From: Scott Garron <xen-devel@sce.pridelands.org>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: BUG: unable to handle kernel paging request - balloon_init - xen-4.1.0 - 2.6.32.39
Date: Thu, 28 Apr 2011 20:15:19 -0400 [thread overview]
Message-ID: <4DBA0317.8080203@sce.pridelands.org> (raw)
In-Reply-To: <20110428183019.GA9852@dumpdata.com>
On 04/28/2011 02:30 PM, Konrad Rzeszutek Wilk wrote:
> And you say it boots fine under DomU - so there is some P2M, E820
> funkiness happening here I think. Had you tried booting the kernel
> as Dom0 with different sizes of dom0_mem ("dom0_mem=max:2GB?") Or
> without the dom0_mem parameter at all?
From my first message to the list in this thread:
"I've tried booting with no dom0_mem option just to see if
that made any difference."
The same crash happened with or without the dom0_mem parameter. After
trying "dom0_mem=max:2048MB" just now, I get the same crash.
> What is your CONFIG_XEN_MAX_DOMAIN_MEMORY set to?
It's currently set to 128. The kernel config I'm using is at
http://www.pridelands.org/~simba/xen-debug/hailstorm-kernelconfig.txt
Here's what has me scratching my head, though... This bytecode
instruction:
0xffffffff819a8aca <balloon_init+491>: imul $0x38,%rdx,%rcx
If I use gdb to point me to the C code for that instruction, it
gives me:
page = pfn_to_page(pfn);
... from within the for() loop in question. Expanding the macro
"pfn_to_page(pfn)", I get:
(((struct page *)(0xffffea0000000000UL)) + (pfn))
So, the preprocessed C code should look like:
page = (((struct page *)(0xffffea0000000000UL)) + (pfn));
Why would an addition operation in C translate to a multiplication
instruction in the bytecode? Moreover, where does multiplying by 0x38
come from? It seems to me that if pfn is 0x100000, and it gets added to
0xffffea0000000000, the end result would be 0xffffea0000100000. The
pr_info() that I added shows that "page" is equal to 0xffffea0003800000,
indicating that it multiplied pfn by 0x38 before adding it to
0xffffea0000000000 instead of simply adding it.
Because the kernel configuration option "CONFIG_SPARSEMEM_VMEMMAP"
mentioned pfn_to_page(pfn), one of the things I tried was unsetting it
but ended up with the same results (except that "page" was
0x0000000003800000).
Then, I suspected a compiler problem, so I tried recompiling with
gcc 4.3 instead of 4.5. Same results.
Just for kicks, I tried hexediting balloon.o and changing that
instruction to "imul $0x1,%rdx,%rcx" (since multiplying by 1 will
essentially nullify the instruction), but the end result was still the
same crash, even though the value for "page" ended up being
0x0000000000100000. It would seem that my suspicion on that instruction
was incorrect, but I'm still having trouble wrapping my mind around why
0x38 is even there.
--
Scott Garron
next prev parent reply other threads:[~2011-04-29 0:15 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-26 0:04 BUG: unable to handle kernel paging request - balloon_init - xen-4.1.0 - 2.6.32.39 Scott Garron
2011-04-26 3:15 ` Konrad Rzeszutek Wilk
2011-04-26 5:03 ` Scott Garron
2011-04-27 20:09 ` Konrad Rzeszutek Wilk
2011-04-27 23:45 ` Scott Garron
[not found] ` <20110428183019.GA9852@dumpdata.com4DBA1EA4.5010004@sce.pridelands.org>
2011-04-28 18:30 ` Konrad Rzeszutek Wilk
2011-04-29 0:15 ` Scott Garron [this message]
2011-04-29 2:12 ` Scott Garron
2011-04-29 14:43 ` Dan Magenheimer
2011-04-29 16:56 ` Scott Garron
2011-04-29 19:38 ` Dan Magenheimer
2011-04-29 23:08 ` Scott Garron
2011-05-04 15:58 ` Konrad Rzeszutek Wilk
2011-05-04 19:19 ` Scott Garron
2011-05-04 19:35 ` Konrad Rzeszutek Wilk
2011-05-04 20:17 ` Scott Garron
2011-05-04 20:23 ` Konrad Rzeszutek Wilk
2011-05-04 21:55 ` Scott Garron
2011-05-04 22:16 ` Konrad Rzeszutek Wilk
2011-05-04 23:23 ` Scott Garron
2011-05-05 18:34 ` Konrad Rzeszutek Wilk
2011-05-05 20:48 ` Scott Garron
2011-05-05 21:06 ` Konrad Rzeszutek Wilk
2011-06-06 18:00 ` Scott Garron
2011-06-06 19:17 ` Pasi Kärkkäinen
2011-06-06 21:33 ` Scott Garron
2011-06-07 19:19 ` Konrad Rzeszutek Wilk
2011-06-08 18:25 ` Scott Garron
2011-06-08 19:29 ` Konrad Rzeszutek Wilk
2011-06-09 20:04 ` Scott Garron
2011-06-10 12:59 ` Konrad Rzeszutek Wilk
2011-06-10 16:51 ` Scott Garron
2011-06-13 22:03 ` Konrad Rzeszutek Wilk
2011-06-13 23:20 ` Scott Garron
2011-06-14 13:55 ` BUG: unable to handle kernel NULL pointer dereference at IP: [<ffffffff8105ae4c>] process_one_work+ Konrad Rzeszutek Wilk
2011-06-14 21:55 ` Scott Garron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DBA0317.8080203@sce.pridelands.org \
--to=xen-devel@sce.pridelands.org \
--cc=konrad.wilk@oracle.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.