This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [BUG] double fault for sale ;)

To: Gerd Hoffmann <kraxel@xxxxxxx>
Subject: Re: [Xen-devel] [BUG] double fault for sale ;)
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Mon, 29 May 2006 16:06:24 +0100
Cc: Xen devel list <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 29 May 2006 08:11:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <447B0C8D.2060005@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <447B0C8D.2060005@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 29 May 2006, at 16:00, Gerd Hoffmann wrote:

I'm busy rewriting the domain builder code a bit, to restruct the code
and make it better usable for other tasks than directly booting a
domain.  While testing these bits I trapped into that one:

(XEN) CPU:    1
(XEN) EIP:    e008:[<ff137512>] get_page_type+0x12/0x63d
(XEN) EFLAGS: 00010296
(XEN) CR3:    00000000
(XEN) eax: 33030001   ebx: ff1c1080   ecx: ff1d4080   edx: ff1d4080
(XEN) esi: 0000001a   edi: ffbf5fac   ebp: ffbf502c   esp: ffbf4f84
(XEN) ds: e010   es: e010   fs: 0000   gs: 0000   ss: e010
(XEN) ************************************
(XEN) CPU1 DOUBLE FAULT -- system shutdown
(XEN) System needs manual reset.
(XEN) ************************************

I think even Domain-0 shouldn't be able to crash xen like this, no?

Looks like a stack overflow, since the stack pointer is in an "even" page which is guard page when running a debug build of Xen. Maybe you could hack up some code to get a rough back trace (round the crashing stack pointer up to a page boundary then scan a whole page for text addresses)?

Either need to fix some large stack frame or make the stack larger. Probably the former.

 -- Keir

Xen-devel mailing list