[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Dom0 crashing on x86_64



This bug is caused by the size of netif_tx_request_t/netif_rx_response_t
on x86_64, which is using 8 byte alignment.  When PACKET is removed by
changeset 5648, their sizes are changed from 12 to 16, then
netif_tx_interface_t/netif_rx_interface_t will overflow a page.
We have 2 ways to resolve this bug:

1. add back __attribute__((packed)) to the definition of the two
structures.

2. add #pragma pack(4) to netif.h as:

diff -r 1d026c7023d2 xen/include/public/io/netif.h
--- a/xen/include/public/io/netif.h     Thu Jul 14 23:48:06 2005
+++ b/xen/include/public/io/netif.h     Fri Jul 15 19:17:52 2005
@@ -8,6 +8,10 @@

 #ifndef __XEN_PUBLIC_IO_NETIF_H__
 #define __XEN_PUBLIC_IO_NETIF_H__
+
+#ifdef __x86_64__
+#pragma pack(4)
+#endif

 typedef struct netif_tx_request {
     memory_t addr;   /* Machine address of packet.  */

3. define a smaller value on x86_64 for
NETIF_TX_RING_SIZE/NETIF_RX_RING_SIZE, 128?

Keir, which one do you perfer?

-Xin

Li, Xin B wrote:
> David F Barrera wrote:
>> This is the trace that I see on the serial console:
>> 
>> Unable to handle kernel NULL pointer dereference at
>> 0000000000000c20 RIP:
>> <ffffffff80118aba>{do_page_fault+426} 
>> PGD d313067 PUD d312067 PMD 0
>> Oops: 0000 [1]
>> CPU 0
>> Modules linked in: thermal processor fan button battery
>> ac Pid: 0, comm: swapper Not tainted 2.6.12-xen0
>> RIP: e030:[<ffffffff80118aba>]
>> <ffffffff80118aba>{do_page_fault+426} RSP:
>> e02b:ffffffff8054ba00  EFLAGS: 00010202
>> RAX: 00000000013e4067 RBX: 0000000000000c20 RCX:
>> 0000000000000000
>> RDX: 0000000000000067 RSI: 00000000093e4067 RDI:
>> ffff800000000000
>> RBP: 0000000000000c20 R08: 00000000000000ff R09:
>> 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000206 R12:
>> 0000000000000000
>> R13: ffffc20000036000 R14: 0000000000000000 R15:
>> ffffffff8054bb00
>> FS:  0000000000000000(0000) GS:ffffffff80537b80(0000)
>> knlGS:0000000000000000 CS:  e033 DS: 0000 ES: 0000
>> Process swapper (pid: 0, threadinfo ffffffff8054a000,
>> task ffffffff80435680) Stack: ffff88000f414000 fff
> 
> It is caused by checkin of changeset 5648: Remove non-ISO
> attributes from public headers.(
>
http://xenbits.xensource.com/xen-unstable.hg?cmd=changeset;node=2b6c1a80
> 98078f7e53de7cf72227fddf01f0b2b6 ).  Actually, on x86_64
> xenlinux, only the change to
> xen/include/public/io/netif.h caused this issue, other
> part of this changeset are OK.  After reverting the
> changes to this file, this issue is gone, but we need a
> clean patch to this issue. Here we also found that, on
> i386 xenlinux, mmap001 of LTP will crash domU, I'm
> doubting it is also introduced by this changeset.  
> 
> -Xin
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.