[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving domain from credit2 to credit cpupool crash xen


  • To: Jan Beulich <jbeulich@xxxxxxxx>, René Winther Højgaard <renewin@xxxxxxxxx>
  • From: Juergen Gross <jgross@xxxxxxxx>
  • Date: Mon, 4 Dec 2023 11:15:08 +0100
  • Authentication-results: smtp-out2.suse.de; none
  • Autocrypt: addr=jgross@xxxxxxxx; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNH0p1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT7CwHkEEwECACMFAlOMcK8CGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCw3p3WKL8TL8eZB/9G0juS/kDY9LhEXseh mE9U+iA1VsLhgDqVbsOtZ/S14LRFHczNd/Lqkn7souCSoyWsBs3/wO+OjPvxf7m+Ef+sMtr0 G5lCWEWa9wa0IXx5HRPW/ScL+e4AVUbL7rurYMfwCzco+7TfjhMEOkC+va5gzi1KrErgNRHH kg3PhlnRY0Udyqx++UYkAsN4TQuEhNN32MvN0Np3WlBJOgKcuXpIElmMM5f1BBzJSKBkW0Jc Wy3h2Wy912vHKpPV/Xv7ZwVJ27v7KcuZcErtptDevAljxJtE7aJG6WiBzm+v9EswyWxwMCIO RoVBYuiocc51872tRGywc03xaQydB+9R7BHPzsBNBFOMcBYBCADLMfoA44MwGOB9YT1V4KCy vAfd7E0BTfaAurbG+Olacciz3yd09QOmejFZC6AnoykydyvTFLAWYcSCdISMr88COmmCbJzn sHAogjexXiif6ANUUlHpjxlHCCcELmZUzomNDnEOTxZFeWMTFF9Rf2k2F0Tl4E5kmsNGgtSa aMO0rNZoOEiD/7UfPP3dfh8JCQ1VtUUsQtT1sxos8Eb/HmriJhnaTZ7Hp3jtgTVkV0ybpgFg w6WMaRkrBh17mV0z2ajjmabB7SJxcouSkR0hcpNl4oM74d2/VqoW4BxxxOD1FcNCObCELfIS auZx+XT6s+CE7Qi/c44ibBMR7hyjdzWbABEBAAHCwF8EGAECAAkFAlOMcBYCGwwACgkQsN6d 1ii/Ey9D+Af/WFr3q+bg/8v5tCknCtn92d5lyYTBNt7xgWzDZX8G6/pngzKyWfedArllp0Pn fgIXtMNV+3t8Li1Tg843EXkP7+2+CQ98MB8XvvPLYAfW8nNDV85TyVgWlldNcgdv7nn1Sq8g HwB2BHdIAkYce3hEoDQXt/mKlgEGsLpzJcnLKimtPXQQy9TxUaLBe9PInPd+Ohix0XOlY+Uk QFEx50Ki3rSDl2Zt2tnkNYKUCvTJq7jvOlaPd6d/W0tZqpyy7KVay+K4aMobDsodB3dvEAs6 ScCnh03dDAFgIq5nsB11j3KPKdVoPlfucX2c7kGNH+LUMbzqV6beIENfNexkOfxHfw==
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 04 Dec 2023 10:15:16 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 04.12.23 10:31, Jan Beulich wrote:
On 04.12.2023 10:23, Jan Beulich wrote:
On 01.12.2023 21:13, René Winther Højgaard wrote:
When I move a domain from pool0 with credit2 to any pool with credit(1) I get 
the following crash.


