[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 0/4] x86/xen Several unassociated fixes

While investigating a separate issue on Broadwell hardware, we encountered a
cascade crash, with 3 indepent issues.  For anyone interested, the full
backtrace was:

(XEN) Xen SMAP violation
(XEN) ----[ Xen-4.5.0-xs101665-d  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    15
(XEN) RIP:    e008:[<ffff82d08018c12f>] memcpy+0x17/0x1b
(XEN) RFLAGS: 0000000000010202   CONTEXT: hypervisor (d0v0)
(XEN) rax: 00007ffe632f6eb8   rbx: ffff830286d1a000   rcx: 0000000000000004
(XEN) rdx: 0000000000000004   rsi: ffff820040054dd8   rdi: 00007ffe632f6eb8
(XEN) rbp: ffff83043cbc7c48   rsp: ffff83043cbc7c48   r8:  fffff060011802af
(XEN) r9:  000000000000002c   r10: ffff82d08024e0e0   r11: 0000000000000282
(XEN) r12: 0000000000000004   r13: 00000000002508f6   r14: ffffffffffffffff
(XEN) r15: ffff820040054dd8   cr0: 000000008005003b   cr4: 00000000003126f0
(XEN) cr3: 000000043c02b000   cr2: 00007ffe632f6eb8
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen stack trace from rsp=ffff83043cbc7c48:
(XEN)    ffff83043cbc7ce8 ffff82d0801619e6 ffff83043cbc0000 ffff83043cbc7c78
(XEN)    ffff83043cbc7cb0 ffff83043cbc7cb4 0000000000000000 ffff83043cbc7cac
(XEN)    0000000000000000 00007ffe632f6eb8 0000000400000000 00000000ec83fdd8
(XEN)    ffff82d000000001 0000000000858f5d ffff83043cbc7d08 00000000006091e0
(XEN)    0000000000000000 00000000006091e0 ffff83043cbc7e38 ffff830286d1a000
(XEN)    ffff83043cbc7da8 ffff82d080163494 4000000000000000 ffff83043cbc0000
(XEN)    ffff83043cbc7d18 ffff82e010ac11e0 0000000000000001 ffff880106a0a150
(XEN)    0000000000000001 ffff83043c57c000 ffff82e010ac11e0 0000000000000001
(XEN)    ffff83043cbc7e58 ffff82d08018229a ffff82d08018dca8 ffff82d080349e58
(XEN)    ffff82d080349e50 0000000000000000 0000000000000202 ffff830286d1a000
(XEN)    0000000000000000 00000000006091e0 0000000000000000 0000000000000000
(XEN)    ffff83043cbc7ef8 ffff82d080106760 ffff8300784f0000 0000000200007ff0
(XEN)    ffff82d000000000 ffff880106a0a980 0000000000000000 0000000000000000
(XEN)    0000000000000000 ffff83007b7d6000 ffff8300784f0000 00031fd4c88a1167
(XEN)    000000003cbc7e28 ffffffff0000000f 0000000000858f5d ffff88003ffb9788
(XEN)    ffff82d08018cd97 ffff8300784f0208 0000000a000003e8 0000000000000059
(XEN)    0000000000000000 00000000ec83fdd8 00007ffe632f6eb8 0000000000000004
(XEN)    0000000000000004 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN) Xen call trace:
(XEN)    [<ffff82d08018c12f>] memcpy+0x17/0x1b
(XEN)    [<ffff82d0801619e6>] dbg_rw_mem+0x2f6/0x360
(XEN)    [<ffff82d080163494>] arch_do_domctl+0x19c0/0x25f4
(XEN)    [<ffff82d080106760>] do_domctl+0x1b4b/0x1edb
(XEN)    [<ffff82d080233fcb>] syscall_enter+0xeb/0x145
(XEN) 
(XEN) Faulting linear address: 00007ffe632f6eb8
(XEN) Pagetable walk from 00007ffe632f6eb8:
(XEN)  L4[0x0ff] = 000000084ed00067 00000000000312ff
(XEN)  L3[0x1f9] = 000000040b104067 0000000000104513
(XEN)  L2[0x119] = 000000050f511067 000000000010457c 
(XEN)  L1[0x0f6] = 800000087d665167 0000000000101dcc
(XEN) 
(XEN) ****************************************
(XEN) Panic on CPU 15:
(XEN) FATAL TRAP: vector = 14 (page fault)
(XEN) [error_code=0003] 
(XEN) ****************************************
(XEN) 
(XEN) Reboot in five seconds...
