All of lore.kernel.org
 help / color / mirror / Atom feed
* Bug in timer interrupt crashed dom0
@ 2005-09-10  5:10 Li, Xin B
  2005-09-13 20:34 ` Jon Mason
  0 siblings, 1 reply; 3+ messages in thread
From: Li, Xin B @ 2005-09-10  5:10 UTC (permalink / raw)
  To: Keir Fraser; +Cc: xen-devel

Hi Keir, I encountered a timer interrupt issue while running VMX guest,
this causes xen0 crash as following:

Timer ISR/6: Time went backwards: delta=-2277754 cpu_delta=42704729
shadow=597009701164 off=793003739 processed=597804982483
cpu_processed=597760000000
 0: 597794982483
 1: 596930000000
 2: 597790000000
 3: 597800000000
 4: 597800000000
 5: 596920000000
 6: 597760000000
 7: 597800000000
Unable to handle kernel paging request at virtual address 327d2332
 printing eip:
c010c2e2
*pde = ma 00000000 pa 55555000
Oops: 0002 [#1]
PREEMPT SMP 
Modules linked in: video thermal processor fan button battery ac
CPU:    6
EIP:    0061:[<c010c2e2>]    Not tainted VLI
EFLAGS: 00010203   (2.6.12-xen0) 
EIP is at timer_interrupt+0x162/0x2c0
eax: 327d2332   ebx: 00000008   ecx: 00000000   edx: 00010000
esi: c05cb3c0   edi: 01f308d9   ebp: 00000000   esp: c00cde6c
ds: 007b   es: 007b   ss: 0069
Process swapper (pid: 0, threadinfo=c00cc000 task=c00b7a40)
Stack: c05d9ae0 00000008 2fa81a00 0000008b 028b9f59 00000000 008d192c
0000008b 
       2f4446db 00000000 2ff420d3 0000008b 2d45c000 0000008b 2f4446db
00000000 
       c1436320 c05cb3c0 000000a8 c05cb3c0 ffdd3e86 ffffffff c00fad00
00000117 
Call Trace:
 [<c0142684>] handle_IRQ_event+0x84/0xe0
 [<c01427bc>] __do_IRQ+0xdc/0x140
 [<c010e3dd>] do_IRQ+0x1d/0x30
 [<c01049e0>] evtchn_do_upcall+0x90/0x100
 [<c0109740>] hypervisor_callback+0x2c/0x34
 [<c0107001>] xen_idle+0x51/0xc0
 [<c01070c7>] cpu_idle+0x57/0x70
 [<c045ee9d>] preempt_schedule+0x4d/0x70
Code: c0 e8 13 42 35 00 85 ed 7c 69 7e 7b be c0 b3 5c c0 90 8d b4 26 00
00 00 00 8b 04 9d 20 f0 5c c0 81 c7 80 69 67 ff 83 d5 ff 01 f0 <81> 00
80 96 98 00 83 50 04 00 31 c0 8b 54 24 74 f6 42 32 02 75 
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 stop_this_cpu disable_local_APIC
stop_this_cpu disable_local_APIC
stop_this_cpu disable_local_APIC
stop_this_cpu disable_local_APIC
Timer ISR/1: Time went backwards: delta=-1313332 cpu_delta=873669151
shadow=597009338050 off=794331480 processed=597804982483
cpu_processed=596930000000
 0: 597794982483
 1: 596930000000
 2: 597790000000
 3: 597800000000
Timer ISR/5: Time went backwards: delta=-1329261 cpu_delta=883653222
shadow=597009051468 off=794601976 processed=597804982483
cpu_processed=596920000000
 0: 597794982483
 1: 596930000000
 2: 597790000000
 3: 597800000000
Timer ISR/2: Time went backwards: delta=-1314723 cpu_delta=13667760
shadow=597008910970 off=794756988 processed=597804982483
cpu_processed=597790000000
 0: 597794982483
 1: 596930000000
 2: 597790000000
 3: 597800000000
stop_this_cpu disable_local_APIC
stop_this_cpu disable_local_APIC
stop_this_cpu disable_local_APIC
smp_send_stop disable_local_APIC
(XEN) Domain 0 shutdown: rebooting machine.

-Xin

^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: Bug in timer interrupt crashed dom0
@ 2005-09-10  5:20 Li, Xin B
  0 siblings, 0 replies; 3+ messages in thread
From: Li, Xin B @ 2005-09-10  5:20 UTC (permalink / raw)
  To: Li, Xin B, Keir Fraser; +Cc: xen-devel

This patch fixes xenlinux timer interrupt.

In xenlinux timer interrupt variable cpu is sometimes uesd in a for
loop, but later it is used to access per cpu data i.e.
per_cpu(processed_system_time, cpu), which causes an invalid pointer.

Signed-off-by: Xin Li <xin.b.li@intel.com>

-Xin


diff -r 5c49ed1145cc linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c  Fri Sep  9
23:11:18 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c  Sat Sep 10
13:14:07 2005
@@ -543,7 +543,7 @@
 irqreturn_t timer_interrupt(int irq, void *dev_id, struct pt_regs
*regs)
 {
        s64 delta, delta_cpu;
-       int cpu = smp_processor_id();
+       int i, cpu = smp_processor_id();
        struct shadow_time_info *shadow = &per_cpu(shadow_time, cpu);

        write_seqlock(&xtime_lock);
@@ -566,9 +566,9 @@
                       (s64)get_nsec_offset(shadow),
                       processed_system_time,
                       per_cpu(processed_system_time, cpu));
-               for (cpu = 0; cpu < num_online_cpus(); cpu++)
-                       printk(" %d: %lld\n", cpu,
-                              per_cpu(processed_system_time, cpu));
+               for (i = 0; i < num_online_cpus(); i++)
+                       printk(" %d: %lld\n", i,
+                              per_cpu(processed_system_time, i));
        }

        /* System-wide jiffy work. */

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-09-13 20:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-10  5:10 Bug in timer interrupt crashed dom0 Li, Xin B
2005-09-13 20:34 ` Jon Mason
  -- strict thread matches above, loose matches on Subject: below --
2005-09-10  5:20 Li, Xin B

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.