[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] qeustion: a panic in __do_update_va_mapping()

On 01/11/16 12:07, Xuquan (Quan Xu) wrote:
> On November 01, 2016 8:00 PM, Andrew Cooper wrote:
>> On 01/11/16 11:57, Xuquan (Quan Xu) wrote:
>>> On November 01, 2016 7:41 PM, Andrew Cooper
>> <andrew.cooper3@xxxxxxxxxx > wrote:
>>>> On 01/11/16 11:23, Xuquan (Quan Xu) wrote:
>>>>> On November 01, 2016 7:16 PM, Andrew Cooper <
>>>> andrew.cooper3@xxxxxxxxxx > wrote:
>>>>>> On 01/11/16 11:01, Xuquan (Quan Xu) wrote:
>>>>>>> Hi Andrew,
>>>>>>>
>>>>>>> When I run some application with Xen, I encounter a Panic with log
>>>>>>> as the
>>>>>> bottom of this email.
>>>>>>> I find this panic is as similar as your fix e4e9d2d4e76bd8fe22
>> 'x86/p2m-ept:
>>>>>> don't unmap the EPT pagetable while it is still in use'.
>>>>>>
>>>>>> Its not the same.  My fix was for a pagefault.  Your crash is
>>>>>> hitting a
>>>>>> BUG()
>>>>>>
>>>>>> You need to investigate which BUG() is being hit (you are clearly
>>>>>> not using staging, as page_alloc.c:429 is outside of a function), and 
>>>>>> why.
>>>>>>
>>>>> It is not using staging, a internal version, but the
>>>>> __do_update_va_mapping() is
>>>> the same..
>>>>> So I think it is similar to staging.
>>>> __do_update_va_mapping() is not relevant.  Your problem is in
>>>> alloc_heap_pages(), not __do_update_va_mapping().
>>>>
>>> Andrew, thanks for your help..
>>>
>>> Check it,
>>> the BUG() is from
>>> do_memory_op() -- alloc_domheap_pages() -- alloc_heap_pages()..
>>> , not from  __do_update_va_mapping().
>>>
>>> If so, I think the information is too limited to debug..
>>>
>>> the BUG() is being hit at:
>>> ...
>>> alloc_heap_pages()
>>>     for ( i = 0; i < (1 << order); i++ )
>>>     {
>>>         /* Reference count must continuously be zero for free pages. */
>>>         BUG_ON(pg[i].count_info != PGC_state_free); ...
>>>
>>>
>>> I guess I hit a 'count_info == -1', more put_page() is called to return the 
>>> page..
>> Yes.  This means that you have a reference counting error elsewhere in
>> the hypervisor, and something is dropping too many references.
>>
> :(:(..
> Any method to address it?

Not specifically.  It is similar to chasing a double free bug.

You should review whatever local additions you have in your tree extra
carefully.  It might be that there is a setup path which doesn't take a
ref, or a buggy error path which cleans up too many refs.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.