WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [memory sharing] bug on get_page_and_type

To: "'xen devel'" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [memory sharing] bug on get_page_and_type
From: tinnycloud <tinnycloud@xxxxxxxxxxx>
Date: Mon, 31 Jan 2011 18:13:24 +0800
Cc: george.dunlap@xxxxxxxxxxxxx, tim.deegan@xxxxxxxxxx, juihaochiang@xxxxxxxxx
Delivery-date: Mon, 31 Jan 2011 02:14:32 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acu/bApHg0IC2VcMT7iQFLVfITKheQ==

Hi:
 

Attached is the whole patch suit for latest xen-4.0-testing,changeset 21443,

It comes from George, Tim and JuiHao, also, has some extra debug info.

 

On most occasion, memory sharing works fine, but still exists a bug.

       I’ve been tracing this problem for a while.

       There is a bug on get_page_and_type() in mem_sharing_share_pages()

 

--------------------------------------------mem_sharing_share_pages()-----------------------

789         if(!get_page_and_type(spage, dom_cow, PGT_shared_page)){

790             mem_sharing_debug_gfn(cd, gfn->gfn);

791             mem_sharing_debug_gfn(sd, sgfn->gfn);

792             printk("c->dying %d s->dying %d spage %p se->mfn %lx\n", cd->is_dying, sd->is_dying, spage, se->mfn);

793             printk("Debug page: MFN=%lx is ci=%lx, ti=%lx, owner_id=%d\n",

794                     mfn_x(page_to_mfn(spage)),

795                     spage->count_info,

 796                     spage->u.inuse.type_info,

797                     page_get_owner(spage)->domain_id);

798             BUG();

799         }

 

 

Below painc log contains the debug info from line 790-798.

We saw that 180000000000000 which is PGC_state_free,

So it looks like a shared page has been freed unexpectly.

 

 

(XEN) teardown 64

(XEN) teardown 66

blktap_sysfs_destroy

blktap_sysfs_create: adding attributes for dev ffff880109d0c200

blktap_sysfs_destroy

__ratelimit: 1 callbacks suppressed

blktap_sysfs_destroy

(XEN) Debug for domain=83, gfn=1e8dc, Debug page: MFN=1306dc is ci=8000000000000005, ti=8400000000000001, owner_id=32755

(XEN) Debug for domain=79, gfn=1dc95, Invalid MFN=ffffffffffffffff

(XEN) c->dying 0 s->dying 0 spage ffff82f60a0f12a0 se->mfn 507895

(XEN) Debug page: MFN=507895 is ci= 180000000000000, ti=8400000000000001, owner_id=32755

(XEN) Xen BUG at mem_sharing.c:798

(XEN) ----[ Xen-4.0.2-rc2-pre  x86_64  debug=n  Not tainted ]----

(XEN) CPU:    0

(XEN) RIP:    e008:[<ffff82c4801c3760>] mem_sharing_share_pages+0x5b0/0x5d0

(XEN) RFLAGS: 0000000000010286   CONTEXT: hypervisor

(XEN) rax: 0000000000000000   rbx: ffff83044ef76000   rcx: 0000000000000092

(XEN) rdx: 000000000000000a   rsi: 000000000000000a   rdi: ffff82c4802237c4

(XEN) rbp: ffff83030d99e310   rsp: ffff82c48035fc48   r8:  0000000000000001

(XEN) r9:  0000000000000001   r10: 00000000fffffff8   r11: 0000000000000005

(XEN) r12: ffff83050b558000   r13: ffff830626ec5740   r14: 0000000000347967

(XEN) r15: ffff83030d99e068   cr0: 0000000080050033   cr4: 00000000000026f0

(XEN) cr3: 000000010e642000   cr2: 00002abdc4809000

(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008

(XEN) Xen stack trace from rsp=ffff82c48035fc48:

(XEN)    000000000001e8dc ffff83030d99e068 0000000000507895 ffff83030d99e050

(XEN)    ffff82f60a0f12a0 ffff82f60260db80 ffff83030d99e300 ffff830626afbbd0

(XEN)    0000000080372980 ffff82c48035fe38 ffff83023febe000 00000000008f7000

(XEN)    0000000000305000 0000000000000006 0000000000000006 ffff82c4801c44a4

(XEN)    ffff82c480258188 ffff82c48011cb89 000000000001e8dc fffffffffffffff3

(XEN)    ffff82c48035fe28 ffff82c480148503 000003d932971281 0000000000000080

(XEN)    000003d9329611d6 ffff82c48018aedf ffff82c4803903a8 ffff82c48035fd38

(XEN)    ffff82c480390380 ffff82c48035fe28 0000000000000002 0000000000000000

(XEN)    0000000000000002 0000000000000000 ffff83023febe000 ffff83023ff80080

(XEN)    ffff82c48035fe58 0000000000000000 ffff82c48022ca80 0000000000000000

(XEN)    0000000000000002 ffff82c48018a452 0000000000000000 ffff82c48016f6bb

(XEN)    ffff82c48035fe58 ffff82c4801538ea 000000023ab79067 fffffffffffffff3

(XEN)    ffff82c48035fe28 00000000008f7000 0000000000305000 0000000000000006

(XEN)    0000000000000006 ffff82c4801042b3 0000000000000000 ffff82c48010d2a5

(XEN)    ffff830477fb51e8 0000000000000000 00007ff000000200 ffff8300bf76e000

(XEN)    0000000600000039 0000000000000000 00007fc09d744003 0000000000325258

(XEN)    0000000000347967 ffffffffff600429 000000004d463b17 0000000000062fe2

(XEN)    0000000000000000 00007fc09d744070 00007fc09d744000 00007fffcfec0d20

(XEN)    00007fc09d744078 0000000000430fd8 00007fffcfec0d88 00000000019f1ca8

(XEN)    0000f05c00000000 00007fc09f4c2718 0000000000000000 0000000000000246

(XEN) Xen call trace:

(XEN)    [<ffff82c4801c3760>] mem_sharing_share_pages+0x5b0/0x5d0

(XEN)    [<ffff82c4801c44a4>] mem_sharing_domctl+0xe4/0x130

(XEN)    [<ffff82c48011cb89>] cpumask_raise_softirq+0x89/0xa0

(XEN)    [<ffff82c480148503>] arch_do_domctl+0x14f3/0x22d0

(XEN)    [<ffff82c48018aedf>] handle_hpet_broadcast+0x16f/0x1d0

(XEN)    [<ffff82c48018a452>] hpet_legacy_irq_tick+0x42/0x50

(XEN)    [<ffff82c48016f6bb>] timer_interrupt+0xb/0x130

(XEN)    [<ffff82c4801538ea>] ack_edge_ioapic_irq+0x2a/0x70

(XEN)    [<ffff82c4801042b3>] do_domctl+0x163/0xfe0

(XEN)    [<ffff82c48010d2a5>] do_grant_table_op+0x75/0x1ad0

(XEN)    [<ffff82c4801e7169>] syscall_enter+0xa9/0xae

(XEN)   

(XEN)

(XEN) ****************************************

(XEN) Panic on CPU 0:

(XEN) Xen BUG at mem_sharing.c:798

(XEN) ****************************************

(XEN)

(XEN) Manual reset required ('noreboot' specified)

 

Attachment: memsharing.patch.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>