From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH v1 for-xen-4.5] Fix list corruption in dpci_softirq. Date: Wed, 19 Nov 2014 19:22:40 +0000 Message-ID: <546CEE00.4010303@citrix.com> References: <1416418300-15778-1-git-send-email-konrad.wilk@oracle.com> <118231163.20141119195439@eikelenboom.it> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XrApw-0001wZ-C6 for xen-devel@lists.xenproject.org; Wed, 19 Nov 2014 19:22:44 +0000 In-Reply-To: <118231163.20141119195439@eikelenboom.it> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Sander Eikelenboom , Konrad Rzeszutek Wilk Cc: xen-devel@lists.xenproject.org, JBeulich@suse.com List-Id: xen-devel@lists.xenproject.org On 19/11/2014 18:54, Sander Eikelenboom wrote: > Wednesday, November 19, 2014, 6:31:39 PM, you wrote: > >> Hey, >> This patch should fix the issue that Sander had seen. The full details >> are in the patch itself. Sander, if you could - please test origin/staging >> with this patch to make sure it does fix the issue. > >> xen/drivers/passthrough/io.c | 27 +++++++++++++++++---------- >> Konrad Rzeszutek Wilk (1): >> dpci: Fix list corruption if INTx device is used and an IRQ timeout is invoked. >> 1 file changed, 17 insertions(+), 10 deletions(-) > > Hi Konrad, > > Hmm just tested with a freshly cloned tree .. unfortunately it blew up again. > (i must admit i also re-enabled stuff i had disabled in debugging like, cpuidle, cpufreq). > > (XEN) [2014-11-19 18:41:25.999] ----[ Xen-4.5.0-rc x86_64 debug=y Not tainted ]---- > (XEN) [2014-11-19 18:41:25.999] CPU: 5 > (XEN) [2014-11-19 18:41:25.999] RIP: e008:[] dpci_softirq+0x9c/0x23d > (XEN) [2014-11-19 18:41:25.999] RFLAGS: 0000000000010283 CONTEXT: hypervisor > (XEN) [2014-11-19 18:41:25.999] rax: 0100100100100100 rbx: ffff8303bb688d90 rcx: 0000000000000001 > (XEN) [2014-11-19 18:41:25.999] rdx: ffff83054ef18000 rsi: 0000000000000002 rdi: ffff83050b29e0b8 > (XEN) [2014-11-19 18:41:25.999] rbp: ffff83054ef1feb0 rsp: ffff83054ef1fe50 r8: ffff8303bb688d60 > (XEN) [2014-11-19 18:41:25.999] r9: 000001d5f62fff63 r10: 00000000deadbeef r11: 0000000000000246 > (XEN) [2014-11-19 18:41:25.999] r12: ffff8303bb688d38 r13: ffff83050b29e000 r14: ffff8303bb688d28 > (XEN) [2014-11-19 18:41:25.999] r15: ffff8303bb688d28 cr0: 000000008005003b cr4: 00000000000006f0 > (XEN) [2014-11-19 18:41:25.999] cr3: 000000050b2c7000 cr2: ffffffffff600400 > (XEN) [2014-11-19 18:41:25.999] ds: 002b es: 002b fs: 0000 gs: 0000 ss: e010 cs: e008 > (XEN) [2014-11-19 18:41:25.999] Xen stack trace from rsp=ffff83054ef1fe50: > (XEN) [2014-11-19 18:41:25.999] 0000000000000c23 ffff83050b29e0b8 ffff8303bb688d38 ffff83054ef1fe70 > (XEN) [2014-11-19 18:41:25.999] ffff8303bb688d90 ffff8303bb688d90 000000fb00000000 ffff82d080300200 > (XEN) [2014-11-19 18:41:25.999] ffff82d0802fff80 ffffffffffffffff ffff83054ef18000 0000000000000002 > (XEN) [2014-11-19 18:41:25.999] ffff83054ef1fee0 ffff82d08012be31 ffff83054ef18000 ffff83009fd2d000 > (XEN) [2014-11-19 18:41:25.999] 00000000ffffffff ffff83054ef28068 ffff83054ef1fef0 ffff82d08012be89 > (XEN) [2014-11-19 18:41:25.999] ffff83054ef1ff10 ffff82d0801633e5 ffff82d08012be89 ffff83009ff8b000 > (XEN) [2014-11-19 18:41:25.999] ffff83054ef1fde8 ffff880059bf8000 ffff880059bf8000 0000000000000000 > (XEN) [2014-11-19 18:41:25.999] 0000000000000000 ffff880059bfbeb0 ffffffff822f3ec0 0000000000000246 > (XEN) [2014-11-19 18:41:25.999] 0000000000000001 0000000000000000 0000000000000000 0000000000000000 > (XEN) [2014-11-19 18:41:25.999] ffffffff810013aa ffff880059bde480 00000000deadbeef 00000000deadbeef > (XEN) [2014-11-19 18:41:25.999] 0000010000000000 ffffffff810013aa 000000000000e033 0000000000000246 > (XEN) [2014-11-19 18:41:25.999] ffff880059bfbe98 000000000000e02b 1862060042c8beef 224d41480704beef > (XEN) [2014-11-19 18:41:25.999] 99171042639bbeef 74c88180108cbeef c0dc604c00000005 ffff83009ff8b000 > (XEN) [2014-11-19 18:41:26.000] 00000034cebff280 ca836183a4020303 > (XEN) [2014-11-19 18:41:26.000] Xen call trace: > (XEN) [2014-11-19 18:41:26.000] [] dpci_softirq+0x9c/0x23d > (XEN) [2014-11-19 18:41:26.000] [] __do_softirq+0x81/0x8c > (XEN) [2014-11-19 18:41:26.000] [] do_softirq+0x13/0x15 > (XEN) [2014-11-19 18:41:26.000] [] idle_loop+0x5e/0x6e > (XEN) [2014-11-19 18:41:26.000] > (XEN) [2014-11-19 18:41:26.778] > (XEN) [2014-11-19 18:41:26.787] **************************************** > (XEN) [2014-11-19 18:41:26.806] Panic on CPU 5: > (XEN) [2014-11-19 18:41:26.819] GENERAL PROTECTION FAULT > (XEN) [2014-11-19 18:41:26.834] [error_code=0000] > (XEN) [2014-11-19 18:41:26.847] **************************************** > (XEN) [2014-11-19 18:41:26.867] > (XEN) [2014-11-19 18:41:26.876] Reboot in five seconds... > (XEN) [2014-11-19 18:41:26.891] APIC error on CPU0: 00(08) > (XEN) [2014-11-19 18:41:26.906] APIC error on CPU0: 08(08) For the avoidance of any confusion, this is still LIST_POISON1 (see %rax), but now a #GP fault following c/s 404227138 (now with 100% less chance of dereferencing into guest-controlled virtual address space) ~Andrew