From mboxrd@z Thu Jan  1 00:00:00 1970
From: Gerd Hoffmann <kraxel@suse.de>
Subject: Re: [BUG] double fault for sale ;)
Date: Tue, 30 May 2006 16:02:22 +0200
Message-ID: <447C506E.2070301@suse.de>
References: <447B0C8D.2060005@suse.de>
	<6a7498fb08ad39210bd11832f3c32287@cl.cam.ac.uk>
	<447B1B41.2000003@suse.de>
	<cbd1957668968d46ab6c568d7cc2ce51@cl.cam.ac.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------060506010803050106080900"
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <cbd1957668968d46ab6c568d7cc2ce51@cl.cam.ac.uk>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: Xen devel list <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

This is a multi-part message in MIME format.
--------------060506010803050106080900
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Keir Fraser wrote:
> The few stack frames you looked at already look quite innocent. They
> don't take up much stack space. OTOH it is somewhat weird to be doing
> writable pagetable work that far down the stack. It'll be interesting to
> see what was going on to cause writable pagetable state to be flushed.

Looks like an endless recursion, trace (and patch) attached.

cheers,

  Gerd

-- 
Gerd Hoffmann <kraxel@suse.de>
http://www.suse.de/~kraxel/julika-dora.jpeg

--------------060506010803050106080900
Content-Type: text/plain;
 name="xen-double-fault-3-stack"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="xen-double-fault-3-stack"

(XEN) Xen stack trace from esp=ffbf4f84:
(XEN)   stack overflow fixup
(XEN) Xen stack trace from esp=ffbf5000:
(XEN)  stack ffbf5030, text ff135035 <get_page_and_type+0x34/0x57>
(XEN)  stack ffbf5050, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5080, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf50a0, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf50e0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf5120, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN)  stack ffbf5130, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf51e0, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN)  stack ffbf5200, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5230, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5250, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf5290, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf52d0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN)  stack ffbf52e0, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf5390, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN)  stack ffbf53b0, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf53e0, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5400, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf5440, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf5480, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN)  stack ffbf5490, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf5540, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN)  stack ffbf5560, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5590, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf55b0, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf55f0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf5630, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN)  stack ffbf5640, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf56f0, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN)  stack ffbf5710, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5740, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5760, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf57a0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf57e0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN)  stack ffbf57f0, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf58a0, text ff135035 <get_page_and_type+0x34/0x57>, frame 44
(XEN)  stack ffbf58c0, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf58f0, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5910, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf5950, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf597c, text ff137b63 <__cpus_empty+0x18/0x1a>, frame 11
(XEN)  stack ffbf5990, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 5
(XEN)  stack ffbf59a0, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf59cc, text ff1233f5 <smp_apic_timer_interrupt+0x17/0x19>, frame 11
(XEN)  stack ffbf5a1c, text ff183f8e <mapcache_current_vcpu+0xb/0xc5>, frame 20
(XEN)  stack ffbf5a50, text ff135035 <get_page_and_type+0x34/0x57>, frame 13
(XEN)  stack ffbf5a70, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5aa0, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5aac, text ff13d1e7 <ptwr_emulated_update+0x5bd/0x5d6>, frame 3
(XEN)  stack ffbf5ac0, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 5
(XEN)  stack ffbf5b00, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf5b40, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 16
(XEN)  stack ffbf5b50, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf5b70, text ff183f8e <mapcache_current_vcpu+0xb/0xc5>, frame 8
(XEN)  stack ffbf5b80, text ff183e85 <map_domain_page+0x3c5/0x3fa>, frame 4
(XEN)  stack ffbf5c00, text ff135035 <get_page_and_type+0x34/0x57>, frame 32
(XEN)  stack ffbf5c20, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5c50, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5c70, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf5cb0, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf5cc0, text ff135637 <get_page_from_pagenr+0x43/0x93>, frame 4
(XEN)  stack ffbf5cf0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 12
(XEN)  stack ffbf5d00, text ff137766 <get_page_type+0x266/0x63d>, frame 4
(XEN)  stack ffbf5d10, text ff12341c <raise_softirq+0x25/0x27>, frame 4
(XEN)  stack ffbf5d20, text ff135c12 <get_page_from_l2e+0xf5/0x131>, frame 4
(XEN)  stack ffbf5d30, text ff137c01 <__next_cpu+0x26/0x48>, frame 4
(XEN)  stack ffbf5db0, text ff135035 <get_page_and_type+0x34/0x57>, frame 32
(XEN)  stack ffbf5dd0, text ff135a93 <get_page_from_l1e+0x17c/0x206>, frame 8
(XEN)  stack ffbf5e00, text ff183b28 <map_domain_page+0x68/0x3fa>, frame 12
(XEN)  stack ffbf5e20, text ff13c80e <revalidate_l1+0xb2/0x17f>, frame 8
(XEN)  stack ffbf5e60, text ff13cb13 <ptwr_flush+0x238/0x34f>, frame 16
(XEN)  stack ffbf5e70, text ff138731 <set_foreigndom+0x13/0x228>, frame 4
(XEN)  stack ffbf5e8c, text ff184169 <unmap_domain_page+0x107/0x33c>, frame 7
(XEN)  stack ffbf5ea0, text ff13d89f <cleanup_writable_pagetable+0x64/0x86>, frame 5
(XEN)  stack ffbf5eb0, text ff1389df <do_mmuext_op+0x99/0xa2f>, frame 4
(XEN)  stack ffbf5ecc, text ff13d5e6 <ptwr_do_page_fault+0x37b/0x483>, frame 7
(XEN)  stack ffbf5f3c, text ff144dba <fixup_page_fault+0x39e/0x3ec>, frame 28
(XEN)  stack ffbf5f6c, text ff144fe1 <do_page_fault+0x9f/0x334>, frame 12
(XEN)  stack ffbf5f80, text ff11c5f5 <do_softirq+0xa1/0xb8>, frame 5
(XEN)  stack ffbf5f90, text ff1847df <hypercall+0x8f/0xaf>, frame 4

