1): DEBUG: VM_CONSOLE>current CS=0x30 SS=0x28
[ 8922.625604] palacios (pcore 0 vm hvm vcore 1): DEBUG: VM_CONSOLE>Forwarding page fault to ROS: rip=0x004290f4 addr=0x00000038 err=0x2 (w=1)

Notice we come back from the first page fault with RAX screwed up. 0x38 is suspicious because it is 8(0x30). 0x30 is a typical value for %cs. Coincidence?

NOTE: This bug is relatively uncommon
@khale khale added the bug Something isn't working label Jun 20, 2018
@khale
Copy link
Member Author

khale commented Jun 20, 2018

This is most likely fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@khale