WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] xen crash during Dom0 boot

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] xen crash during Dom0 boot
From: Christoph Egger <Christoph.Egger@xxxxxxx>
Date: Thu, 14 Apr 2011 13:18:30 +0200
Cc: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Delivery-date: Thu, 14 Apr 2011 04:19:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.10
Hi,

When booting a Dom0 with enough physical RAM in the machine that Xen uses 1GB 
pages for the Dom0 then Xen crashes this way:


(XEN) Scrubbing Free RAM: .done.
(XEN) Std. Loglevel: All
(XEN) Guest Loglevel: All
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch input to 
Xen)
(XEN) Freed 232kB init memory.
mapping kernel into physical memory
Xen: setup ISA identity maps
about to get started...
(XEN) mm.c:832:d0 Bad L1 flags 400000
(XEN) mm.c:1256:d0 Failure in alloc_l1_table: entry 0
(XEN) mm.c:2216:d0 Error while validating mfn 2225e0 (pfn 3f21) for type 
1000000000000000: caf=8000000000000003 taf=1000000000000001
(XEN) mm.c:3026:d0 Error while pinning mfn 2225e0
(XEN) traps.c:451:d0 Unhandled invalid opcode fault/trap [#6] on VCPU 0 
[ec=0000]
(XEN) domain_crash_sync called from entry.S
(XEN) Domain 0 (vcpu#0) crashed on cpu#0:
(XEN) ----[ Xen-4.2-unstable  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    0
(XEN) RIP:    e033:[<ffffffff8100c694>]
(XEN) RFLAGS: 0000000000000282   EM: 1   CONTEXT: pv guest
(XEN) rax: 00000000ffffffea   rbx: ffff880003f21000   rcx: 0000000000000001
(XEN) rdx: 00000000deadbeef   rsi: 00000000deadbeef   rdi: 00000000deadbeef
(XEN) rbp: ffffffffff400000   rsp: ffffffff81445c18   r8:  0000000000000908
(XEN) r9:  00003ffffffff000   r10: 00000000deadbeef   r11: 0000000003f20000
(XEN) r12: 8000000000000163   r13: 0000000100000000   r14: 0000000100200000
(XEN) r15: 0000000000000000   cr0: 000000008005003b   cr4: 00000000000006f0
(XEN) cr3: 0000000221001000   cr2: 0000000000000000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e02b   cs: e033
(XEN) Guest stack trace from rsp=ffffffff81445c18:
(XEN)    0000000000000001 0000000003f20000 ffffffff8100c694 000000010000e030
(XEN)    0000000000010082 ffffffff81445c58 000000000000e02b ffffffff8100c690
(XEN)    ffffffff00000000 00000000002225e0 0000000000003f21 ffffffff8150c8e1
(XEN)    ffff880003f21000 ffffffff81309bd8 00000000000009ff 000000018151e7de
(XEN)    80000000000001e3 0000000000000000 000000002020205b 00000001e009c000
(XEN)    ffffffffff400000 00003ffffffff000 0000000000000010 8000000000000163
(XEN)    0000000000000000 ffffffff81445d68 0000000003f21000 ffffffffff400000
(XEN)    ffff880001002020 0000000100000000 8000000000000163 00000001e009c000
(XEN)    0000000000000000 ffffffff81309e29 0000003000000020 0000000000000000
(XEN)    0000000000000000 00000001e009c000 ffff880001002000 0000000000000004
(XEN)    0000000000000000 0000000003f20000 0000000003f20000 00000001e009c000
(XEN)    ffffffff81001880 0000000000000000 ffff880100000000 00000001e009c000
(XEN)    ffff8801e009c000 ffffffff81309fb9 ffffffff8100e5eb 0000000000000000
(XEN)    ffff8801e009c000 ffffffff813bff3c 0000000000000000 ffffffff81445e60
(XEN)    0000000000000001 0000000000000000 00000001e009c000 ffffffff813bec6d
(XEN)    0000000000000001 ffffffff812f8b3c ffffffff81445fb8 0000000000000000
(XEN)    0000000000000000 ffffffff8130b3a3 0000000100000000 0000000000000000
(XEN)    ffffffff81445e48 00000000000bff00 0000000100000000 00000001e009c000
(XEN)    0000000000000000 00000001e0000000 00000001e009c000 0000000000000000
(XEN)    00000001e0000000 00000001e009c000 0000000000000000 0000000000000000
(XEN) Domain 0 crashed: rebooting machine in 5 seconds.
(XEN) Resetting with ACPI MEMORY or I/O RESET_REG.

