[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 for-xen-4.5] Fix list corruption in dpci_softirq.



On 19/11/2014 18:54, Sander Eikelenboom wrote:
> Wednesday, November 19, 2014, 6:31:39 PM, you wrote:
>
>> Hey,
>> This patch should fix the issue that Sander had seen. The full details
>> are in the patch itself. Sander, if you could - please test origin/staging
>> with this patch to make sure it does fix the issue.
>
>>  xen/drivers/passthrough/io.c | 27 +++++++++++++++++----------
>> Konrad Rzeszutek Wilk (1):
>>       dpci: Fix list corruption if INTx device is used and an IRQ timeout is 
>> invoked.
>>  1 file changed, 17 insertions(+), 10 deletions(-)
>
> Hi Konrad,
>
> Hmm just tested with a freshly cloned tree .. unfortunately it blew up again.
> (i must admit i also re-enabled stuff i had disabled in debugging like, 
> cpuidle, cpufreq). 
>
> (XEN) [2014-11-19 18:41:25.999] ----[ Xen-4.5.0-rc  x86_64  debug=y  Not 
> tainted ]----
> (XEN) [2014-11-19 18:41:25.999] CPU:    5
> (XEN) [2014-11-19 18:41:25.999] RIP:    e008:[<ffff82d0801490ac>] 
> dpci_softirq+0x9c/0x23d
> (XEN) [2014-11-19 18:41:25.999] RFLAGS: 0000000000010283   CONTEXT: hypervisor
> (XEN) [2014-11-19 18:41:25.999] rax: 0100100100100100   rbx: ffff8303bb688d90 
>   rcx: 0000000000000001
> (XEN) [2014-11-19 18:41:25.999] rdx: ffff83054ef18000   rsi: 0000000000000002 
>   rdi: ffff83050b29e0b8
> (XEN) [2014-11-19 18:41:25.999] rbp: ffff83054ef1feb0   rsp: ffff83054ef1fe50 
>   r8:  ffff8303bb688d60
> (XEN) [2014-11-19 18:41:25.999] r9:  000001d5f62fff63   r10: 00000000deadbeef 
>   r11: 0000000000000246
> (XEN) [2014-11-19 18:41:25.999] r12: ffff8303bb688d38   r13: ffff83050b29e000 
>   r14: ffff8303bb688d28
> (XEN) [2014-11-19 18:41:25.999] r15: ffff8303bb688d28   cr0: 000000008005003b 
>   cr4: 00000000000006f0
> (XEN) [2014-11-19 18:41:25.999] cr3: 000000050b2c7000   cr2: ffffffffff600400
> (XEN) [2014-11-19 18:41:25.999] ds: 002b   es: 002b   fs: 0000   gs: 0000   
> ss: e010   cs: e008
> (XEN) [2014-11-19 18:41:25.999] Xen stack trace from rsp=ffff83054ef1fe50:
> (XEN) [2014-11-19 18:41:25.999]    0000000000000c23 ffff83050b29e0b8 
> ffff8303bb688d38 ffff83054ef1fe70
> (XEN) [2014-11-19 18:41:25.999]    ffff8303bb688d90 ffff8303bb688d90 
> 000000fb00000000 ffff82d080300200
> (XEN) [2014-11-19 18:41:25.999]    ffff82d0802fff80 ffffffffffffffff 
> ffff83054ef18000 0000000000000002
> (XEN) [2014-11-19 18:41:25.999]    ffff83054ef1fee0 ffff82d08012be31 
> ffff83054ef18000 ffff83009fd2d000
> (XEN) [2014-11-19 18:41:25.999]    00000000ffffffff ffff83054ef28068 
> ffff83054ef1fef0 ffff82d08012be89
> (XEN) [2014-11-19 18:41:25.999]    ffff83054ef1ff10 ffff82d0801633e5 
> ffff82d08012be89 ffff83009ff8b000
> (XEN) [2014-11-19 18:41:25.999]    ffff83054ef1fde8 ffff880059bf8000 
> ffff880059bf8000 0000000000000000
> (XEN) [2014-11-19 18:41:25.999]    0000000000000000 ffff880059bfbeb0 
> ffffffff822f3ec0 0000000000000246
> (XEN) [2014-11-19 18:41:25.999]    0000000000000001 0000000000000000 
> 0000000000000000 0000000000000000
> (XEN) [2014-11-19 18:41:25.999]    ffffffff810013aa ffff880059bde480 
> 00000000deadbeef 00000000deadbeef
> (XEN) [2014-11-19 18:41:25.999]    0000010000000000 ffffffff810013aa 
> 000000000000e033 0000000000000246
> (XEN) [2014-11-19 18:41:25.999]    ffff880059bfbe98 000000000000e02b 
> 1862060042c8beef 224d41480704beef
> (XEN) [2014-11-19 18:41:25.999]    99171042639bbeef 74c88180108cbeef 
> c0dc604c00000005 ffff83009ff8b000
> (XEN) [2014-11-19 18:41:26.000]    00000034cebff280 ca836183a4020303
> (XEN) [2014-11-19 18:41:26.000] Xen call trace:
> (XEN) [2014-11-19 18:41:26.000]    [<ffff82d0801490ac>] 
> dpci_softirq+0x9c/0x23d
> (XEN) [2014-11-19 18:41:26.000]    [<ffff82d08012be31>] __do_softirq+0x81/0x8c
> (XEN) [2014-11-19 18:41:26.000]    [<ffff82d08012be89>] do_softirq+0x13/0x15
> (XEN) [2014-11-19 18:41:26.000]    [<ffff82d0801633e5>] idle_loop+0x5e/0x6e
> (XEN) [2014-11-19 18:41:26.000] 
> (XEN) [2014-11-19 18:41:26.778] 
> (XEN) [2014-11-19 18:41:26.787] ****************************************
> (XEN) [2014-11-19 18:41:26.806] Panic on CPU 5:
> (XEN) [2014-11-19 18:41:26.819] GENERAL PROTECTION FAULT
> (XEN) [2014-11-19 18:41:26.834] [error_code=0000]
> (XEN) [2014-11-19 18:41:26.847] ****************************************
> (XEN) [2014-11-19 18:41:26.867] 
> (XEN) [2014-11-19 18:41:26.876] Reboot in five seconds...
> (XEN) [2014-11-19 18:41:26.891] APIC error on CPU0: 00(08)
> (XEN) [2014-11-19 18:41:26.906] APIC error on CPU0: 08(08)

For the avoidance of any confusion, this is still LIST_POISON1 (see
%rax), but now a #GP fault following c/s 404227138 (now with 100% less
chance of dereferencing into guest-controlled virtual address space)

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.