(XEN) Executing kexec image on cpu15
(XEN) Assertion 'local_irq_is_enabled()' failed at smp.c:223
(XEN) ----[ Xen-4.5.0-xs101665-d  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    15
(XEN) RIP:    e008:[<ffff82d08018a0d3>] flush_area_mask+0x7/0x134
(XEN) RFLAGS: 0000000000050046   CONTEXT: hypervisor (d0v0)
(XEN) rax: 0000000000040046   rbx: ffff82e008b2faa0   rcx: 0000000000000000
(XEN) rdx: 0000000000000100   rsi: 0000000000000000   rdi: ffff83043cbc78c0
(XEN) rbp: ffff83043cbc7918   rsp: ffff83043cbc78a0   r8:  0000000000000000
(XEN) r9:  0000000000000038   r10: 0000000000000040   r11: ffff82d080310ba0
(XEN) r12: ffff82d0803492c0   r13: 00000000225692e4   r14: ffff83043cbc78c0
(XEN) r15: 00000000000000c0   cr0: 000000008005003b   cr4: 00000000003126f0
(XEN) cr3: 000000043c02b000   cr2: 00007ffe632f6eb8
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen stack trace from rsp=ffff83043cbc78a0:
(XEN)    ffff82d08011eb63 0000000000000000 0000001500000028 ffff82d080299c20
(XEN)    d7fffffffff55de9 00000000000000f7 0000000000000000 0000000000000000
(XEN)    0000000000000003 ffff83043cbc78f8 0000000000000000 0000000000000028
(XEN)    0000000000000000 0000000000000000 000ffffffffff000 ffff83043cbc7958
(XEN)    ffff82d08011f7c6 ffff83043cbc7940 0000000000000000 ffff82cfffb74000
(XEN)    000ffff82cfffb74 ffff83043c57c001 000ffffffffff000 ffff83043cbc7978
(XEN)    ffff82d08011f8ab ffff830078693fe8 ffff830078693fe8 ffff83043cbc7988
(XEN)    ffff82d080178e08 ffff83043cbc79b8 ffff82d08017926b ffff830078693fe8
(XEN)    0000000000000001 000ffff82cfffb74 ffff83043c57c000 ffff83043cbc7a58
(XEN)    ffff82d080179bff ffff83043cbc7a20 00000000000001e3 00000000000001e3
(XEN)    0000000080275c48 00007ffe632f6eb8 0000000000000163 ffff83043cbc7a10
(XEN)    ffff8300786959f8 0000016301040282 0000000000000001 000000000007864d
(XEN)    ffff82cfffb74000 ffff83043cbc7a58 ffff82d08024dff0 000000000000000f
(XEN)    00007ffe632f6eb8 ffff83043c57c000 0000000000000003 ffff83043cbc7a68
(XEN)    ffff82d080185a23 ffff83043cbc7a88 ffff82d0801a6fd4 0000000000000003
(XEN)    ffff82d080275c48 ffff83043cbc7aa8 ffff82d0801172bb 0000000000040206
(XEN)    0000000000040286 ffff83043cbc7b18 ffff82d0801479b7 800000087d665167
(XEN)    0000000000000028 ffff83043cbc7b28 ffff83043cbc7ad8 ffff83043cbc7b18
(XEN)    000000000000000e ffff82d08026441c 0000000000000003 ffff82d080260830
(XEN)    0000000000000005 ffff83043cbc7b98 000000000000000e ffff83043cbc7b48
(XEN) Xen call trace:
(XEN)    [<ffff82d08018a0d3>] flush_area_mask+0x7/0x134