Software: Xen-4.17.3 / Qubes OS 4.2.0-RC5
Firmware: Dasharo 0.9.0 - Z790P
Hardware: 13900K
(XEN) Xen BUG at common/sched/credit.c:1051(XEN) ----[ Xen-4.17.3-pre  x86_64 
 debug=y  Not tainted ]----
(XEN) CPU:    2
(XEN) RIP:    e008:[<ffff82d040237cfd>] credit.c#csched_free_udata+0x12/0x14
(XEN) RFLAGS: 0000000000010202   CONTEXT: hypervisor (d0v2)
(XEN) rax: ffff82d040237ceb   rbx: 0000000000000014   rcx: 0000000000000013
(XEN) rdx: ffff831087d7ffff   rsi: ffff830ad80e8da0   rdi: ffff830ad80e8da0
(XEN) rbp: 0000000000000000   rsp: ffff831087d7fc90   r8:  ffff830e2d6a49b0
(XEN) r9:  ffff831087d7fbe0   r10: ffff83107c481068   r11: 0000002cfd1c274a
(XEN) r12: ffff830ad80e8c80   r13: ffff83107c45bee0   r14: 0000000000000000
(XEN) r15: ffff82d0405a9288   cr0: 0000000080050033   cr4: 0000000000b526e0
(XEN) cr3: 00000009284d8000   cr2: 00007fb535181240
(XEN) fsb: 00007fb534c5f380   gsb: ffff8881b9d00000   gss: 0000000000000000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen code around <ffff82d040237cfd> (credit.c#csched_free_udata+0x12/0x14):
(XEN)  75 06 e8 19 74 ff ff c3 <0f> 0b f3 0f 1e fa 53 48 8b 5f 18 48 85 db 74 2b
(XEN) Xen stack trace from rsp=ffff831087d7fc90:
(XEN)    ffff82d040247503 0000001300002030 ffff830ad80e8bf0 ffff82d0405a9288
(XEN)    ffff83107f59aa80 ffff830ad80e8c80 ffff83107c45bee0 ffff830ad80e8bf0
(XEN)    ffff831000af1010 ffff83107c45bee0 ffff830ad80ed000 ffff83107c45bee0
(XEN)    0000000000000000 ffff82d04045d5d8 ffff82d0405ae680 ffff82d040235303
(XEN)    ffff831087d7fe20 00000000fffffffe ffff82d040236ec3 ffff830ad80ed000
(XEN)    0000000000000000 00007fb535230010 ffff831087d7ffff 0000000000000000
(XEN)    ffff82d04045d5d8 ffff82d040234763 00000000c0000102 0000000000000000
(XEN)    0000000000000000 00000000c0000102 0000000d00000000 ffffffff8101ede6
(XEN)    000000000000e033 0000000000011082 ffffc90046ebba90 000000000000e02b
(XEN)    5a33a1a65352beef feadf9effdf1beef 122ae2fa736bbeef 46023e9af174beef
(XEN)    ffff82d040227cc6 ffff831087d7fe48 0000000000000000 0000000000011082
(XEN)    0000000000000000 ffff831087d7ffff 0000000000000000 ffffffff8101ede4
(XEN)    ffff82d0403495d0 0000001500000012 0000000100000006 0000000d00000000
(XEN)    00007ffdf93fb3fc 0000000000431042 000000000043d990 000000000043d9b0
(XEN)    00007fb534eb8434 00007ffdf93fb400 0000000000000013 0000000002361838
(XEN)    04457fe81f7cf300 0000000002360870 ffffffffffffff80 0000000000000000
(XEN)    00007ffdf93fc652 000000000043d980 ffff831087d7fef8 0000000000000023
(XEN)    ffff83107f544000 0000000000000000 0000000000000000 0000000000000000
(XEN)    ffff82d0402dd07f ffff83107f544000 0000000000000000 0000000000000000
(XEN)    ffff82d0402012b7 0000000000000000 ffff88811abbc100 00007ffdf93fb2c0
(XEN) Xen call trace:
(XEN)    [<ffff82d040237cfd>] R credit.c#csched_free_udata+0x12/0x14
(XEN)    [<ffff82d040247503>] S sched_move_domain+0x5b0/0x5cc

Hmm, looks like sched_move_domain()'s calling of sched_free_udata() uses the
new pool's scheduler, not that of the original pool. I'm puzzled though that
there's no sign at all in the function of it caring about what the original
pool was. IOW I'm not sure that the simple and obvious change to latch the
original pool into a local and then use it on the "out_free" path is going
to be enough. Jürgen (sorry, again you)?

Hmm, should have added "in the error case". Seeing there is old_ops, perhaps
simply

--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -810,7 +810,7 @@
      for ( unit = old_units; unit; )
      {
          if ( unit->priv )
-            sched_free_udata(c->sched, unit->priv);
+            sched_free_udata(ret ? c->sched : old_ops, unit->priv);
          old_unit = unit;
          unit = unit->next_in_list;
          xfree(old_unit);


Yes, this looks fine.

In case you want to send a proper patch, you can add my

Reviewed-by: Juergen Gross <jgross@xxxxxxxx>


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.