Inserting a WARN() right after xen/arch/x86/mm.c, line 832 gives this:

mapping kernel into physical memory
Xen: setup ISA identity maps
about to get started...
(XEN) mm.c:832:d0 Bad L1 flags 400000
(XEN) Xen WARN at mm.c:833
(XEN) ----[ Xen-4.2-unstable  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    0
(XEN) RIP:    e008:[<ffff82c480169340>] get_page_from_l1e+0x187/0x56b
(XEN) RFLAGS: 0000000000010282   CONTEXT: hypervisor
(XEN) rax: 0000000000000000   rbx: 0000000000fff063   rcx: 0000000000000000
(XEN) rdx: ffff82c4802d0ba0   rsi: 000000000000000a   rdi: ffff82c4802522e8
(XEN) rbp: ffff82c480297ca8   rsp: ffff82c480297c28   r8:  ffff82c4802d0c60
(XEN) r9:  0000000000000004   r10: 0000000000000004   r11: ffff82c4802130a0
(XEN) r12: 00000000ff400000   r13: 0000000000000000   r14: ffff830227a25000
(XEN) r15: fffff7fffffff063   cr0: 000000008005003b   cr4: 00000000000006f0
(XEN) cr3: 0000000221001000   cr2: ffffffff815ba200
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen stack trace from rsp=ffff82c480297c28:
(XEN)    ffff82c480297c78 0000000000000206 ffff82c480297c48 0000000e8016c24f
(XEN)    ffff82c480297c98 ffff8300bf6fc000 0000000000000000 ffffffffffffffff
(XEN)    1000000000000000 ffff830227a25000 ffff82c480297ca8 ffff8302225e0000
(XEN)    ffff82f60444bc00 7400000000000000 1000000000000000 1000000000000001
(XEN)    ffff82c480297d68 ffff82c48016b4ae 0000000000000000 0000000000000001
(XEN)    0000000000000000 ffff830227a25000 ffff82c480297d38 ffff82c48016556d
(XEN)    0000000000000007 ffff8302225e0000 00000000002225e0 7400000000000000
(XEN)    ffff8302225e0000 00000000002225e0 ffff830227a25000 ffff82c400000000
(XEN)    0000000000000001 0000000000000000 ffff82c480297d78 00000000002225e0
(XEN)    0000000000000000 0000000000000001 ffff82f60444bc00 ffffffffffffffff
(XEN)    ffff82c480297d78 ffff82c48016c24f ffff82c480297dc8 ffff82c48016c824
(XEN)    1000000000000000 00000000225e0025 00100002225e0027 ffff830227a25000
(XEN)    0000000000000000 ffffffff81445c58 00000000002225e0 ffff82c480297f18
(XEN)    ffff82c480297ef8 ffff82c48016db1f 0000000000000000 ffff82c4802d1ae0
(XEN)    ffff82c4802d1ae8 ffff82c480297f18 ffff82c480297f18 00100002225e0025
(XEN)    00100002225e0027 00007ff0801656a5 ffff82c4802d1ac0 ffff830227a25000
(XEN)    ffff82f60444bbc0 ffff8302225de908 ffff830227a25000 ffff8300bf6fc000
(XEN)    ffff830227a25000 ffff82c48016a7d1 ffff82c480297f18 0000000180297f18
(XEN)    ffff82c400000000 1000000000000000 00100002225e0025 ffff880003f21000
(XEN)    aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa 0000000000000001
(XEN) Xen call trace:
(XEN)    [<ffff82c480169340>] get_page_from_l1e+0x187/0x56b
(XEN)    [<ffff82c48016b4ae>] __get_page_type+0x7d4/0x1567
(XEN)    [<ffff82c48016c24f>] get_page_type_preemptible+0xe/0x10
(XEN)    [<ffff82c48016c824>] get_page_and_type_from_pagenr+0x82/0xd0
(XEN)    [<ffff82c48016db1f>] do_mmuext_op+0x3fd/0x1aa5
(XEN)    [<ffff82c48020fc68>] syscall_enter+0xc8/0x122
(XEN)
(XEN) mm.c:1257:d0 Failure in alloc_l1_table: entry 0
(XEN) mm.c:2217:d0 Error while validating mfn 2225e0 (pfn 3f21) for type 
1000000000000000: caf=8000000000000003 taf=1000000000000001
(XEN) mm.c:3027:d0 Error while pinning mfn 2225e0
