[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Fix VGA logdirty related display freezes with altp2m



>>>> With the config fixed it boots but when I run DRAKVUF on the domain I
>>>> get the following crash:
>>>>
>>>> (XEN) ----[ Xen-4.12-unstable  x86_64  debug=y   Not tainted ]----
>>>> (XEN) CPU:    0
>>>> (XEN) RIP:    e008:[<000000007bdb630c>] 000000007bdb630c
>>>> (XEN) RFLAGS: 0000000000010282   CONTEXT: hypervisor (d0v5)
>>>> (XEN) rax: 00000000ee138470   rbx: 0000000000000000   rcx: 000000008000b098
>>>> (XEN) rdx: 0000000000000cf8   rsi: 0000000000000000   rdi: 000000046d2ef000
>>>> (XEN) rbp: 0000000000000000   rsp: ffff83005da27a10   r8:  0000000000000cf8
>>>> (XEN) r9:  0000000000000cf8   r10: ffff83005da27ab8   r11: ffff83005da27a08
>>>> (XEN) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000065
>>>> (XEN) r15: 00000000000005a7   cr0: 0000000080050033   cr4: 0000000000372660
>>>> (XEN) cr3: 000000046d2ef000   cr2: 00000000ee138470
>>>> (XEN) fsb: 00007fe46d97bbc0   gsb: ffff880467f40000   gss: 0000000000000000
>>>> (XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
>>>> (XEN) Xen code around <000000007bdb630c> (000000007bdb630c):
>>>> (XEN)  80 74 0b 05 70 84 00 00 <c7> 00 00 00 00 e0 80 3d 7a 34 00 00 00 75 
>>>> 64 48
>>>> (XEN) Xen stack trace from rsp=ffff83005da27a10:(XEN) Xen stack trace
>>>> from rsp=ffff83005da27a10:
>>>> (XEN)    0000000000000000 0000000000000065 ffff83005da27a50 
>>>> ffff82d08037aafc
>>>> (XEN)    00000000fffffffe ffff82d08037ae14 0000000000000000 
>>>> ffff83005da27a90
>>>> (XEN)    0000000000372660 000000046d2ef000 0000000393e91000 
>>>> ffff82d0809602b0
>>>> (XEN)    000000fe00000000 ffff82d0802a3b98 ffffffffffffffff 
>>>> ffff83005da27ab8
>>>> (XEN)    ffff83005da27b08 ffff82d0802a3511 ffff82d08046b028 
>>>> ffff83005da27b08
>>>> (XEN)    ffff82d0802a3511 ffff83005da27fff 0000138800000292 
>>>> 000082d0808176a0
>>>> (XEN)    0000000000000000 ffff82d08023b889 0000000000000292 
>>>> ffff82d08046b028
>>>> (XEN)    ffff82d080451ac8 ffff82d080454af2 00000000000005a7 
>>>> ffff83005da27b78
>>>> (XEN)    ffff82d080251d6f ffff82d080250fcd 0000000000000028 
>>>> ffff83005da27b88
>>>> (XEN)    ffff83005da27b38 000000000000e010 ffff82d080454c73 
>>>> ffff82d080451ac8
>>>> (XEN)    ffff82d080454af2 00000000000005a7 0000000000000030 
>>>> ffff83005da27bf8
>>>> (XEN)    ffff82d080454c73 ffff83005da27be8 ffff82d0802aaebc 
>>>> ffff82d08033f3dc
>>>> (XEN)    ffff82d080451ac8 ffff82d08037d969 ffff82d08037d95d 
>>>> ffff82d08037d969
>>>> (XEN)    0b0f82d08037d95d ffff82d08037d969 ffff83005fe5b000 
>>>> 0000000000000000
>>>> (XEN)    0000000000000000 ffff83005da27fff 0000000000000000 
>>>> 00007cffa25d83e7
>>>> (XEN)    ffff82d08037da2d deadbeefdeadf00d ffff83018caf2530 
>>>> ffff83005da27d38
>>>> (XEN)    ffff83040a492830 ffff83005da27cc8 ffff83040bab2880 
>>>> 0000000000000000
>>>> (XEN)    0000000000000000 deadbeefdeadf00d deadbeefdeadf00d 
>>>> 0000000000000000
>>>> (XEN)    0000000000000000 ffff830451835000 0000000000000000 
>>>> ffff83040a492000
>>>> (XEN)    0000000600000000 ffff82d08033f3da 000000000000e008 
>>>> 0000000000010282
>>>> (XEN) Xen call trace:
>>>> (XEN)    [<000000007bdb630c>] 000000007bdb630c
>>>> (XEN)
>>>> (XEN) Pagetable walk from 00000000ee138470:
>>>> (XEN)  L4[0x000] = 000000046d2ee063 ffffffffffffffff
>>>> (XEN)  L3[0x003] = 000000005da11063 ffffffffffffffff
>>>> (XEN)  L2[0x170] = 0000000000000000 ffffffffffffffff
>>>> (XEN)
>>>> (XEN) ****************************************
>>>> (XEN) Panic on CPU 0:
>>>> (XEN) FATAL PAGE FAULT
>>>> (XEN) [error_code=0002]
>>>> (XEN) Faulting linear address: 00000000ee138470
>>>> (XEN) ****************************************
>>>> (XEN)
>>>> (XEN) Reboot in five seconds...
>>> This one I'm not sure about. What does your introspection agent do at
>>> that point?
>>
>> This crash is bizarre.  Xen has most likely followed a corrupt function
>> pointer, because none of Xen's .text section live just below the 2G boundary
>>
> 
> It's reproducible and happens immediately after a successful call to
> xc_altp2m_set_domain_state to enable altp2m.

That can't be all that's needed. I assure you I've tested this with much
more that just calling xc_altp2m_set_domain_state() with no crashes at
all. Something else must happen as well.

Could you write a simple C test application that does the minimum
ammount of work needed to produce this crash?


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.