(XEN)    [<ffff82d08011f7c6>] alloc_domheap_pages+0xa9/0x12a
(XEN)    [<ffff82d08011f8ab>] alloc_xenheap_pages+0x64/0xdb
(XEN)    [<ffff82d080178e08>] alloc_xen_pagetable+0x1c/0xa0
(XEN)    [<ffff82d08017926b>] virt_to_xen_l1e+0x38/0x1be
(XEN)    [<ffff82d080179bff>] map_pages_to_xen+0x80e/0xfd9
(XEN)    [<ffff82d080185a23>] __set_fixmap+0x2c/0x2e
(XEN)    [<ffff82d0801a6fd4>] machine_crash_shutdown+0x186/0x2b2
(XEN)    [<ffff82d0801172bb>] kexec_crash+0x3f/0x5b
(XEN)    [<ffff82d0801479b7>] panic+0x100/0x118
(XEN)    [<ffff82d08019002b>] set_guest_machinecheck_trapbounce+0/0x6d
(XEN)    [<ffff82d080195c15>] do_page_fault+0x40b/0x541
(XEN)    [<ffff82d0802345e0>] handle_exception_saved+0x2e/0x6c
(XEN)    [<ffff82d08018c12f>] memcpy+0x17/0x1b
(XEN)    [<ffff82d0801619e6>] dbg_rw_mem+0x2f6/0x360
(XEN)    [<ffff82d080163494>] arch_do_domctl+0x19c0/0x25f4
(XEN)    [<ffff82d080106760>] do_domctl+0x1b4b/0x1edb
(XEN)    [<ffff82d080233fcb>] syscall_enter+0xeb/0x145
(XEN) 
(XEN) 
(XEN) ****************************************
(XEN) Panic on CPU 15:
(XEN) Assertion 'local_irq_is_enabled()' failed at smp.c:223
(XEN) ****************************************
(XEN) 
(XEN) Reboot in five seconds...
(XEN) Reentered the crash path.  Something is very broken
(XEN) ----[ Xen-4.5.0-xs101665-d  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    0
(XEN) RIP:    e008:[<ffff82d0801606f6>] disconnect_bsp_APIC+0x48/0x11d
(XEN) RFLAGS: 0000000000010002   CONTEXT: hypervisor
(XEN) rax: 0000000000010000   rbx: 000000000000000a   rcx: 000000000000080f
(XEN) rdx: ffff82cfffdf8010   rsi: 00000000ffffffff   rdi: 0000000000000000
(XEN) rbp: ffff82d0802f7c88   rsp: ffff82d0802f7c70   r8:  ffff82cffffff000
(XEN) r9:  ffff82cffffff000   r10: 0000000000000000   r11: 0000ffff0000ffff
(XEN) r12: ffff82d0802876e0   r13: 00000000000000fb   r14: 0000000000000008
(XEN) r15: 0000000000000020   cr0: 0000000080050033   cr4: 00000000003126f0
(XEN) cr3: 0000000078696000   cr2: 00000000080a15a5
(XEN) ds: 007b   es: 007b   fs: 00d8   gs: 00e0   ss: 0000   cs: e008
(XEN) Xen stack trace from rsp=ffff82d0802f7c70:
(XEN)    ffff82d08016ee92 ffff82d0802f7c88 ffff82d08018a2f7 ffff82d0802f7ca8
(XEN)    ffff82d08018a385 0000000000000000 ffff82d0802f7dd8 ffff82d0802f7cf8
(XEN)    ffff82d080189c08 ffff82d08012fa69 00001388802987e0 00000008802f7d08
(XEN)    0000000000000000 0000000000000000 ffff82d0802f7dd8 00000000000000fb
(XEN)    0000000000000008 ffff82d0802f7d08 ffff82d080189dbc ffff82d0802f7d28
(XEN)    ffff82d08012f8db 0000000000000206 0000000000000000 ffff82d0802f7d38