(XEN) traps.c:451:d0 Unhandled invalid opcode fault/trap [#6] on VCPU 0 
[ec=0000]
(XEN) domain_crash_sync called from entry.S
(XEN) Domain 0 (vcpu#0) crashed on cpu#0:
(XEN) ----[ Xen-4.2-unstable  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    0
(XEN) RIP:    e033:[<ffffffff8100c694>]
(XEN) RFLAGS: 0000000000000282   EM: 1   CONTEXT: pv guest
(XEN) rax: 00000000ffffffea   rbx: ffff880003f21000   rcx: 0000000000000001
(XEN) rdx: 00000000deadbeef   rsi: 00000000deadbeef   rdi: 00000000deadbeef
(XEN) rbp: ffffffffff400000   rsp: ffffffff81445c18   r8:  0000000000000908
(XEN) r9:  00003ffffffff000   r10: 00000000deadbeef   r11: 0000000003f20000
(XEN) r12: 8000000000000163   r13: 0000000100000000   r14: 0000000100200000
(XEN) r15: 0000000000000000   cr0: 000000008005003b   cr4: 00000000000006f0
(XEN) cr3: 0000000221001000   cr2: 0000000000000000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e02b   cs: e033
(XEN) Guest stack trace from rsp=ffffffff81445c18:
(XEN)    0000000000000001 0000000003f20000 ffffffff8100c694 000000010000e030
(XEN)    0000000000010082 ffffffff81445c58 000000000000e02b ffffffff8100c690
(XEN)    ffffffff00000000 00000000002225e0 0000000000003f21 ffffffff8150c8e1
(XEN)    ffff880003f21000 ffffffff81309bd8 00000000000009ff 000000018151e7de
(XEN)    80000000000001e3 0000000000000000 000000002020205b 00000001e009c000
(XEN)    ffffffffff400000 00003ffffffff000 0000000000000010 8000000000000163
(XEN)    0000000000000000 ffffffff81445d68 0000000003f21000 ffffffffff400000
(XEN)    ffff880001002020 0000000100000000 8000000000000163 00000001e009c000
(XEN)    0000000000000000 ffffffff81309e29 0000003000000020 0000000000000000
(XEN)    0000000000000000 00000001e009c000 ffff880001002000 0000000000000004
(XEN)    0000000000000000 0000000003f20000 0000000003f20000 00000001e009c000
(XEN)    ffffffff81001880 0000000000000000 ffff880100000000 00000001e009c000
(XEN)    ffff8801e009c000 ffffffff81309fb9 ffffffff8100e5eb 0000000000000000
(XEN)    ffff8801e009c000 ffffffff813bff3c 0000000000000000 ffffffff81445e60
(XEN)    0000000000000001 0000000000000000 00000001e009c000 ffffffff813bec6d
(XEN)    0000000000000001 ffffffff812f8b3c ffffffff81445fb8 0000000000000000
(XEN)    0000000000000000 ffffffff8130b3a3 0000000100000000 0000000000000000
(XEN)    ffffffff81445e48 00000000000bff00 0000000100000000 00000001e009c000
(XEN)    0000000000000000 00000001e0000000 00000001e009c000 0000000000000000
(XEN)    00000001e0000000 00000001e009c000 0000000000000000 0000000000000000
(XEN) Domain 0 crashed: rebooting machine in 5 seconds.
(XEN) Resetting with ACPI MEMORY or I/O RESET_REG.



The reason is that guest_walk_tables() in xen/arch/x86/mm/guest_walk.c  fakes 
l1e entries for 2mb pages but not for 1gb pages.
A workaround is to assign the Dom0 not more than 2 GB RAM  via
the dom0_mem  xen boot parameter.

This can only be reproduced with Dom0 kernels which use the autotranslation 
feature (Linux Dom0 does, NetBSD Dom0 doesn't, don't know about other Dom0).

Christoph


-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85609 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo, Andrew Bowd
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>