[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling

To: <zhenzhong.duan@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 06 Nov 2013 12:30:39 +0000
Cc: Jinsong Liu <jinsong.liu@xxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, "suravee.suthikulpanit@xxxxxxx" <suravee.suthikulpanit@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Will Auld <will.auld@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, "sherry.hurwitz@xxxxxxx" <sherry.hurwitz@xxxxxxx>
Delivery-date: Wed, 06 Nov 2013 12:31:03 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 04.11.13 at 09:49, Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx> wrote:
>      We have a problem w/ the new Xen4.4. hypervisor - dom0 comes up but 
> hit the following bug and the box reboot.
>      See stack trace bellow.
> 
> ...
> Starting portmap: [  OK  ]
> Starting NFS statd: [  OK  ]
> Starting RPC idmapd: [  OK  ]
> (XEN) Xen BUG at spinlock.c:48
> (XEN) ----[ Xen-4.4-unstable  x86_64  debug=y  Not tainted ]----
> (XEN) CPU:    2
> (XEN) RIP:    e008:[<ffff82d080127355>] check_lock+0x3d/0x43
> (XEN) RFLAGS: 0000000000010046   CONTEXT: hypervisor
> (XEN) rax: 0000000000000000   rbx: ffff82d08028ab08   rcx: 0000000000000001
> (XEN) rdx: 0000000000000000   rsi: 0000000000000001   rdi: ffff82d08028ab0c
> (XEN) rbp: ffff83203fda7c50   rsp: ffff83203fda7c50   r8: ffff82d0802dfc88
> (XEN) r9:  00000000deadbeef   r10: ffff82d08023e120   r11: 0000000000000206
> (XEN) r12: ffff83007f481ff0   r13: 0000000000000000   r14: 000ffff82cfffd5d
> (XEN) r15: ffff82cfffd5e000   cr0: 0000000080050033   cr4: 00000000000026f0
> (XEN) cr3: 000000c083a2a000   cr2: 000000000040e000
> (XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
> (XEN) Xen stack trace from rsp=ffff83203fda7c50:
> (XEN)    ffff83203fda7c68 ffff82d08012750d ffff83007f74e000 ffff83203fda7d08
> (XEN)    ffff82d0801717bf ffff83203fda7ca8 010183203fda7d88 0000000000000163
> (XEN)    000000013fda7d88 ffff832000000163 ffff83203fda7d28 0000000000000000
> (XEN)    000000000c082433 01ffffffffffffff ffff83007f4839f8 ffff82d08026ff20
> (XEN)    ffff83203fdcafd0 0000000000000000 00000000000002a2 ffff82d0802dfc90
> (XEN)    0000000000000001 000000c082432000 00000000000002a2 ffff83203fda7d18
> (XEN)    ffff82d080171e8a ffff83203fda7d58 ffff82d08019f5f5 0000000000000002
> (XEN)    ffff82d0802dfc88 ffff83203fda7db8 00000000ffffffea 0000000000000001
> (XEN)    0000000000000000 ffff83203fda7da8 ffff82d080112f8b 0000000000000002
> (XEN)    ffff83203fdac6c8 0000000200000005 0000000000000000 0000000000000001
> (XEN)    0000000000000000 ffff8807bc799e68 0000000000000246 ffff83203fda7ee8
> (XEN)    ffff82d080113cce 0000000000000001 000000c082432000 0000000000000000
> (XEN)    000000c085c1b000 0000000000000000 000000c085c1a000 0000000000000000
> (XEN)    000000c085c19000 0000000000000000 000000c085c18000 0000000000000000
> (XEN)    000000c085eb7000 0000000000000000 000000c085eb6000 0000000000000000
> (XEN)    000000c085eb5000 0000000000000000 000000c082433000 000000c085eb4002
> (XEN)    0000000008f59690 ffff82d0801274bf ffff83007f2db060 ffff83203fda7e88
> (XEN)    ffff82d08018d8ee ffff83203fd9c330 ffff83203fda7f18 ffff83203fda7ef8
> (XEN)    ffff82d080220550 0000000000000000 0000000008fff000 0000000000000044
> (XEN)    0000000000000000 ffffffff8125bd07 ffff83007f2db000 ffff8807bc684000
> (XEN) Xen call trace:
> (XEN)    [<ffff82d080127355>] check_lock+0x3d/0x43
> (XEN)    [<ffff82d08012750d>] _spin_lock+0x11/0x48
> (XEN)    [<ffff82d0801717bf>] map_pages_to_xen+0xcab/0x1052
> (XEN)    [<ffff82d080171e8a>] __set_fixmap+0x30/0x32
> (XEN)    [<ffff82d08019f5f5>] machine_kexec_load+0x66/0xa1
> (XEN)    [<ffff82d080112f8b>] kexec_load_unload_internal+0xb9/0x2cc
> (XEN)    [<ffff82d080113cce>] do_kexec_op_internal+0x391/0x4b2
> (XEN)    [<ffff82d080113e0d>] do_kexec_op+0xe/0x12
> (XEN)    [<ffff82d080225c7b>] syscall_enter+0xeb/0x145
> (XEN)
> (XEN)
> (XEN) ****************************************
> (XEN) Panic on CPU 2:
> (XEN) Xen BUG at spinlock.c:48
> (XEN) ****************************************

The patch at
http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg00659.html
should help.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
  - From: Zhenzhong Duan

Prev by Date: [Xen-devel] [PATCH] kexec: don't disable interrupts when acquiring load/unload lock
Next by Date: Re: [Xen-devel] [PATCH 1/3] MAINTAINERS: Add FIFO-based event channel ABI maintainer
Previous by thread: Re: [Xen-devel] kexec spin lock issue (was: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling)
Next by thread: Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.