(XEN)    ffff82d08018a42a ffff82d0802f7dc8 ffff82d080173cbf 00000000000000b7
(XEN)    00000000000000b7 ffff83043ffe8340 ffff82d0802f7e20 ffff82d080122525
(XEN)    ffff82d0802f7d80 80000000802f7de4 0000000000000000 ffff82d0802f7db0
(XEN)    ffff82d08018cd97 000004ff00018e70 00031fd4fcd6d182 ffff83043cb75ea0
(XEN)    ffff83043cb75f58 0000000000000008 0000000000000020 00007d2f7fd08207
(XEN)    ffff82d080234502 0000000000000020 0000000000000008 ffff83043cb75f58
(XEN)    ffff83043cb75ea0 ffff82d0802f7ef0 00031fd4fcd6d182 00031fd51743b23e
(XEN)    00031fd4fcd66712 ffff82d080349a40 0000000000000001 ffff82d080348ea0
(XEN)    20c49ba5e353f7cf ffff82d0802f0000 00031fd4fcd6738e ffff83043cb75ec8
(XEN)    000000fb00000000 ffff82d0801afd2e 000000000000e008 0000000000000202
(XEN)    ffff82d0802f7e80 0000000000000000 ffff82d080320000 00031fd4fb0ca772
(XEN)    ffff82d0802f0000 0000000000000000 ffff82d0802f7ee0 0000000000000000
(XEN)    0000000000000000 0000114e0000717f ffff830078943000 ffff82d0802f0000
(XEN)    ffff830078943000 00000000ffffffff ffff83043cb63000 ffff83043cb63f10
(XEN) Xen call trace:
(XEN)    [<ffff82d0801606f6>] disconnect_bsp_APIC+0x48/0x11d
(XEN)    [<ffff82d08018a385>] smp_send_stop+0x5b/0x67
(XEN)    [<ffff82d080189c08>] machine_restart+0x8d/0x236
(XEN)    [<ffff82d080189dbc>] __machine_restart+0xb/0xf
(XEN)    [<ffff82d08012f8db>] smp_call_function_interrupt+0x95/0xca
(XEN)    [<ffff82d08018a42a>] call_function_interrupt+0x35/0x3b
(XEN)    [<ffff82d080173cbf>] do_IRQ+0x95/0x635
(XEN)    [<ffff82d080234502>] common_interrupt+0x62/0x70
(XEN)    [<ffff82d0801afd2e>] mwait_idle+0x294/0x2e8
(XEN)    [<ffff82d080164cf6>] idle_loop+0x51/0x70
(XEN) 
(XEN) 
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) GENERAL PROTECTION FAULT
(XEN) [error_code=0000]
(XEN) ****************************************
(XEN) 
(XEN) Reboot in five seconds...

Andrew Cooper (4):
  x86/apic: Disable the LAPIC later in smp_send_stop()
  xen/crash: Don't use set_fixmap() in the crash path
  x86/debugger: Use copy_to/from_guest() in dbg_rw_guest_mem()
  x86/memcpy: Reduce code size

 xen/arch/x86/crash.c           |    9 +++-----
 xen/arch/x86/debug.c           |   45 +++++++++++++++++++++++-----------------
 xen/arch/x86/domctl.c          |   14 ++++++-------
 xen/arch/x86/smp.c             |    2 +-
 xen/arch/x86/string.c          |    2 +-
 xen/include/asm-x86/debugger.h |    7 +++----
 6 files changed, 41 insertions(+), 38 deletions(-)

-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.