[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xen crash with 4.17 kernel on Fedora

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Michael Young <m.a.young@xxxxxxxxxxxx>
Date: Sun, 1 Jul 2018 22:26:27 +0100 (BST)
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=m.a.young@xxxxxxxxxxxx;
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 01 Jul 2018 21:27:07 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

On Sun, 1 Jul 2018, M A Young wrote:

I get (with kernel-4.17.3-200.fc28.x86_64 which is a bit easier)

rip: ffffffff81062330 native_irq_disable
flags: 00000246 i z p
rsp: ffffffff82203d90
rax: 0000000000000246   rcx: 0000000000000000   rdx: 0000000000000000
rbx: 00000000ffffffff   rsi: 00000000ffffffff   rdi: 0000000000000000
rbp: 0000000000000000    r8: ffffffff820bb698    r9: ffffffff82203e38
r10: 0000000000000000   r11: 0000000000000000   r12: 0000000000000000
r13: ffffffff820bb698   r14: ffffffff82203e38   r15: 0000000000000000
cs: e033         ss: e02b        ds: 0000        es: 0000
fs: 0000 @ 0000000000000000
gs: 0000 @ ffffffff82731000/0000000000000000 __init_begin/
Code (instr addr ffffffff81062330)
00 00 00 00 00 57 9d c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 <fa> c3 0f
1f 40 00 66 2e 0f 1f 84


Stack:
0000000000000000 0000000000000000 0000000000000000 ffffffff81062330
000000010000e030 0000000000010046 ffffffff82203dd8 000000000000e02b
0000000000000246 ffffffff8110dff9 0000000000000000 0000000000000246
0000000000000000 0000000000000000 ffffffff820a6cd0 ffffffff82203e88
ffffffff82739000 8000000000000061 0000000000000000 0000000000000000

Call Trace:
                   [<ffffffff81062330>] native_irq_disable <--
ffffffff82203da8:   [<ffffffff81062330>] native_irq_disable
ffffffff82203dd8:   [<ffffffff8110dff9>] vprintk_emit+0xe9
ffffffff82203e30:   [<ffffffff8110ec96>] printk+0x58
ffffffff82203e90:   [<ffffffff810ac970>] __warn_printk+0x46
ffffffff82203ef8:   [<ffffffff8275db62>] xen_load_gdt_boot+0x108
ffffffff82203f28:   [<ffffffff81037c70>] load_direct_gdt+0x30
ffffffff82203f40:   [<ffffffff81037f08>] switch_to_new_gdt+0x8
ffffffff82203f48:   [<ffffffff8102aae0>] x86_init_noop
ffffffff82203f50:   [<ffffffff8275dc8c>] xen_start_kernel+0xed


The xen_load_gdt_boot code is

   0xffffffff8275da5a <xen_load_gdt_boot>:
    callq  0xffffffff81a017a0 <__fentry__>
   0xffffffff8275da5f <xen_load_gdt_boot+5>:      push   %r13
   0xffffffff8275da61 <xen_load_gdt_boot+7>:      push   %r12
   0xffffffff8275da63 <xen_load_gdt_boot+9>:      push   %rbp
   0xffffffff8275da64 <xen_load_gdt_boot+10>:     push   %rbx
   0xffffffff8275da65 <xen_load_gdt_boot+11>:     push   %rdx
   0xffffffff8275da66 <xen_load_gdt_boot+12>:     movzwl (%rdi),%ebp
   0xffffffff8275da69 <xen_load_gdt_boot+15>:     mov    0x2(%rdi),%r12
   0xffffffff8275da6d <xen_load_gdt_boot+19>:     inc    %ebp
   0xffffffff8275da6f <xen_load_gdt_boot+21>:     cmp    $0x1000,%ebp
   0xffffffff8275da75 <xen_load_gdt_boot+27>:
    jle    0xffffffff8275da79 <xen_load_gdt_boot+31>
   0xffffffff8275da77 <xen_load_gdt_boot+29>:     ud2
   0xffffffff8275da79 <xen_load_gdt_boot+31>:     test   $0xfff,%r12d
   0xffffffff8275da80 <xen_load_gdt_boot+38>:
    je     0xffffffff8275da84 <xen_load_gdt_boot+42>
   0xffffffff8275da82 <xen_load_gdt_boot+40>:     ud2
   0xffffffff8275da84 <xen_load_gdt_boot+42>:     mov    $0x80000000,%ebx
   0xffffffff8275da89 <xen_load_gdt_boot+47>:
    mov    -0x54ba80(%rip),%rax        # 0xffffffff82212010
   0xffffffff8275da90 <xen_load_gdt_boot+54>:     add    %r12,%rbx
   0xffffffff8275da93 <xen_load_gdt_boot+57>:     mov    %rbx,%rdi
   0xffffffff8275da96 <xen_load_gdt_boot+60>:
    jb     0xffffffff8275daa9 <xen_load_gdt_boot+79>

