* [Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages @ 2019-09-26 21:34 Marek Marczykowski-Górecki 2019-09-27 7:44 ` David Hildenbrand 0 siblings, 1 reply; 3+ messages in thread From: Marek Marczykowski-Górecki @ 2019-09-26 21:34 UTC (permalink / raw) To: xen-devel; +Cc: Juergen Gross, David Hildenbrand [-- Attachment #1.1: Type: text/plain, Size: 3219 bytes --] Hi, I've hit VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages, when trying to use gnttab from userspace application. It happens on Xen PV, but not on Xen PVH or HVM with the same kernel. This happens at least with 5.1.6, but also 5.2.15 (as seen below). Based on this, it looks related to 0266def91377 (xen/balloon: Fix mapping PG_offline pages to user space) and probably 77c4adf6a6df (xen/balloon: mark inflated pages PG_offline). Any idea? Below is full message. page:ffffea0003e7ffc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xffffe00001000(reserved) raw: 000ffffe00001000 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(!PageOffline(page)) ------------[ cut here ]------------ kernel BUG at include/linux/page-flags.h:744! invalid opcode: 0000 [#1] SMP NOPTI CPU: 0 PID: 551 Comm: qubesdb-daemon Tainted: G W 5.2.15-200.fc30.x86_64 #1 RIP: e030:alloc_xenballooned_pages+0xef/0x110 Code: c0 0c 10 00 e8 b2 fa ff ff 85 c0 0f 84 60 ff ff ff 41 89 dd b8 f4 ff ff ff eb b0 48 c7 c6 e8 af 14 82 48 89 c7 e8 31 32 ca ff <0f> 0b 48 c7 c7 40 f 0 4d 82 e8 13 85 3f 00 31 c0 48 83 c4 08 5b 5d RSP: e02b:ffffc90001113d98 EFLAGS: 00010246 RAX: 0000000000000037 RBX: 0000000000000000 RCX: 0000000000000149 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff82143bbc RBP: 0000000000000001 R08: 0000000000000181 R09: 0000000000000149 R10: 000000000000000a R11: ffffc90001113c38 R12: ffff88800d670960 R13: 00007fffdff236a0 R14: 00007fffdff236a0 R15: ffff8880108bd000 FS: 00007f30e205e7c0(0000) GS:ffff888013e00000(0000) knlGS:0000000000000000 CS: e030 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f30e2082000 CR3: 000000000c920000 CR4: 0000000000040660 Call Trace: ? __kmalloc+0x16c/0x210 gnttab_alloc_pages+0x11/0x40 gntdev_alloc_map+0xe7/0x180 [xen_gntdev] gntdev_ioctl+0x203/0x530 [xen_gntdev] do_vfs_ioctl+0x405/0x660 ksys_ioctl+0x5e/0x90 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x5f/0x1a0 ? page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f30e239b3bb Code: 0f 1e fa 48 8b 05 cd ca 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 9d ca 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007fffdff23698 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f30e239b3bb RDX: 00007fffdff236a0 RSI: 0000000000184700 RDI: 000000000000000b RBP: 00007fffdff23730 R08: 00007fffdff2375c R09: 00007fffdff23758 R10: fffffffffffffcc9 R11: 0000000000000202 R12: 00007fffdff236a0 R13: 0000000000001000 R14: 000000000000000b R15: 0000000000000001 Modules linked in: xenfs ip_tables crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel xen_blkfront xen_scsiback target_core_mod xen_netback xen_privcmd xen_gntdev xen_gntalloc xen_blkback xen_evtchn -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] [-- Attachment #2: Type: text/plain, Size: 157 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages 2019-09-26 21:34 [Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages Marek Marczykowski-Górecki @ 2019-09-27 7:44 ` David Hildenbrand 2019-09-27 15:33 ` Marek Marczykowski-Górecki 0 siblings, 1 reply; 3+ messages in thread From: David Hildenbrand @ 2019-09-27 7:44 UTC (permalink / raw) To: Marek Marczykowski-Górecki, xen-devel; +Cc: Juergen Gross On 26.09.19 23:34, Marek Marczykowski-Górecki wrote: > Hi, > > I've hit VM_BUG_ON_PAGE(!PageOffline(page), page) in > alloc_xenballooned_pages, when trying to use gnttab from userspace > application. It happens on Xen PV, but not on Xen PVH or HVM with the > same kernel. This happens at least with 5.1.6, but also 5.2.15 > (as seen below). Based on this, it looks related to 0266def91377 > (xen/balloon: Fix mapping PG_offline pages to user space) and probably > 77c4adf6a6df (xen/balloon: mark inflated pages PG_offline). > > Any idea? Below is full message. Now that's weird. Weird because half a year passed since 0266def91377 (xen/balloon: Fix mapping PG_offline pages to user space). > > > page:ffffea0003e7ffc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 > flags: 0xffffe00001000(reserved) So we have a PageReserved page that is not PageOffline. I assume this happens when we do a __ClearPageOffline() in alloc_xenballooned_pages(). That means, that we get such a page via balloon_retrieve(true). Which means that we have such a page sitting in the ballooned_pages list, which is weird. Pages enter ballooned_pages via __balloon_append() only. 1. Via xen_online_page(). We have a __SetPageOffline() right in front of it. 2. Via balloon_add_region(). I don't see a __SetPageOffline(). 