On Mon, Aug 21, 2023, Sean Christopherson wrote: > Below is another bpftrace program that will hopefully shrink the haystack to > the point where we can find something via code inspection. Forgot to say what it actually does: it's essentially printf debugging to see how far a stuck vCPU gets when trying to handle an EPT violation. The program should be silent until a vCPU gets stuck (though I would still wait until there's stuck vCPU to load it). When a vCPU's "faults taken":"faults handled" ratio gets over 5:1, i.e. the vCPU appears to be taking EPT violations without doing anything, the program will start printing. Unfortunately, what can be traced via kprobe bit limited because much of the page fault handling path gets inlined.
