This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Possible shadow bug

To: Igor Mammedov <imammedo@xxxxxxxxxx>
Subject: Re: [Xen-devel] Possible shadow bug
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Fri, 10 Jun 2011 11:01:39 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Keir Fraser <keir@xxxxxxx>, Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, "containers@xxxxxxxxxxxxxxxxxxxxxxxxxx" <containers@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Li Zefan <lizf@xxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, Stefano, Michal Hocko <mhocko@xxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, Keir Fraser <keir.xen@xxxxxxxxx>, KAMEZAWA, "akpm@xxxxxxxxxxxxxxxxxxxx" <akpm@xxxxxxxxxxxxxxxxxxxx>, Hiroyuki Kamezawa <kamezawa.hiroyuki@xxxxxxxxx>, Paul Menage <menage@xxxxxxxxxx>, Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx>, "balbir@xxxxxxxxxxxxxxxxxx" <balbir@xxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 10 Jun 2011 03:04:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4DF0F90D.4010900@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4DE66BEB.7040502@xxxxxxxxxx> <BANLkTimbqHPeUdue=_Z31KVdPwcXtbLpeg@xxxxxxxxxxxxxx> <4DE8D50F.1090406@xxxxxxxxxx> <BANLkTinMamg_qesEffGxKu3QkT=zyQ2MRQ@xxxxxxxxxxxxxx> <4DEE26E7.2060201@xxxxxxxxxx> <20110608123527.479e6991.kamezawa.hiroyu@xxxxxxxxxxxxxx> <4DF0801F.9050908@xxxxxxxxxx> <alpine.DEB.2.00.1106091311530.12963@kaball-desktop> <20110609150133.GF5098@xxxxxxxxxxxxxxxxxxxxxxx> <4DF0F90D.4010900@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)

At 18:47 +0200 on 09 Jun (1307645229), Igor Mammedov wrote:
> It's rhel5.6 xen. I've tried to test on SLES 11 that has 4.0.1 xen, however
> wasn't able to reproduce problem. (I'm not sure if hap was turned
> off in this case). More detailed info can be found at RHBZ#700565

The best way to be sure whether HAP is in use is to connect to the
serial line, hit ^A^A^A to switch input to Xen, and hit 'q' to dump
per-domain state.  The printout for the guest domain should either say 
"paging assistance: shadow refcounts translate external"
"paging assistance: hap refcounts translate external".

(If you don't have serial you can get the same info by running 
"xm debug-keys q" and then "xm dmesg" to read the output.)

> >you're willing to try recompiling Xen with some small patches that
> >disable the "cleverer" parts of the shadow pagetable code that might
> >indicate something.  (Of course, it might just change the timing to
> >obscure a real linux bug too.)
> >
> Haven't got to this part yet. But looks like it's the only option left.

Actually, looking at the disassembly you posted, it looks more like it
might be an emulator bug in Xen; if Xen finds itself emulating the IMUL
instruction and either gets the logic wrong or does the memory access
wrong, it could cause that failure.  And one reason that Xen emulates
instructions is if the memory operand is on a pagetable that's shadowed
(which might be a page that was recently a pagetable). 

ISTR that even though the RHEL xen reports a 3.0.x version it has quite
a lot of backports in it.  Does it have this patch?



Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

Xen-devel mailing list