0xffffffff8275da98 <xen_load_gdt_boot+62>: mov$0xffffffff80000000,%rbx

   0xffffffff8275da9f <xen_load_gdt_boot+69>:     mov    %rbx,%rax
   0xffffffff8275daa2 <xen_load_gdt_boot+72>:

sub -0x5dec19(%rip),%rax # 0xffffffff8217ee90<page_offset_base>

   0xffffffff8275daa9 <xen_load_gdt_boot+79>:     lea    (%rdi,%rax,1),%rbx
   0xffffffff8275daad <xen_load_gdt_boot+83>:     mov    %rbx,%rdi
   0xffffffff8275dab0 <xen_load_gdt_boot+86>:     shr    $0xc,%rdi
   0xffffffff8275dab4 <xen_load_gdt_boot+90>:

cmpb $0x0,-0x3d0459(%rip) # 0xffffffff8238d662<xen_features+2>

   0xffffffff8275dabb <xen_load_gdt_boot+97>:     mov    %rdi,%rax
   0xffffffff8275dabe <xen_load_gdt_boot+100>:
    jne    0xffffffff8275db02 <xen_load_gdt_boot+168>
   0xffffffff8275dac0 <xen_load_gdt_boot+102>:
    cmp    -0x3d9a67(%rip),%rdi        # 0xffffffff82384060 <xen_p2m_size>
   0xffffffff8275dac7 <xen_load_gdt_boot+109>:
    jae    0xffffffff8275dadc <xen_load_gdt_boot+130>
   0xffffffff8275dac9 <xen_load_gdt_boot+111>:
    mov    -0x3d9a68(%rip),%rdx        # 0xffffffff82384068 <xen_p2m_addr>
   0xffffffff8275dad0 <xen_load_gdt_boot+118>:    mov    (%rdx,%rdi,8),%rax

0xffffffff8275dad4 <xen_load_gdt_boot+122>: cmp$0xffffffffffffffff,%rax

   0xffffffff8275dad8 <xen_load_gdt_boot+126>:
    jne    0xffffffff8275daf5 <xen_load_gdt_boot+155>
   0xffffffff8275dada <xen_load_gdt_boot+128>:
    jmp    0xffffffff8275daea <xen_load_gdt_boot+144>
   0xffffffff8275dadc <xen_load_gdt_boot+130>:    bts    $0x3e,%rax
   0xffffffff8275dae1 <xen_load_gdt_boot+135>:

cmp -0x3d9a90(%rip),%rdi # 0xffffffff82384058<xen_max_p2m_pfn>

   0xffffffff8275dae8 <xen_load_gdt_boot+142>:
    jae    0xffffffff8275daf5 <xen_load_gdt_boot+155>
   0xffffffff8275daea <xen_load_gdt_boot+144>:
    callq  0xffffffff81017190 <get_phys_to_machine>

0xffffffff8275daef <xen_load_gdt_boot+149>: cmp$0xffffffffffffffff,%rax

   0xffffffff8275daf3 <xen_load_gdt_boot+153>:
    je     0xffffffff8275db02 <xen_load_gdt_boot+168>

0xffffffff8275daf5 <xen_load_gdt_boot+155>: movabs$0x3fffffffffffffff,%rdx

   0xffffffff8275daff <xen_load_gdt_boot+165>:    and    %rdx,%rax

0xffffffff8275db02 <xen_load_gdt_boot+168>: movabs$0x8000000000000161,%rsi

   0xffffffff8275db0c <xen_load_gdt_boot+178>:
    or     -0x523d53(%rip),%rsi        # 0xffffffff82239dc0 <sme_me_mask>
   0xffffffff8275db13 <xen_load_gdt_boot+185>:

and -0x3d847a(%rip),%rsi # 0xffffffff823856a0<__default_kernel_pte_mask>

   0xffffffff8275db1a <xen_load_gdt_boot+192>:    mov    %rax,(%rsp)

0xffffffff8275db1e <xen_load_gdt_boot+196>: and$0xfffffffffffff000,%rbx

   0xffffffff8275db25 <xen_load_gdt_boot+203>:    mov    %rsi,%r13
   0xffffffff8275db28 <xen_load_gdt_boot+206>:    test   $0x1,%sil
   0xffffffff8275db2c <xen_load_gdt_boot+210>:
    je     0xffffffff8275db64 <xen_load_gdt_boot+266>
   0xffffffff8275db2e <xen_load_gdt_boot+212>:

mov -0x3d848d(%rip),%rcx # 0xffffffff823856a8<__supported_pte_mask>

   0xffffffff8275db35 <xen_load_gdt_boot+219>:    and    %rcx,%r13
   0xffffffff8275db38 <xen_load_gdt_boot+222>:    cmp    %r13,%rsi
   0xffffffff8275db3b <xen_load_gdt_boot+225>:
    je     0xffffffff8275db64 <xen_load_gdt_boot+266>
   0xffffffff8275db3d <xen_load_gdt_boot+227>:

cmpb $0x0,-0x424ea8(%rip) # 0xffffffff82338c9c<__warned.24604>

   0xffffffff8275db44 <xen_load_gdt_boot+234>:
    jne    0xffffffff8275db64 <xen_load_gdt_boot+266>
   0xffffffff8275db46 <xen_load_gdt_boot+236>:    mov    %rcx,%rdx

