WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Linux 2.6.31 domU crashes very early on RHEL5 Xen hypervisor

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Linux 2.6.31 domU crashes very early on RHEL5 Xen hypervisor (xen_load_gdt_boot / HYPERVISOR_update_va_mapping)
From: Pasi Kärkkäinen <pasik@xxxxxx>
Date: Thu, 24 Sep 2009 12:06:13 +0300
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, fedora-xen@xxxxxxxxxx
Delivery-date: Thu, 24 Sep 2009 02:06:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)
Hello,

I tried running the latest Fedora 12 rawhide kernel (2.6.31-33.fc12.x86_64) 
as Xen domU on RHEL5.4 x86_64 Xen dom0.

domU kernel crashes very early, there's no console output at all.

# /usr/lib64/xen/bin/xenctx -s System.map-2.6.31-33.fc12.x86_64 1
rip: ffffffff819f8d3f xen_load_gdt_boot+0xab
rsp: ffffffff81743f08
rax: ffffffea   rbx: ffffffff81822000   rcx: 0021f527   rdx: 00000000
rsi: 800000021f527061   rdi: ffffffff81822000   rbp: ffffffff81743fa8
 r8: 00000000    r9: 00000000   r10: 00000000   r11: 00000000
r12: ffffffff81743fb8   r13: ffffffff81743f50   r14: 00000080   r15: 00000000
 cs: 0000e033    ds: 00000000    fs: 00000000    gs: 00000000

Stack:
 000000000021f527 0000000000000000 ffffffff819f8d3f 000000010000e030
 0000000000010082 ffffffff81743f48 000000000000e02b ffffffff819f8d3b
 0000000000000000 0000000000000000 0000000000000000 0000000000000000
 0000000000001822 0000008000000000 ffffffff8100cb0e 0000000000000000

Code:
20 c3 78 81 31 d2 48 89 c6 48 89 df e8 85 04 61 ff 85 c0 74 04 <0f> 0b eb fe 49
63 c7 48 81 c3 00 

Call Trace:
  [<ffffffff819f8d3f>] xen_load_gdt_boot+0xab <--
  [<ffffffff819f8d3f>] xen_load_gdt_boot+0xab
  [<ffffffff819f8d3b>] xen_load_gdt_boot+0xa7
  [<ffffffff8100cb0e>] p2m_top_index+0x9
  [<ffffffff8101f209>] switch_to_new_gdt+0x31
  [<ffffffff819f8a24>] xen_start_kernel+0x282  


# gdb vmlinux

(gdb) x/i 0xffffffff819f8d3f
0xffffffff819f8d3f <xen_load_gdt_boot+171>:     ud2a   

