This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-ia64-devel] VNIF bug with PV-on-HVM on IA64

To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-ia64-devel] VNIF bug with PV-on-HVM on IA64
From: "Kasai Takanori" <kasai.takanori@xxxxxxxxxxxxxx>
Date: Tue, 14 Aug 2007 20:30:12 +0900
Cc: xen-ia64-devel <xen-ia64-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 14 Aug 2007 04:31:34 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi All,

We were testing VNIF with PV-on-HVM. When VNIF is used on the IA64 architecture, the kernel panic occurs. It happens when the ping command is executed from other machines. It is generated in the following environment. Architecture : only IA64
Xen     : Xen-3.1
GuestOS : RHEL4U4(2.6.9-42), RHEL4U5(2.6.9-55)
GuestOS is not generated in RHEL5GA(2.6.18-8). Moreover, it is not generated in the x86 architecture. When having confirmed it before, xen-unstable.hg was generated. It seems that the problem remains now. We investigated this problem a little. The kernel panic occurs by the following __skb_dequeue().
1300  static int netif_poll(struct net_device *dev, int *pbudget)
1301  {
1449          while ((skb = __skb_dequeue(&rxq)) != NULL) {
1450                  struct page *page = NETFRONT_SKB_CB(skb)->page;
1451                  void *vaddr = page_address(page);
1452                  unsigned offset = NETFRONT_SKB_CB(skb)->offset;
1454                  memcpy(skb->data, vaddr + offset, skb_headlen(skb));

An illegal address returns by __skb_dequeue(). It seems to relate the sk_buff structure different. (As for generated RHEL4U4/U5 and RHELGA not generated, the sk_buff structure is different.) The problem didn't occur if the NETFRONT_SKB_CB macro is not used like the previous changeset. The difference is for your information appended. (netfront.diff)

We do not understand the cause still generated well. Why does this problem occur?
Please give advice to us some.

Best Regards,

Takanori Kasai

Attachment: netfront.diff
Description: Binary data

Xen-ia64-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>