[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] 100% reliable oops on Xen 4.1.3 (initially reported on 4.0.1)

>>> On 28.01.13 at 20:17, Peter Moody <pmoody@xxxxxxxxxx> wrote:
> TL;DR, the domU crash I reported over the summer on Xen 4.0.1 can be
> reproduced on 4.1.3 and on more processor families and with out the
> special memory/cpu configurations I previously reported.
> 
> Longer version:
> apropos of this thread [1] from last summer, I've managed to test for
> this bug on a more recent version of Xen and I can confirm that it
> exists in at least 4.1.3. Also, based on the release notes for 4.0.1
> [2] (the original version of Xen where I encountered this issue), I
> reproduced the bug on an AMD Athlon processor in case the interrupts
> issue mentioned had an effect.

I'm surprised this is still unresolved, but part of the problem may be
that you tag your problem (in the subject) to a particular Xen
version, thus implying it is a hypervisor issue. From the data you
provide I would think it's a kernel issue though.

> The patch I posted to the audit list didn't actually fix the problem.
> 
> Steps I used to reproduce:
> 1) installed Xen from ubuntu packages and boot into Xen enabled system.
> 2) installed ubuntu 12.10 domU using 20G flat file as disk (the
> previous system used drbd).
> 3) installed auditd and inserted any syscall rule (audit on chmod's
> for example).
> 4) compiled the attached sample program as a 32 bit binary.
> 5) ran it (works as a normal user).
> 
> The result is an immediate crash (if KILLDIR doesn't exist or isn't
> writable, you just get a segfault).
> 
> So, does anyone have any idea of what might be going on?

Sure - the code in question wants to run with interrupts enabled,
but they aren't for (I think) quite obvious a reason:
arch/x86/ia32/ia32entry.S:auditsys_exit has hard STI/CLI in it,
when those really should be ENABLE_INTERRUPTS() and
DISABLE_INTERRUPTS() respectively. Does the below help?

Jan

--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -207,7 +207,7 @@ sysexit_from_sys_call:
        testl $(_TIF_ALLWORK_MASK & 
~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
        jnz ia32_ret_from_sys_call
        TRACE_IRQS_ON
-       sti
+       ENABLE_INTERRUPTS(CLBR_NONE)
        movl %eax,%esi          /* second arg, syscall return value */
        cmpl $-MAX_ERRNO,%eax   /* is it an error ? */
        jbe 1f
@@ -217,7 +217,7 @@ sysexit_from_sys_call:
        call __audit_syscall_exit
        movq RAX-ARGOFFSET(%rsp),%rax   /* reload syscall return value */
        movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
-       cli
+       DISABLE_INTERRUPTS(CLBR_NONE)
        TRACE_IRQS_OFF
        testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
        jz \exit



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.