From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeremy Fitzhardinge <jeremy@goop.org>
Subject: Re: What is the current state of Dom0 kernel support?
	/ crash with 2.6.31-rc5 32bit PAE
Date: Tue, 11 Aug 2009 13:12:41 -0700
Message-ID: <4A81D0B9.2000902@goop.org>
References: <20090722193530.GR24960@edu.joroinen.fi>
	<20090722195748.GS24960@edu.joroinen.fi>
	<4A6775C9.5010802@goop.org>
	<20090722205346.GU24960@edu.joroinen.fi>
	<4A70B585.2070109@goop.org>
	<20090730084800.GT24960@edu.joroinen.fi>
	<20090730113532.GV24960@edu.joroinen.fi>
	<20090810164330.GA24960@edu.joroinen.fi>
	<4A805053.5010509@goop.org>
	<20090810192750.GF24960@edu.joroinen.fi>
	<20090811195844.GJ24960@edu.joroinen.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <20090811195844.GJ24960@edu.joroinen.fi>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: =?ISO-8859-1?Q?Pasi_K=E4rkk=E4inen?= <pasik@iki.fi>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

On 08/11/09 12:58, Pasi K=E4rkk=E4inen wrote:
> On Mon, Aug 10, 2009 at 10:27:50PM +0300, Pasi K=E4rkk=E4inen wrote:
>  =20
>> On Mon, Aug 10, 2009 at 09:52:35AM -0700, Jeremy Fitzhardinge wrote:
>>    =20
>>> On 08/10/09 09:43, Pasi K=E4rkk=E4inen wrote:
>>>      =20
>>>> Did I mess up something here or was this patch against some other tr=
ee than
>>>> rebase/master?=20
>>>>  =20
>>>>        =20
>>> No, it needed another change in there.  rebase/master now has that fi=
x
>>> in it, but I'm seeing other interrupt-related strangeness which I sti=
ll
>>> don't understand.  I'd be interested in any reports you have about
>>> current rebase/master.
>>>
>>>      =20
>> I just updated rebase/master and rebuilt (now 2.6.31-rc5).
>>
>> http://pasik.reaktio.net/xen/pv_ops-dom0-debug/pv_ops-dom0-log-11-reba=
se-master-with-highpte.txt
>>
>> (gdb) list *0xc058c93f
>> 0xc058c93f is in active_evtchns (drivers/xen/events.c:237).
>> 232
>> 233     static inline unsigned long active_evtchns(unsigned int cpu,
>> 234                                                struct shared_info =
*sh,
>> 235                                                unsigned int idx)
>> 236     {
>> 237             return (sh->evtchn_pending[idx] &
>> 238                     cpu_evtchn_mask(cpu)[idx] &
>> 239                     ~sh->evtchn_mask[idx]);
>> 240     }
>> 241
>> (gdb)=20
>>
>>
>>    =20
>
> I just added some debug printk()'s to the very beginning of the functio=
n and found out this:
>
> DEBUG active_evtchns: cpu: 0, sh: 4117237760, idx: 0
> DEBUG sh->evtchn_pending: 4117239808, sh->evtchn_mask: 4117239936
> DEBUG cpu_evtchn_mask(cpu): 0
>
> so.. looks like the buggy piece of code (null pointer dereference) is: =
cpu_evtchn_mask(cpu)[idx]
>  =20

Yes; something is trying to use that stuff before the array is
allocated.  I'm trying to work out a fix now, and I wonder if its
related to some (more subtle) interrupt-related problems I'm seeing.

    J