Hi Tim & Jui-Hao:
When I use Linux HVM instead of Windows HVM, more bug shows up.
I only start on VM, and when I destroy it , xen crashed on mem_sharing_unshare_page()
which in line709, hash_entry is NULL. Later I found the handle has been removed in
mem_sharing_share_pages(), please refer logs below.
----mem_sharing_unshare_page
708 /* Remove the gfn_info from the list */ 709 hash_entry = mem_sharing_hash_lookup(handle); 710 list_for_each(le, &hash_entry->gfns) 711 { 712 gfn_info = list_entry(le, struct gfn_info, list); 713 if((gfn_info->gfn == gfn) && (gfn_info->domain == d->domain_id)) 714 goto gfn_found; 715 } 716 printk("Could not find gfn_info for shared gfn: %lx\n", gfn); 717 BUG();
----mem_sharing_share_page
649 printk("del %lu\n", ch); 650 list_for_each_safe(le, te, &ce->gfns) 651 { 652 gfn = list_entry(le, struct gfn_info, list); 653 /* Get the source page and type, this should never fail 654 * because we are under shr lock, and got non-null se */ 655 BUG_ON(!get_page_and_type(spage, dom_cow, PGT_shared_page)); 656 /* Move the gfn_info from ce list to se list */ 657 list_del(&gfn->list); 658 d = get_domain_by_id(gfn->domain); 659 BUG_ON(!d); 660
BUG_ON(set_shared_p2m_entry(d, gfn->gfn, se->mfn) == 0); 661 put_domain(d); 662 list_add(&gfn->list, &se->gfns); 663 put_page_and_type(cpage); 664 mem_sharing_debug_gfn(d, gfn->gfn); 665 } 666 ASSERT(list_empty(&ce->gfns)); 667 mem_sharing_hash_delete(ch); 668 atomic_inc(&nr_saved_mfns); 669 /* Free the client page */ 670 if(test_and_clear_bit(_PGC_allocated, &cpage->count_info)) 671 put_page(cpage); 672 mem_sharing_debug_gfn(d, gfn->gfn); &nb
sp; 673 ret = 0;
-------log------------
(XEN) del 31261 (XEN) Debug for domain=1, gfn=75fd5, Debug page: MFN=179fd5 is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fd5, Debug page: MFN=179fd5 is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31262 (XEN) Debug for domain=1, gfn=75fd6, Debug page: MFN=179fd6 is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fd6, Debug page: MFN=179fd6 is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31263 (XEN) Debug for domain=1, gfn=75fd7, Debug page: MFN=179fd7 is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fd7, Debug page: MFN=179fd7 is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31264 (XEN) Debug for domain=1, gfn=75fd8, Debug page: MFN=179fd8 is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fd8, Debug page: MFN=179fd8 is
ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31265 (XEN) Debug for domain=1, gfn=75fd9, Debug page: MFN=179fd9 is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fd9, Debug page: MFN=179fd9 is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31266 (XEN) Debug for domain=1, gfn=75fda, Debug page: MFN=179fda is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fda, Debug page: MFN=179fda is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31267 (XEN) Debug for domain=1, gfn=75fdb, Debug page: MFN=179fdb is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fdb, Debug page: MFN=179fdb is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31268 (XEN) Debug for domain=1, gfn=75fdc, Debug page: MFN=179fdc is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fdc, Debug page: MFN=
