[Bug 1791220] Re: increased crash rate since 10.3 upgrade is available

Fri, 07 Sep 2018 03:02:27 -0700 

Code isn't generated:
open-vm-tools/lib/backdoor/backdoorGcc64.c

Backdoor_InOut(Backdoor_proto *myBp) // IN/OUT
{
   uint64 dummy;

   __asm__ __volatile__(
#ifdef __APPLE__
        /*
         * Save %rbx on the stack because the Mac OS GCC doesn't want us to
         * clobber it - it erroneously thinks %rbx is the PIC register.
         * (Radar bug 7304232)
         */
        "pushq %%rbx"           "\n\t"
#endif
        "pushq %%rax"           "\n\t"
        "movq 40(%%rax), %%rdi" "\n\t"
        "movq 32(%%rax), %%rsi" "\n\t"
        "movq 24(%%rax), %%rdx" "\n\t"
        "movq 16(%%rax), %%rcx" "\n\t"
        "movq  8(%%rax), %%rbx" "\n\t"
        "movq   (%%rax), %%rax" "\n\t"
        "inl %%dx, %%eax"       "\n\t"  /* NB: There is no inq instruction */
        "xchgq %%rax, (%%rsp)"  "\n\t"
        "movq %%rdi, 40(%%rax)" "\n\t"
        "movq %%rsi, 32(%%rax)" "\n\t"
        "movq %%rdx, 24(%%rax)" "\n\t"
        "movq %%rcx, 16(%%rax)" "\n\t"
        "movq %%rbx,  8(%%rax)" "\n\t"
        "popq          (%%rax)" "\n\t"
#ifdef __APPLE__
        "popq %%rbx"            "\n\t"
#endif
      : "=a" (dummy)
      : "0" (myBp)
      /*
       * vmware can modify the whole VM state without the compiler knowing
       * it. So far it does not modify EFLAGS. --hpreg
       */
      :
#ifndef __APPLE__
      /* %rbx is unchanged at the end of the function on Mac OS. */
      "rbx",
#endif
      "rcx", "rdx", "rsi", "rdi", "memory"
   );
}

Last functional change in 2011, so it isn't a change to the crashing
code itself.

The failing instruction is the port-io hypercall
See: http://www.felixcloutier.com/x86/IN.html

It does a 32bit read to EAX from source port defined in DX.
DX is lowest 16 bit of RDX
We have RDX from the crash: rdx 0x7700005658    511101130328
It is that

The error being "dx" suggests that the source port would be wrong?
That would be 0x5658 or in decimal 22104

I don't know the VMware Hipercall interface - is that source port
reasonable?

That is not getting us anywhere without help I assume :-/
I'll post this reading of the call to the upstream bug.


The question is what happens on this hypercall and/or the call to it that 
triggers the bug?

I'm afraid we have to wait for a reproducer due to upstream work on it
or one of the affected chiming in here.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1791220

Title:
  increased crash rate since 10.3 upgrade is available

To manage notifications about this bug go to:
https://bugs.launchpad.net/open-vm-tools/+bug/1791220/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to