[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] Do not call BUG() in translated mode in xen_create_contiguous_region



I've encountered a kernel crash when running a domain in shadow
translated mode with networking support:

    kernel BUG at arch/i386/mm/hypervisor.c:328!
    invalid opcode: 0000 [#1]
    SMP
    Modules linked in:
    CPU:    0
    EIP:    0061:[<c01165ba>]    Not tainted VLI
    EFLAGS: 00010002   (2.6.16-rc4-xenU #1)
    EIP is at xen_create_contiguous_region+0x2ea/0x3f0
[...]
     [<c01087ed>] show_stack_log_lvl+0xcd/0x120
     [<c01089eb>] show_registers+0x1ab/0x240
     [<c0108cf1>] die+0x111/0x240
     [<c0109048>] do_trap+0x98/0xe0
     [<c0109361>] do_invalid_op+0xa1/0xb0
     [<c01081d7>] error_code+0x2b/0x30
     [<c02503ec>] skbuff_ctor+0x6c/0x80
     [<c015eb94>] cache_alloc_refill+0x524/0x570
     [<c015e65c>] kmem_cache_alloc+0x7c/0x90
     [<c0263588>] alloc_skb_from_cache+0x58/0x110
     [<c0250488>] __alloc_skb+0x48/0xa0
     [<c028e2a2>] tcp_collapse+0x132/0x360
     [<c028e5f5>] tcp_prune_queue+0x125/0x330
     [<c0291445>] tcp_data_queue+0x5b5/0xca0
     [<c0292c16>] tcp_rcv_established+0x276/0x7e0
     [<c0299faa>] tcp_v4_do_rcv+0xda/0x320
     [<c029b0e0>] tcp_v4_rcv+0x830/0x900
     [<c027f2ee>] ip_local_deliver+0xae/0x1a0
     [<c027f087>] ip_rcv+0x2e7/0x4a0
     [<c026b387>] netif_receive_skb+0x197/0x220
     [<c0259563>] netif_poll+0x3d3/0x7f0
     [<c0268f0e>] net_rx_action+0xbe/0x1c0
     [<c0124ccc>] __do_softirq+0x8c/0x120
     [<c0124de5>] do_softirq+0x85/0x90
     [<c0124f39>] irq_exit+0x39/0x50
     [<c0109e05>] do_IRQ+0x25/0x30
     [<c024e63f>] evtchn_do_upcall+0x9f/0xe0
     [<c0108208>] hypervisor_callback+0x2c/0x34
     [<c0106a67>] cpu_idle+0x77/0xf0
     [<c0105035>] rest_init+0x35/0x40
     [<c034e56a>] start_kernel+0x2ea/0x380
     [<c010005e>] 0xc010005e

The following patch against xen-unstable.hg should fix the problem.

--Michael Vrable


# HG changeset patch
# User Michael Vrable <mvrable@xxxxxxxxxxx>
# Node ID 5747b738b00a6322cd3b61220eb508c24183fa0a
# Parent  697fac283c9e565b4c9697c70a5529d06a488df9
Return -ENOMEM in xen_create_contiguous_region when running translated.

Previously, calling xen_create_contiguous_region with order > 0 while
running in translated shadow mode (XENFEAT_auto_translated_physmap set)
resulted in BUG() being called.  This can cause a crash in Xen's
skbuff_ctor.

xen_create_contiguous_region does have a mechanism to signal failure to
create a contiguous region: it returns -ENOMEM.  Simply do this
unconditionally for multi-page requests when in translated mode.

Signed-off-by: Michael Vrable <mvrable@xxxxxxxxxxx>

diff -r 697fac283c9e -r 5747b738b00a 
linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c
--- a/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c    Wed Feb 22 19:11:23 
2006 +0000
+++ b/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c    Wed Feb 22 13:30:48 
2006 -0800
@@ -325,7 +325,9 @@ int xen_create_contiguous_region(
        };
 
        if (xen_feature(XENFEAT_auto_translated_physmap)) {
-               BUG_ON(order >= 1);
+               if (order >= 1)
+                       return -ENOMEM;
+
                return 0;
        }
 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.