From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4808D81E4E for ; Tue, 22 Nov 2016 04:57:56 -0800 (PST) Received: by mail-io0-x235.google.com with SMTP id s15so1870286ioi.2 for ; Tue, 22 Nov 2016 04:57:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc; bh=OnIlg0zbzjBd24FXk0+6ejKbThslkyuRMKITw9D6kPA=; b=nHnrwKzpnAAlbg9vkFAesLxc9/LMZtvzAd0JceIvdlGYo+DALMfRL3AkRW+u7uVZnt 861IyIjfG7qYU1aNlWOge2ViqzNZNnLCc1T+6qlEGPQ69ffenSBAelAobLL02r0d4Sqe o3uWIEaehxQRWd8sOyaB6+6qThsAOZHQ7/GVRXi36NtHHX5OdCRXtGg4V1ycVGHoSKIq /pyDkQMDXY5ExwxFHic0n2Ldx4jaCr3yc0Haxu+eQZW1x98o07pBZumQumtw5aQ4r6ty q1AyH04pnj/3E0y0CwdcVteyaZiYoPdbP7qKqwWB65TsmiIhoHJnHHDAj4Qu6mhNBBv+ qh1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=OnIlg0zbzjBd24FXk0+6ejKbThslkyuRMKITw9D6kPA=; b=KmmM/kMwrVeRvHYzxmD+y2t9aMtI/rLXbA1nPWvS9gXN8umqfBK6Rw2ZiShzS5jing jSEvWAk0yJy+r3TAcPX/yaaPzGLzWcd254G4dr4gf5gelbJHBO3Be6dE22Jn9cddZKe7 140wSpf9W+M3Hh8pRYoywLF23zDd3Xh3XqowEGFiO0uVnsRw9+27Y382Xi4RH5iHTVHz JOqpthE8v8TZhnm0V8A3s5JKeF2Lo/cTOApceji8pZOZdPEJPDZR8UuKMTuBn0OgZWo8 J+KdN77eRXJuYp9Vx7Px3lVM5n525XG0eumYrOaKb7AI/1j4zLxudX06exqgaMBqCAgD drsg== X-Gm-Message-State: AKaTC03N9GqvUgmX5orSsQ+etbap1tHXZX6iOSxz5AMEmmCGCXvZYCD+VqYlrOmmKIjIPlyfZyrtErZoNxgsmA== X-Received: by 10.107.15.148 with SMTP id 20mr14824770iop.233.1479819475415; Tue, 22 Nov 2016 04:57:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.36.113.196 with HTTP; Tue, 22 Nov 2016 04:57:55 -0800 (PST) From: Evgeny Yakovlev Date: Tue, 22 Nov 2016 15:57:55 +0300 Message-ID: To: edk2-devel@lists.01.org Cc: eyakovlev@virtuozzo.com, lersek@redhat.com, den@virtuozzo.com, rkagan@virtuozzo.com X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: OvmfPkg: VM crashed trying to write to RO memory from CommonInterruptEntry X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2016 12:57:56 -0000 Content-Type: text/plain; charset=UTF-8 We are running windows UEFI-based VMs on QEMU/KVM with OvmfPkg. Very rarely we are experiencing a crash when VM tries to write to RO memory very early during UEFI boot process. Crash happens when VM tries to execute this code in interrupt handler: https://github.com/tianocore/edk2/blob/master/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.asm#L244-L246 fxsave [rdi], where RDI = 0xffe60 Which is bad - it points to ISA BIOS F-segment area. This memory was mapped by qemu for read only access, which is reflected in KVM EPT: 00000000000e0000-00000000000fffff (prio 1, R-): isa-bios This is a very early IRQ0 interrupt, presumably during early initialization phase (Sec or Pei). Looks like CommonInterruptHandler does not switch to a separate stack and works on interrupted context's stack, which was fairly close to 1MB boundary when IRQ0 fired (RSP around 1002c0). When CommonInterruptEntry reached highlighted code it subtracted 512 bytes from current RSP which dropped to 0xffe60, below 1MB and into QEMU RO region. We were figuring out how to best fix this. Possible solutions are to switch to a separate stack in CommonInterruptEntry, relocate early OvmfPkg stack to somewhere farther away from 1MB, to run with interrupts disabled until we reach a later phase or maybe something else. Any comments would be very appreciated!