--------------060506010803050106080900
Content-Type: text/plain;
 name="xen-debug-patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="xen-debug-patch"

diff -r 14717dedba02 xen/arch/x86/x86_32/traps.c
--- a/xen/arch/x86/x86_32/traps.c	Sun May 21 19:15:58 2006
+++ b/xen/arch/x86/x86_32/traps.c	Tue May 30 15:59:30 2006
@@ -173,6 +173,51 @@
            tss->esi, tss->edi, tss->ebp, tss->esp);
     printk("ds: %04x   es: %04x   fs: %04x   gs: %04x   ss: %04x\n",
            tss->ds, tss->es, tss->fs, tss->gs, tss->ss);
+
+    {
+#define stack_words_per_line  8
+
+	unsigned long *stack, addr, *lstack;
+	int words;
+
+	addr = tss->esp;
+	stack = (void*)addr;
+	printk("Xen stack trace from "__OP"sp=%p:\n  ", stack);
+
+	if ((addr & 0xfff) > 0xf00) {
+		printk("stack overflow fixup\n");
+		while ((addr & 0xfff) > 0xf00)
+			addr += 4;
+		stack = (void*)addr;
+		printk("Xen stack trace from "__OP"sp=%p:\n  ", stack);
+	}
+
+	lstack = NULL;
+	for (;; stack++) {
+	    if (((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0)
+		break;
+	    addr = *stack;
+	    if (is_kernel_text(addr)) {
+		printk("\n stack %p, text %p <", stack, _p(addr));
+		print_symbol("%s",addr);
+		printk(">");
+		if (lstack)
+			printk(", frame %d", stack - lstack);
+		lstack = stack;
+		printk("\n");
+		words = 0;
+	    } else {
+		if (stack_words_per_line == words) {
+		    printk("\n");
+		    words = 0;
+		}
+		printk(" %p", _p(addr));
+		words++;
+	    }
+	}
+	printk("\n");
+    }
+
     printk("************************************\n");
     printk("CPU%d DOUBLE FAULT -- system shutdown\n", cpu);
     printk("System needs manual reset.\n");

--------------060506010803050106080900
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--------------060506010803050106080900--