[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Crash with your meltdown patches

On 01/03/18 18:23, Juergen Gross wrote:
> On 01/03/18 18:48, Andrew Cooper wrote:
>> On 01/03/18 17:05, Juergen Gross wrote:
>>> Jan,
>>>
>>> I just rebased my patch series for speeding up XPTI to current
>>> staging. This included your pending speedup series. I'm now seeing
>>> a crash with the first patch of yours:
>>>
>>> (XEN) Intel VT-d Queued Invalidation enabled.
>>> (XEN) Intel VT-d Interrupt Remapping enabled.
>>> (XEN) Intel VT-d Posted Interrupt not enabled.
>>> (XEN) Intel VT-d Shared EPT tables not enabled.
>>> (XEN) I/O virtualisation enabled
>>> (XEN)  - Dom0 mode: Relaxed
>>> (XEN) Interrupt remapping enabled
>>> (XEN) Assertion 'l1e_get_flags(*pl1e) == flags' failed at smpboot.c:750
>>> (XEN) ----[ Xen-4.11-unstable  x86_64  debug=y   Tainted:  C   ]----
>>> (XEN) CPU:    0
>>> (XEN) RIP:    e008:[<ffff82d08029fe68>] smpboot.c#clone_mapping+0x656/0x6c0
>>> (XEN) RFLAGS: 0000000000010287   CONTEXT: hypervisor
>>> (XEN) rax: 00000000000dbbab   rbx: 0000000000000d58   rcx: 0000000000000163
>>> (XEN) rdx: 0000000000800163   rsi: 0000000000800063   rdi: 00000007c7ffffff
>>> (XEN) rbp: ffff82d080477d58   rsp: ffff82d080477d18   r8:  0000000000217fdd
>>> (XEN) r9:  ffffffffffffffff   r10: 0000000217fdd000   r11: 0000000000000163
>>> (XEN) r12: ffff83021bfd9d58   r13: ffff8300dba62010   r14: 0000000000800163
>>> (XEN) r15: ffff830217fde828   cr0: 000000008005003b   cr4: 00000000001506e0
>>> (XEN) cr3: 00000000dba66000   cr2: 0000000000000000
>>> (XEN) fsb: 0000000000000000   gsb: 0000000000000000   gss: 0000000000000000
>>> (XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0000   cs: e008
>>> (XEN) Xen code around <ffff82d08029fe68>
>>> (smpboot.c#clone_mapping+0x656/0x6c0):
>>> (XEN)  74 02 0f 0b 39 d6 74 56 <0f> 0b 41 81 e6 ff 0e 00 00 48 8b 45 c8
>>> 48 c1 e0
>>> (XEN) Xen stack trace from rsp=ffff82d080477d18:
>>> (XEN)    ffff82d0805b0020 00000000000dbbab ffff82d080477d48 0000000000008000
>>> (XEN)    ffff830217fde000 0000000000000000 00000007c7ffffff ffff82ffffffffff
>>> (XEN)    ffff82d080477d98 ffff82d0802a0085 ffff82d080477db8 ffff82d080477fff
>>> (XEN)    ffff830217ff2f60 ffff82d0805b0020 ffff82d0805b0020 0000000000000003
>>> (XEN)    ffff82d080477db8 ffff82d0804083c7 ffff82d080477fff ffff82d080477fff
>>> (XEN)    ffff82d080477ee8 ffff82d080407be0 0000000000000000 00000000003b0180
>>> (XEN)    00000000000001dc 00000000000001f1 00000000000001fe 000000000000016a
>>> (XEN)    0000000000000002 0000000000000002 0000000000000002 0000000000000001
>>> (XEN)    0000000000000001 0000000000000001 0000000000000001 0000000000000000
>>> (XEN)    00000000cee00000 000000000021ee00 000000021bfdc000 0000000000000000
>>> (XEN)    ffff83000008fc30 ffff82d000000003 0000000200000003 0000000001a9b000
>>> (XEN)    ffff83000008ff30 ffff83000008ffb0 0000000000000000 0000000000000000
>>> (XEN)    0000000800000000 000000010000006e 0000000000000003 00000000000002f8
>>> (XEN)    0000000000000000 0000000000000000 000000000000180a 00000000cbf65b98
>>> (XEN)    0000000000000001 00000000d287d018 0000000000000000 ffff82d0802000f3
>>> (XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
>>> (XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
>>> (XEN)    0000000000000000 0000000c00000000 732dccb6003dccb3 003dc71000477f74
>>> (XEN)    003dccb50008ffa2 732dccb60000000c 003dccb300000000 00477fa00008ffad
>>> (XEN)    0008ffad003dc776 00000004003dccaf 00477fb80008ff01 0000000c003dc776
>>> (XEN) Xen call trace:
>>> (XEN)    [<ffff82d08029fe68>] smpboot.c#clone_mapping+0x656/0x6c0
>>> (XEN)    [<ffff82d0802a0085>] smpboot.c#setup_cpu_root_pgt+0x1b3/0x2a1
>>> (XEN)    [<ffff82d0804083c7>] smp_prepare_cpus+0x87/0x38a
>>> (XEN)    [<ffff82d080407be0>] __start_xen+0x2029/0x2623
>>> (XEN)    [<ffff82d0802000f3>] __high_start+0x53/0x60
>>>
>>> I suspect Andrew's patch 422588e88511d17984544c0f017a927de3315290 might
>>> be the cause, as my series was based on staging from Feb 14th and this
>>> patch seems the only one related to the crash.
>>>
>>> Do you have an idea how to fix the problem?
>> Which mapping is attempting to be cloned at this point?
> The idt.
>
> This modification lets it boot again:
>
> diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c
> index 6b2c0b3ac5..d03eb608d9 100644
> --- a/xen/arch/x86/smpboot.c
> +++ b/xen/arch/x86/smpboot.c
> @@ -747,10 +747,9 @@ static int clone_mapping(const void *ptr,
> root_pgentry_t *rpt)
>      if ( l1e_get_flags(*pl1e) & _PAGE_PRESENT )
>      {
>          ASSERT(l1e_get_pfn(*pl1e) == pfn);
> -        ASSERT(l1e_get_flags(*pl1e) == flags);
> +        ASSERT((l1e_get_flags(*pl1e) & ~_PAGE_GLOBAL) == flags);
>      }
> -    else
> -        l1e_write(pl1e, l1e_from_pfn(pfn, flags));
> +    l1e_write(pl1e, l1e_from_pfn(pfn, flags));
>
>      return 0;
>  }

Oh, in which case that will be the middle of Jan's speedup series, which
plays with global handling.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.