179fdc is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31269 (XEN) Debug for domain=1, gfn=75fdd, Debug page: MFN=179fdd is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fdd, Debug page: MFN=179fdd is ci=4, ti=8400000000000001, owner_id=32755 (XEN) del 31270 (XEN) Debug for domain=1, gfn=75fde, Debug page: MFN=179fde is ci=8000000000000005, ti=8400000000000001, owner_id=32755 (XEN) Debug for domain=1, gfn=75fde, Debug page: MFN=179fde is ci=4, ti=8400000000000001, owner_id=32755 blktap_sysfs_destroy (XEN) handle 31261 (XEN) Debug for domain=1, gfn=75fd5, Debug page: MFN=179fd5 is ci=1, ti=8400000000000001, owner_id=32755 (XEN) ----[ Xen-4.0.0 x86_64 debug=n Not tainted ]---- (XEN) CPU: 1 (XEN) RIP: e008:[<ffff82c4801bfeeb>] mem_sharing_unshare_page+0x1ab/0x740 (XEN) RFLAGS: 0000000000010246 CONTEXT: hypervisor (XEN
) rax: 0000000000000000 rbx: 0000000000179fd5 rcx: 0000000000000082 (XEN) rdx: 000000000000000a rsi: 000000000000000a rdi: ffff82c48021e9c4 (XEN) rbp: ffff8302dd6a0000 rsp: ffff83023ff3fcd0 r8: 0000000000000001 (XEN) r9: 0000000000000000 r10: 00000000fffffff8 r11: 0000000000000005 (XEN) r12: 0000000000075fd5 r13: 0000000000000002 r14: 0000000000000000 (XEN) r15: ffff82f602f3faa0 cr0: 000000008005003b cr4: 00000000000026f0 (XEN) cr3: 000000031b83b000 cr2: 0000000000000018 (XEN) ds: 002b es: 002b fs: 0000 gs: 0000 ss: e010 cs: e008 (XEN) Xen stack trace from rsp=ffff83023ff3fcd0: (XEN) ffff83023fe60000 ffff830173da4410 0000000100000000 0000000000000000 (XEN) 0000000000007a1d 00000000000000
01 0000000000000009 ffff8302dd6a0000 (XEN) ffff83023ff3fd40 ffff82c4801df7e9 ffff83023ff3ff28 ffff83023ff3fd94 (XEN) 0000000000075fd5 0000000d000001d5 ffff83033e950000 0000000000075fd5 (XEN) ffff83063fde8ef0 ffff8302dd6a0000 ffff83023ff3fd94 ffff82c48037a980 (XEN) ffff82c480253080 ffff82c4801b8949 ffff8302dd6a0180 ffff82c48037a980 (XEN) 0000000d80253080 ffff8302dd6a0000 ffff8302dd6a0000 00000000ffffffff (XEN) ffff8302dd6a0000 ffff82c4801b681c 0000000000000000 ffff82c480149b74 (XEN) ffff8300bf560000 ffff8300bf560000 fffffffffffffff8 00000000ffffffff (XEN) ffff8302dd6a0000 ffff82c4801061fc ffff8300bf552060 0000000000000000 (XEN) ffff82c4802531a0 0000000000000001 ffff82c480376980 ffff82c48012218c (XEN) 0000000000000001 fffffffffffffffd ffff83023ff3ff28 ffff82c48011c588
(XEN) ffff83023ff3ff28 ffff83063fdeb170 ffff83063fdeb230 ffff8300bf552000 (XEN) 000001831ea27db3 ffff82c480189c6a 7fffffffffffffff ffff82c4801441b5 (XEN) ffff82c48037b7b0 ffff82c48011e474 0000000000000001 ffffffffffffffff (XEN) 0000000000000000 0000000000000000 0000000080376980 00001833000116f2 (XEN) ffffffffffffffff ffff83023ff3ff28 ffff82c480251b00 ffff83023ff3fe28 (XEN) ffff8300bf552000 000001831ea27db3 ffff82c480253080 ffff82c480149ad6 (XEN) 0000000000000000 0000000000002000 ffff8300bf2fc000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 ffff88015f8f9f10 (XEN) Xen call trace: (XEN) [<ffff82c4801bfeeb>] mem_sharing_unshare_page+0x1ab/0x740 (XEN) [<ffff82c4801df7e9>] ept_get_entry+0xa9/0x1c0 (XEN) [<ffff82
c4801b8949>] p2m_teardown+0x129/0x170 (XEN) [<ffff82c4801b681c>] paging_final_teardown+0x2c/0x40 (XEN) [<ffff82c480149b74>] arch_domain_destroy+0x44/0x170 (XEN) [<ffff82c4801061fc>] complete_domain_destroy+0x6c/0x130 (XEN) [<ffff82c48012218c>] rcu_process_callbacks+0xac/0x220 (XEN) [<ffff82c48011c588>] __do_softirq+0x58/0x80 (XEN) [<ffff82c480189c6a>] acpi_processor_idle+0x14a/0x740 (XEN) [<ffff82c4801441b5>] reprogram_timer+0x55/0x90 (XEN) [<ffff82c48011e474>] timer_softirq_action+0x1a4/0x360 (XEN) [<ffff82c480149ad6>] idle_loop+0x26/0x80 (XEN) (XEN) Pagetable walk from 0000000000000018: (XEN) L4[0x000] = 00000001676bd067 0000000000156103 (XEN) L3[0x000] = 000000031b947067 0000000000121c8d(XEN) L2[0x000] = 0000000000000000 ffffffffffffffff (XEN) (XEN) **************************************** (XEN) Panic on CPU 1: (XEN) FATAL PAGE FAULT (XEN) [error_code=0000] (XEN) Faulting linear address: 0000000000000018 (XEN) **************************************** (XEN) (XEN) Manual reset required ('noreboot' specified
|