|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] Revert "mm: don't hold heap lock in alloc_heap_pages() longer than necessary"
commit ae4541c81c7441277e29579579da1fcc007e675d
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Aug 30 11:00:14 2017 +0100
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Wed Aug 30 11:00:30 2017 +0100
Revert "mm: don't hold heap lock in alloc_heap_pages() longer than
necessary"
This reverts commit dab6a84aadab11f31332030a1e9f0b9282d76156. The change is
not safe, and results in a crash such as:
(XEN) ----[ Xen-4.10-unstable x86_64 debug=y Tainted: H ]----
(XEN) CPU: 5
(XEN) RIP: e008:[<ffff82d0802252fc>]
page_alloc.c#free_heap_pages+0x786/0x7a1
(XEN) RFLAGS: 0000000000010286 CONTEXT: hypervisor (d0v2)
(XEN) rax: 0000000000001c80 rbx: ffff82e01066bfa0 rcx: ffff82ffffffffe0
(XEN) rdx: ffff82ffffffffe0 rsi: ffff82d08056f600 rdi: 00000000ffffffff
(XEN) rbp: ffff83083751fda8 rsp: ffff83083751fd48 r8: 00000000000001c8
(XEN) r9: 0000000000000018 r10: 0000000000000018 r11: 0000000000000216
(XEN) r12: 0000000000000000 r13: 00000000000001b0 r14: 0000000000000000
(XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000001526e0
(XEN) cr3: 000000072f465000 cr2: ffff82ffffffffe4
(XEN) ds: 002b es: 002b fs: 0000 gs: 0000 ss: e010 cs: e008
(XEN) Xen code around <ffff82d0802252fc>
(page_alloc.c#free_heap_pages+0x786/0x7a1):
(XEN) 24 89 01 e9 91 fd ff ff <89> 7a 04 8b 03 89 01 e9 4d ff ff ff 48 83
c4 38
(XEN) Xen stack trace from rsp=ffff83083751fd48:
(XEN) 0000000000000001 0000001800000001 0000000000000000 0000000000000018
(XEN) ffff82e01066bf80 0000000000000000 ffff82e01066b920 0000000000000000
(XEN) ffff82e01066bf80 0000000000000000 ffff83082b781000 ffff880087e4eca8
(XEN) ffff83083751fdf8 ffff82d080226785 ffff82d08023afa5 0000000000000203
(XEN) ffff83082b781000 ffff83082b781340 ffff83082b7814d8 ffff83082b781aa8
(XEN) ffff83082b781000 ffff880087e4eca8 ffff83083751fe18 ffff82d0802f1e44
(XEN) ffff83082b781000 ffff83082b781000 ffff83083751fe48 ffff82d0802e0fd5
(XEN) ffff83082b781000 00000000ffffffff ffff83082b781aa8 ffff83082b781000
(XEN) ffff83083751fe68 ffff82d080271bc8 ffff83082b781aa8 ffff8300abe45000
(XEN) ffff83083751fe98 ffff82d080207d74 ffff830837516040 0000000000000000
(XEN) 0000000000000000 ffff83083751ffff ffff83083751fec8 ffff82d080229a3c
(XEN) ffff82d080572d80 ffff82d080573000 ffff82d080572d80 ffffffffffffffff
(XEN) ffff83083751fef8 ffff82d08023a68a ffff8300abfa6000 0000000af2019e42
(XEN) 0000000000000000 ffff880087e4ec68 ffff83083751ff08 ffff82d08023a6df
(XEN) 00007cf7c8ae00c7 ffff82d08035f391 ffff880087e4eca8 ffff880087e4ec68
(XEN) 0000000000000000 0000000af2019e42 ffff880087e43d70 0000000000000002
(XEN) 0000000000000216 0000000000000004 0000000000000000 00000000000000b6
(XEN) 0000000000000000 ffffffff8100130a deadbeefdeadf00d deadbeefdeadf00d
(XEN) deadbeefdeadf00d 0000010000000000 ffffffff8100130a 000000000000e033
(XEN) 0000000000000216 ffff880087e43d38 000000000000e02b c2c2c2c2c2c2beef
(XEN) Xen call trace:
(XEN) [<ffff82d0802252fc>] page_alloc.c#free_heap_pages+0x786/0x7a1
(XEN) [<ffff82d080226785>] free_domheap_pages+0x312/0x37c
(XEN) [<ffff82d0802f1e44>] stdvga_deinit+0x30/0x46
(XEN) [<ffff82d0802e0fd5>] hvm_domain_destroy+0x60/0x116
(XEN) [<ffff82d080271bc8>] arch_domain_destroy+0x1a/0x8f
(XEN) [<ffff82d080207d74>] domain.c#complete_domain_destroy+0x6f/0x182
(XEN) [<ffff82d080229a3c>] rcupdate.c#rcu_process_callbacks+0x141/0x1a2
(XEN) [<ffff82d08023a68a>] softirq.c#__do_softirq+0x7f/0x8a
(XEN) [<ffff82d08023a6df>] do_softirq+0x13/0x15
(XEN) [<ffff82d08035f391>] x86_64/entry.S#process_softirqs+0x21/0x30
(XEN)
(XEN) Pagetable walk from ffff82ffffffffe4:
(XEN) L4[0x105] = 00000000abe5b063 ffffffffffffffff
(XEN) L3[0x1ff] = 0000000000000000 ffffffffffffffff
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 5:
(XEN) FATAL PAGE FAULT
(XEN) [error_code=0002]
(XEN) Faulting linear address: ffff82ffffffffe4
(XEN) ****************************************
(XEN)
(XEN) Reboot in five seconds...
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
xen/common/page_alloc.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 12e06fd..9fa62d2 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -855,7 +855,6 @@ static struct page_info *alloc_heap_pages(
struct page_info *pg;
bool need_tlbflush = false;
uint32_t tlbflush_timestamp = 0;
- unsigned int dirty_cnt = 0;
/* Make sure there are enough bits in memflags for nodeID. */
BUILD_BUG_ON((_MEMF_bits - _MEMF_node) < (8 * sizeof(nodeid_t)));
@@ -944,8 +943,6 @@ static struct page_info *alloc_heap_pages(
if ( d != NULL )
d->last_alloc_node = node;
- spin_unlock(&heap_lock);
-
for ( i = 0; i < (1 << order); i++ )
{
/* Reference count must continuously be zero for free pages. */
@@ -955,7 +952,7 @@ static struct page_info *alloc_heap_pages(
{
if ( !(memflags & MEMF_no_scrub) )
scrub_one_page(&pg[i]);
- dirty_cnt++;
+ node_need_scrub[node]--;
}
pg[i].count_info = PGC_state_inuse;
@@ -977,8 +974,6 @@ static struct page_info *alloc_heap_pages(
check_one_page(&pg[i]);
}
- spin_lock(&heap_lock);
- node_need_scrub[node] -= dirty_cnt;
spin_unlock(&heap_lock);
if ( need_tlbflush )
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |