[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] sched/null: avoid another crash after failed domU creation

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
  • Date: Thu, 3 Apr 2025 17:48:19 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U7WpMxzStKRb4yl90BOglzDn0Ex8GUy7QeVdyk5lpYk=; b=Lx0GfmGFTs9dT8EQ5ZfD/PUN4QojrvSJqPGTDE88pnjiM9mz6MDo++o7WQjC09OvaPvbzKu/sjm2etthGXPK4D4AG+H9gU5VNcmhTnUczLZwHXNsic/iSQyjuf7IfQ9xRTQXzQJaX5mm+FSqJ5UJH5wqs6QnVe+WQXxw9GQ8s3lFznV4xVSDVj3R2WPfKRB/caDBKouxnjjEgY1KlrKx4CizgaqtQZz9yJqMwZbZ8Wa8xRA4d/WTtX8cwG5N5kvFIWPJ23yXPPcgKqJbBQYV3GU9aeuN3FA2+i7ielmQdwEp4ULRy0dDUxdKby8rpoLF2ZIbwUu4qGipQKXD5QFfMg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KG6Fs4bZCpGpUSR+Lo6hOAKRu24ulJMccpKoY3p186VXmmFXKwgIR0+XpHvEbKOsZ9O5ihsos5WcfHsFYC9onTrumLy9cBz5K4lhIsqm26CfZUqFzXlxFmCJyqpPMMrHQDYhvu1+YPf15FlCHB/nX8kj+MaVbt9lWj5m6tfK1VdTVlU6RgB3InSmcQDPICUZDkSUilBAENMUhnrx6PQunzknQP9qvw+jaHzYYN2P9WofzD6WCMwljASzeWjFOAuJWlqkbVihb+95ub07LVY5bBu7XzCAiHZJe3kt5j5PLkLe1KzdscjEIiYmsObXIvAqB/u1OOBuGai2GHkW3zcVwQ==
  • Cc: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>
  • Delivery-date: Thu, 03 Apr 2025 21:48:53 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The following sequence of events may lead a debug build of Xen to crash
when using the null scheduler:

1. domain creation (e.g. d1) failed due to bad configuration
2. complete_domain_destroy() was deferred
3. domain creation (e.g. d2) succeeds

At this point, d2 is running, while the zombie d1 is not fully cleaned
up:

(XEN) Online Cpus: 0-3
(XEN) Cpupool 0:
(XEN) Cpus: 0-3
(XEN) Scheduling granularity: cpu, 1 CPU per sched-resource
(XEN) Scheduler: null Scheduler (null)
(XEN)   cpus_free = 3
(XEN) Domain info:
(XEN)   Domain: 0
(XEN)     1: [0.0] pcpu=0
(XEN)     2: [0.1] pcpu=1
(XEN)   Domain: 1
(XEN)     3: [1.0] pcpu=2
(XEN)   Domain: 2
(XEN)     4: [2.0] pcpu=2

4. complete_domain_destroy() gets called for d1 and triggers the
following:

(XEN) Xen call trace:
(XEN)    [<00000a0000322ed4>] null.c#unit_deassign+0x2d8/0xb70 (PC)
(XEN)    [<00000a000032457c>] null.c#null_unit_remove+0x670/0xba8 (LR)
(XEN)    [<00000a000032457c>] null.c#null_unit_remove+0x670/0xba8
(XEN)    [<00000a0000336404>] sched_destroy_vcpu+0x354/0x8fc
(XEN)    [<00000a0000227324>] domain.c#complete_domain_destroy+0x11c/0x49c
(XEN)    [<00000a000029fbd0>] rcupdate.c#rcu_do_batch+0x94/0x3d0
(XEN)    [<00000a00002a10c0>] rcupdate.c#__rcu_process_callbacks+0x160/0x5f4
(XEN)    [<00000a00002a1e60>] rcupdate.c#rcu_process_callbacks+0xcc/0x1b0
(XEN)    [<00000a00002a3460>] softirq.c#__do_softirq+0x1f4/0x3d8
(XEN)    [<00000a00002a37c4>] do_softirq+0x14/0x1c
(XEN)    [<00000a0000465260>] traps.c#check_for_pcpu_work+0x30/0xb8
(XEN)    [<00000a000046bb08>] leave_hypervisor_to_guest+0x28/0x198
(XEN)    [<00000a0000409c84>] entry.o#guest_sync_slowpath+0xac/0xd8
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Assertion 'npc->unit == unit' failed at common/sched/null.c:383
(XEN) ****************************************

Fix by skipping unit_deassign() when the unit to be removed does not
match the pcpu's currently assigned unit.

Signed-off-by: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
---
See c2eae2614c8f ("sched/null: avoid crash after failed domU creation")

Another consequence of deferring complete_domain_destroy() is that
eventually domains may fail to be scheduled by the null scheduler,
despite domains/vcpus having previously been running on available pcpus
have been destroyed.

(XEN) common/sched/null.c:639: WARNING: d4v0 not assigned to any CPU!

... but that is a problem for another day. After all, I'm not sure how
common of a use case dynamic domain creation & destruction really is for
the null scheduler.
---
 xen/common/sched/null.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/common/sched/null.c b/xen/common/sched/null.c
index 7e31440e5b84..c8e327e3cdd0 100644
--- a/xen/common/sched/null.c
+++ b/xen/common/sched/null.c
@@ -557,7 +557,7 @@ static void cf_check null_unit_remove(
 
     cpu = sched_unit_master(unit);
     npc = get_sched_res(cpu)->sched_priv;
-    if ( npc->unit )
+    if ( npc->unit == unit )
         unit_deassign(prv, unit);
 
  out:

base-commit: befc384d21784affa3daf2abc85b02500e4dc545
-- 
2.49.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.