3. Via decrease_reservation(). We seem to do a __SetPageOffline() on all pages in the previous loop. 4. Via free_xenballooned_pages(). We have a __SetPageOffline() right in front of it. So this smells like #2 (and matches your PV only observation). Also, it makes sense that the page is PageReserved that way. Wonder if it is as easy as: From 0955beef5aa11da4a8398472ce3106a92599cbe6 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david@redhat.com> Date: Fri, 27 Sep 2019 09:39:31 +0200 Subject: [PATCH v1] xen/balloon: Set pages PageOffline() in balloon_add_region() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are missing a __SetPageOffline(), which is why we can get !PageOffline() pages onto the balloon list, where alloc_xenballooned_pages() will complain: page:ffffea0003e7ffc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xffffe00001000(reserved) raw: 000ffffe00001000 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(!PageOffline(page)) ------------[ cut here ]------------ kernel BUG at include/linux/page-flags.h:744! invalid opcode: 0000 [#1] SMP NOPTI Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Fixes: 77c4adf6a6df ("xen/balloon: mark inflated pages PG_offline") Cc: stable@vger.kernel.org # v5.1+ Signed-off-by: David Hildenbrand <david@redhat.com> --- drivers/xen/balloon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c index 05b1f7e948ef..d31149068448 100644 --- a/drivers/xen/balloon.c +++ b/drivers/xen/balloon.c @@ -687,6 +687,7 @@ static void __init balloon_add_region(unsigned long start_pfn, /* totalram_pages and totalhigh_pages do not include the boot-time balloon extension, so don't subtract from it. */ + __SetPageOffline(page) __balloon_append(page); } -- 2.21.0 -- Thanks, David / dhildenb _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages 2019-09-27 7:44 ` David Hildenbrand @ 2019-09-27 15:33 ` Marek Marczykowski-Górecki 0 siblings, 0 replies; 3+ messages in thread From: Marek Marczykowski-Górecki @ 2019-09-27 15:33 UTC (permalink / raw) To: David Hildenbrand; +Cc: Juergen Gross, xen-devel [-- Attachment #1.1: Type: text/plain, Size: 4067 bytes --] On Fri, Sep 27, 2019 at 09:44:35AM +0200, David Hildenbrand wrote: > On 26.09.19 23:34, Marek Marczykowski-Górecki wrote: > > Hi, > > > > I've hit VM_BUG_ON_PAGE(!PageOffline(page), page) in > > alloc_xenballooned_pages, when trying to use gnttab from userspace > > application. It happens on Xen PV, but not on Xen PVH or HVM with the > > same kernel. This happens at least with 5.1.6, but also 5.2.15 > > (as seen below). Based on this, it looks related to 0266def91377 > > (xen/balloon: Fix mapping PG_offline pages to user space) and probably > > 77c4adf6a6df (xen/balloon: mark inflated pages PG_offline). > > > > Any idea? Below is full message. > > Now that's weird. Weird because half a year passed since > 0266def91377 (xen/balloon: Fix mapping PG_offline pages to user space). Not sure about others, but in Qubes we use PVH/HVM VMs mostly. > > page:ffffea0003e7ffc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 > > flags: 0xffffe00001000(reserved) > > So we have a PageReserved page that is not PageOffline. I assume this > happens when we do a __ClearPageOffline() in alloc_xenballooned_pages(). > > That means, that we get such a page via balloon_retrieve(true). Which > means that we have such a page sitting in the ballooned_pages list, which > is weird. > > Pages enter ballooned_pages via __balloon_append() only. > > 1. Via xen_online_page(). We have a __SetPageOffline() right in front > of it. > 2. Via balloon_add_region(). I don't see a __SetPageOffline(). > 3. Via decrease_reservation(). We seem to do a __SetPageOffline() on all > pages in the previous loop. > 4. Via free_xenballooned_pages(). We have a __SetPageOffline() right > in front of it. > > > So this smells like #2 (and matches your PV only observation). Also, > it makes sense that the page is PageReserved that way. > > > Wonder if it is as easy as: Yes, besides missing semicolon it works. Thanks! > From 0955beef5aa11da4a8398472ce3106a92599cbe6 Mon Sep 17 00:00:00 2001 > From: David Hildenbrand <david@redhat.com> > Date: Fri, 27 Sep 2019 09:39:31 +0200 > Subject: [PATCH v1] xen/balloon: Set pages PageOffline() in > balloon_add_region() > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > We are missing a __SetPageOffline(), which is why we can get > !PageOffline() pages onto the balloon list, where > alloc_xenballooned_pages() will complain: > > page:ffffea0003e7ffc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 > flags: 0xffffe00001000(reserved) > raw: 000ffffe00001000 dead000000000100 dead000000000200 0000000000000000 > raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 > page dumped because: VM_BUG_ON_PAGE(!PageOffline(page)) > ------------[ cut here ]------------ > kernel BUG at include/linux/page-flags.h:744! > invalid opcode: 0000 [#1] SMP NOPTI > > Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> > Fixes: 77c4adf6a6df ("xen/balloon: mark inflated pages PG_offline") > Cc: stable@vger.kernel.org # v5.1+ > Signed-off-by: David Hildenbrand <david@redhat.com> Tested-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> > --- > drivers/xen/balloon.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c > index 05b1f7e948ef..d31149068448 100644 > --- a/drivers/xen/balloon.c > +++ b/drivers/xen/balloon.c > @@ -687,6 +687,7 @@ static void __init balloon_add_region(unsigned long start_pfn, > /* totalram_pages and totalhigh_pages do not > include the boot-time balloon extension, so > don't subtract from it. */ > + __SetPageOffline(page) ^ ; > __balloon_append(page); > } > -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] [-- Attachment #2: Type: text/plain, Size: 157 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-09-27 15:33 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-09-26 21:34 [Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages Marek Marczykowski-Górecki 2019-09-27 7:44 ` David Hildenbrand 2019-09-27 15:33 ` Marek Marczykowski-Górecki
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.