0xffffffff8275db49 <xen_load_gdt_boot+239>: mov$0xffffffff820a6cd0,%rdi

   0xffffffff8275db50 <xen_load_gdt_boot+246>:

movb $0x1,-0x424ebb(%rip) # 0xffffffff82338c9c<__warned.24604>

   0xffffffff8275db57 <xen_load_gdt_boot+253>:    not    %rdx
   0xffffffff8275db5a <xen_load_gdt_boot+256>:    and    %rsi,%rdx
   0xffffffff8275db5d <xen_load_gdt_boot+259>:
    callq  0xffffffff810ac92a <__warn_printk>
   0xffffffff8275db62 <xen_load_gdt_boot+264>:    ud2
   0xffffffff8275db64 <xen_load_gdt_boot+266>:    or     %r13,%rbx
   0xffffffff8275db67 <xen_load_gdt_boot+269>:    mov    %rbx,%rdi
   0xffffffff8275db6a <xen_load_gdt_boot+272>:    callq  *0xffffffff82185fd8
   0xffffffff8275db71 <xen_load_gdt_boot+279>:    xor    %edx,%edx
   0xffffffff8275db73 <xen_load_gdt_boot+281>:    mov    %rax,%rsi
   0xffffffff8275db76 <xen_load_gdt_boot+284>:    mov    %r12,%rdi
   0xffffffff8275db79 <xen_load_gdt_boot+287>:
    callq  0xffffffff810011c0 <xen_hypercall_update_va_mapping>
   0xffffffff8275db7e <xen_load_gdt_boot+292>:    test   %eax,%eax
   0xffffffff8275db80 <xen_load_gdt_boot+294>:
    je     0xffffffff8275db84 <xen_load_gdt_boot+298>
   0xffffffff8275db82 <xen_load_gdt_boot+296>:    ud2
   0xffffffff8275db84 <xen_load_gdt_boot+298>:    shr    $0x3,%ebp
   0xffffffff8275db87 <xen_load_gdt_boot+301>:    mov    %rsp,%rdi
   0xffffffff8275db8a <xen_load_gdt_boot+304>:    mov    %ebp,%esi
   0xffffffff8275db8c <xen_load_gdt_boot+306>:
    callq  0xffffffff81001040 <xen_hypercall_set_gdt>
   0xffffffff8275db91 <xen_load_gdt_boot+311>:    test   %eax,%eax
   0xffffffff8275db93 <xen_load_gdt_boot+313>:
    je     0xffffffff8275db97 <xen_load_gdt_boot+317>
   0xffffffff8275db95 <xen_load_gdt_boot+315>:    ud2
   0xffffffff8275db97 <xen_load_gdt_boot+317>:    pop    %rax
   0xffffffff8275db98 <xen_load_gdt_boot+318>:    pop    %rbx
   0xffffffff8275db99 <xen_load_gdt_boot+319>:    pop    %rbp
   0xffffffff8275db9a <xen_load_gdt_boot+320>:    pop    %r12
   0xffffffff8275db9c <xen_load_gdt_boot+322>:    pop    %r13
   0xffffffff8275db9e <xen_load_gdt_boot+324>:    retq

I think the crash is triggered by the code

static inline pgprotval_t check_pgprot(pgprot_t pgprot)
{
        pgprotval_t massaged_val = massage_pgprot(pgprot);

        /* mmdebug.h can not be included here because of dependencies */
#ifdef CONFIG_DEBUG_VM
        WARN_ONCE(pgprot_val(pgprot) != massaged_val,
                  "attempted to set unsupported pgprot: %016llx "
                  "bits: %016llx supported: %016llx\n",
                  (u64)pgprot_val(pgprot),
                  (u64)pgprot_val(pgprot) ^ massaged_val,
                  (u64)__supported_pte_mask);
#endif

        return massaged_val;
}

static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
{
        return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) |
                     check_pgprot(pgprot));
}

in arch/x86/include/asm/pgtable.h which is inlined into xen_load_gdt_bootby via pfn_pte


In 4.16 the equivalent code was

static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
{
        return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) |
                     massage_pgprot(pgprot));
}

        Michael Young

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] xen crash with 4.17 kernel on Fedora
  - From: Juergen Gross

References:
- [Xen-devel] xen crash with 4.17 kernel on Fedora
  - From: Michael Young
- Re: [Xen-devel] xen crash with 4.17 kernel on Fedora
  - From: Andrew Cooper
- Re: [Xen-devel] xen crash with 4.17 kernel on Fedora
  - From: M A Young

Prev by Date: Re: [Xen-devel] PCI passthrough performance loss with Skylake-SP
Next by Date: [Xen-devel] [libvirt test] 124879: regressions - FAIL
Previous by thread: Re: [Xen-devel] xen crash with 4.17 kernel on Fedora
Next by thread: Re: [Xen-devel] xen crash with 4.17 kernel on Fedora
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.