From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dario Faggioli Subject: Re: [PATCH 2/4] xen: x86 / cpupool: clear the proper cpu_valid bit on pCPU teardown Date: Thu, 25 Jun 2015 18:13:42 +0200 Message-ID: <1435248822.25170.174.camel@citrix.com> References: <20150625103457.3353.39292.stgit@Solace.station> <20150625121520.3353.30808.stgit@Solace.station> <558C0E11.6050009@citrix.com> <1435244677.25170.169.camel@citrix.com> <558C23A7.4070505@citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0451621301732924093==" Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z89mx-0001tU-Ca for xen-devel@lists.xenproject.org; Thu, 25 Jun 2015 16:14:07 +0000 In-Reply-To: <558C23A7.4070505@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper Cc: Juergen Gross , xen-devel@lists.xenproject.org, Jan Beulich List-Id: xen-devel@lists.xenproject.org --===============0451621301732924093== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-qaUoaP59MFsMbdhACd4H" --=-qaUoaP59MFsMbdhACd4H Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 2015-06-25 at 16:52 +0100, Andrew Cooper wrote: > On 25/06/15 16:04, Dario Faggioli wrote: > > On Thu, 2015-06-25 at 15:20 +0100, Andrew Cooper wrote: > >> On 25/06/15 13:15, Dario Faggioli wrote: > >>> # xl cpupool-cpu-remove Pool-0 8-15 > >>> # xl cpupool-create name=3D\"Pool-1\" > >>> # xl cpupool-cpu-add Pool-1 8-15 > >>> --> suspend > >>> --> resume > >>> (XEN) ----[ Xen-4.6-unstable x86_64 debug=3Dy Tainted: C ]---- > >>> (XEN) CPU: 8 > >>> (XEN) RIP: e008:[] csched_schedule+0x4be/0xb97 > >>> (XEN) RFLAGS: 0000000000010087 CONTEXT: hypervisor > >>> (XEN) rax: 80007d2f7fccb780 rbx: 0000000000000009 rcx: 0000000000= 000000 > >>> (XEN) rdx: ffff82d08031ed40 rsi: ffff82d080334980 rdi: 0000000000= 000000 > >>> (XEN) rbp: ffff83010000fe20 rsp: ffff83010000fd40 r8: 0000000000= 000004 > >>> (XEN) r9: 0000ffff0000ffff r10: 00ff00ff00ff00ff r11: 0f0f0f0f0f= 0f0f0f > >>> (XEN) r12: ffff8303191ea870 r13: ffff8303226aadf0 r14: 0000000000= 000009 > >>> (XEN) r15: 0000000000000008 cr0: 000000008005003b cr4: 0000000000= 0026f0 > >>> (XEN) cr3: 00000000dba9d000 cr2: 0000000000000000 > >>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 0000 cs: e008 > >>> (XEN) ... ... ... > >>> (XEN) Xen call trace: > >>> (XEN) [] csched_schedule+0x4be/0xb97 > >>> (XEN) [] schedule+0x12a/0x63c > >>> (XEN) [] __do_softirq+0x82/0x8d > >>> (XEN) [] do_softirq+0x13/0x15 > >>> (XEN) [] idle_loop+0x5b/0x6b > >>> (XEN) > >>> (XEN) **************************************** > >>> (XEN) Panic on CPU 8: > >>> (XEN) GENERAL PROTECTION FAULT > >>> (XEN) [error_code=3D0000] > >>> (XEN) **************************************** > >> What is the actual cause of the #GP fault? There are no obviously > >> poised registers. =20 > >> > > do > > { > > /* > > * Get ahold of the scheduler lock for this peer CPU. > > * > > * Note: We don't spin on this lock but simply try it. = Spinning > > * could cause a deadlock if the peer CPU is also load > > * balancing and trying to lock this CPU. > > */ > > spinlock_t *lock =3D pcpu_schedule_trylock(peer_cpu); > > > > We therefore enter the inner do{}while with, for instance (that's what > > I've seen in my debugging), peer_cpu=3D9, but we've not yet done > > cpu_schedule_up()-->alloc_pdata()-->etc. for that CPU, so we die at (or > > shortly after) the end of the code snippet shown above. >=20 > Aah - it is a dereference with %rax as a pointer, which is >=20 > #define INVALID_PERCPU_AREA (0x8000000000000000L - (long)__per_cpu_start) >=20 Exactly! > That explains the #GP fault which is due to a non-canonical address. >=20 > It might be better to use 0xDEAD000000000000L as the constant to make it > slightly easier to spot as a poisoned pointer. >=20 Indeed. :-) > > I can try to think at it and to come up with something if you think it'= s > > important... >=20 > Not to worry. I was more concerned about working out why it was dying > with an otherwise unqualified #GP fault. >=20 Ok, thanks. So, just to clarify things to me, from your side, this patch needs "just" a better changelog, right? Regards, Dario --=20 <> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://about.me/dario.faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) --=-qaUoaP59MFsMbdhACd4H Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEABECAAYFAlWMKLYACgkQk4XaBE3IOsS42wCfQAFIR82D2Ql1IIihtZPKnJ29 NegAnilz44d7sFXKzod+J/aZDT5twgCe =cvB1 -----END PGP SIGNATURE----- --=-qaUoaP59MFsMbdhACd4H-- --===============0451621301732924093== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============0451621301732924093==--