(gdb) x/60i xen_load_gdt_boot
0xffffffff819f8c94 <xen_load_gdt_boot>: push   %rbp
0xffffffff819f8c95 <xen_load_gdt_boot+1>:       mov    %rsp,%rbp
0xffffffff819f8c98 <xen_load_gdt_boot+4>:       push   %r15
0xffffffff819f8c9a <xen_load_gdt_boot+6>:       xor    %r15d,%r15d
0xffffffff819f8c9d <xen_load_gdt_boot+9>:       push   %r14
0xffffffff819f8c9f <xen_load_gdt_boot+11>:      push   %r13
0xffffffff819f8ca1 <xen_load_gdt_boot+13>:      push   %r12
0xffffffff819f8ca3 <xen_load_gdt_boot+15>:      mov    %rdi,%r12
0xffffffff819f8ca6 <xen_load_gdt_boot+18>:      push   %rbx
0xffffffff819f8ca7 <xen_load_gdt_boot+19>:      sub    $0x18,%rsp
0xffffffff819f8cab <xen_load_gdt_boot+23>:      movzwl (%rdi),%eax
0xffffffff819f8cae <xen_load_gdt_boot+26>:      mov    0x2(%rdi),%rbx
0xffffffff819f8cb2 <xen_load_gdt_boot+30>:      inc    %eax
0xffffffff819f8cb4 <xen_load_gdt_boot+32>:      mov    %eax,%r14d
0xffffffff819f8cb7 <xen_load_gdt_boot+35>:      mov    %eax,-0x34(%rbp)
0xffffffff819f8cba <xen_load_gdt_boot+38>:      lea    0xfff(%r14),%rax
0xffffffff819f8cc1 <xen_load_gdt_boot+45>:      shr    $0xc,%rax
0xffffffff819f8cc5 <xen_load_gdt_boot+49>:      lea    0x1e(,%rax,8),%rax
0xffffffff819f8ccd <xen_load_gdt_boot+57>:      and    $0x7f0,%eax
0xffffffff819f8cd2 <xen_load_gdt_boot+62>:      sub    %rax,%rsp
0xffffffff819f8cd5 <xen_load_gdt_boot+65>:      lea    0xf(%rsp),%r13
0xffffffff819f8cda <xen_load_gdt_boot+70>:      and    $0xfffffffffffffff0,%r13
0xffffffff819f8cde <xen_load_gdt_boot+74>:      test   $0xfff,%ebx
0xffffffff819f8ce4 <xen_load_gdt_boot+80>:      je     0xffffffff819f8d55
<xen_load_gdt_boot+193>
0xffffffff819f8ce6 <xen_load_gdt_boot+82>:      ud2a   
0xffffffff819f8ce8 <xen_load_gdt_boot+84>:      jmp    0xffffffff819f8ce8
<xen_load_gdt_boot+84>
0xffffffff819f8cea <xen_load_gdt_boot+86>:      mov    %rbx,%rdi
0xffffffff819f8ced <xen_load_gdt_boot+89>:      callq  0xffffffff8103ecfc
<__phys_addr>
0xffffffff819f8cf2 <xen_load_gdt_boot+94>:      mov    %rax,%rsi
0xffffffff819f8cf5 <xen_load_gdt_boot+97>:      shr    $0xc,%rsi
0xffffffff819f8cf9 <xen_load_gdt_boot+101>:     mov    %rsi,%rdi
0xffffffff819f8cfc <xen_load_gdt_boot+104>:     mov    %rsi,-0x40(%rbp)
0xffffffff819f8d00 <xen_load_gdt_boot+108>:     callq  0xffffffff8100b397
<pfn_to_mfn>
0xffffffff819f8d05 <xen_load_gdt_boot+113>:     mov    -0x40(%rbp),%rsi
0xffffffff819f8d09 <xen_load_gdt_boot+117>:     mov    %rax,%rcx
0xffffffff819f8d0c <xen_load_gdt_boot+120>:     mov    $0x8000000000000161,%rax
0xffffffff819f8d16 <xen_load_gdt_boot+130>:
    and    -0x1e362d(%rip),%rax        # 0xffffffff818156f0
<__supported_pte_mask>
0xffffffff819f8d1d <xen_load_gdt_boot+137>:     mov    %rsi,%rdi
0xffffffff819f8d20 <xen_load_gdt_boot+140>:     shl    $0xc,%rdi
0xffffffff819f8d24 <xen_load_gdt_boot+144>:     or     %rax,%rdi
0xffffffff819f8d27 <xen_load_gdt_boot+147>:     callq  *0xffffffff8178c320
0xffffffff819f8d2e <xen_load_gdt_boot+154>:     xor    %edx,%edx
0xffffffff819f8d30 <xen_load_gdt_boot+156>:     mov    %rax,%rsi
0xffffffff819f8d33 <xen_load_gdt_boot+159>:     mov    %rbx,%rdi
0xffffffff819f8d36 <xen_load_gdt_boot+162>:     callq  0xffffffff810091c0
<hypercall_page+448>
0xffffffff819f8d3b <xen_load_gdt_boot+167>:     test   %eax,%eax
0xffffffff819f8d3d <xen_load_gdt_boot+169>:     je     0xffffffff819f8d43
<xen_load_gdt_boot+175>
0xffffffff819f8d3f <xen_load_gdt_boot+171>:     ud2a   
0xffffffff819f8d41 <xen_load_gdt_boot+173>:     jmp    0xffffffff819f8d41
<xen_load_gdt_boot+173>
0xffffffff819f8d43 <xen_load_gdt_boot+175>:     movslq %r15d,%rax
0xffffffff819f8d46 <xen_load_gdt_boot+178>:     add    $0x1000,%rbx
0xffffffff819f8d4d <xen_load_gdt_boot+185>:     inc    %r15d
0xffffffff819f8d50 <xen_load_gdt_boot+188>:     mov    %rcx,0x0(%r13,%rax,8)
0xffffffff819f8d55 <xen_load_gdt_boot+193>:     mov    %r14,%rax
0xffffffff819f8d58 <xen_load_gdt_boot+196>:     add    0x2(%r12),%rax
0xffffffff819f8d5d <xen_load_gdt_boot+201>:     cmp    %rax,%rbx
0xffffffff819f8d60 <xen_load_gdt_boot+204>:     jb     0xffffffff819f8cea
<xen_load_gdt_boot+86>
0xffffffff819f8d62 <xen_load_gdt_boot+206>:     mov    -0x34(%rbp),%esi
0xffffffff819f8d65 <xen_load_gdt_boot+209>:     mov    %r13,%rdi
0xffffffff819f8d68 <xen_load_gdt_boot+212>:     shr    $0x3,%esi
(gdb)  


So that translates to:

if (HYPERVISOR_update_va_mapping((unsigned long)va, pte, 0))
        BUG();

return value was -EINVAL  

Any ideas? 

I also opened fedora bugzilla entry here: 
https://bugzilla.redhat.com/show_bug.cgi?id=525290

-- Pasi


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>