Re: [Xen-devel] Linux 5.5 fails to boot in VM

From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: xen-devel@lists.xenproject.org
Subject: Re: [Xen-devel] Linux 5.5 fails to boot in VM
Date: Mon, 27 Jan 2020 19:05:23 -0500	[thread overview]
Message-ID: <d9d58697-e803-9e7e-0e75-29cc70eb9ff9@oracle.com> (raw)
In-Reply-To: <a486de72-c3bf-2d32-c86c-0e38d9d87f0a@oracle.com>


[-- Attachment #1.1: Type: text/plain, Size: 7126 bytes --]



On 1/27/20 6:29 PM, Boris Ostrovsky wrote:
>
>
> On 1/27/20 4:37 PM, Marek Marczykowski-Górecki wrote:
>> On Mon, Jan 27, 2020 at 03:45:11PM +0100, Jürgen Groß wrote:
>>> On 27.01.20 14:16, Ilpo Järvinen wrote:
>>>> Hi,
>>>>
>>>> I've noted that 5.5-rcs and now 5.5-based kernel fails to boot in VM.
>>>> 5.4 based kernels worked fine and there seems to have been some changes in
>>>> drivers/xen post-5.4 so perhaps they broke something?
>>> I can't reproduce your problem. Just booted a VM with kernel 5.5 as
>>> PV- and as HVM-guest without any problems.
>> It looks like an issue with gntdev driver, so reproducing it require any
>> userspace that actually makes use of it. Any idea what recent change
>> could cause that?
>>
>>>> Loading Linux 5.5.0-accecn30 ...
>>>>
>>>> .[5;22H      [ initrd.img-5.5.0-acc  16.52MiB  100%  10.23MiB/s ].[5;1HSetting up swapspace version 1, size = 1073737728 bytes
>>>> /dev/xvda3: clean, 852118/1294896 files, 3076785/5190907 blocks
>>>> [    2.730931] BUG: kernel NULL pointer dereference, address: 00000000000003b0
>>>> [    2.730959] #PF: supervisor read access in kernel mode
>>>> [    2.730966] #PF: error_code(0x0000) - not-present page
>>>> [    2.730973] PGD 0 P4D 0
>>>> [    2.730978] Oops: 0000 [#1] SMP PTI
>>>> [    2.730985] CPU: 1 PID: 402 Comm: qubesdb-daemon Tainted: G           O      5.5.0-accecn30 #31
>>>> [    2.731000] RIP: 0010:mmu_interval_read_begin+0x24/0xc0
>
>
>
>
> This looks like it could well be
> d3eeb1d77c5d0af9df442db63722928238310a86. Can you revert it and see if
> it makes a difference?
>
> (+Jason)
>
> -boris
>
>
>
>
>>>> [    2.731008] Code: e9 51 66 e1 ff 90 0f 1f 44 00 00 41 54 49 89 fc 55 53 48 83 ec 30 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 48 8b 47 38 <48> 8b a8 b0 03 00 00 48 8d 5d 0c 48 89 df e8 49 27 6f 00 4d 8b 64
>>>> [    2.731030] RSP: 0018:ffff9873001e7d20 EFLAGS: 00010246
>>>> [    2.731037] RAX: 0000000000000000 RBX: ffff8a4e94712500 RCX: 0000000000000000


I am pretty sure it is.

RAX=0 most likely means that map->notifier is NULL (assuming your
compiler generates code similar to mine).

I believe you at least need

diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 4fc83e3f..d35cf0b 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -1016,7 +1016,8 @@ static int gntdev_mmap(struct file *flip, struct
vm_area_struct *vma)
         * and we are holding it now, there is no need for the
notifier_range
         * locking pattern.
         */
-       mmu_interval_read_begin(&map->notifier);
+       if (use_ptemod)
+               mmu_interval_read_begin(&map->notifier);
 
        if (use_ptemod) {
                map->pages_vm_start = vma->vm_start;


and maybe more.  Give that a try.


-boris


>>>> [    2.731047] RDX: ffff8a4ef53add00 RSI: 0000000000000000 RDI: ffff8a4e94712500
>>>> [    2.731057] RBP: ffff8a4e0bf7a640 R08: 00007bc5c0573000 R09: 0000000000000008
>>>> [    2.731066] R10: ffff8a4ec756c190 R11: 00007bc5c05a2000 R12: ffff8a4e94712500
>>>> [    2.731076] R13: ffff8a4ed3ab9d50 R14: 0000000000000000 R15: 0000000000000001
>>>> [    2.731086] FS:  00007bc5c00dc7c0(0000) GS:ffff8a4ef5d00000(0000) knlGS:0000000000000000
>>>> [    2.731097] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>>> [    2.731105] CR2: 00000000000003b0 CR3: 000000008148e004 CR4: 00000000003606e0
>>>> [    2.731116] Call Trace:
>>>> [    2.731123]  ? vma_merge+0xef/0x370
>>>> [    2.731132]  gntdev_mmap+0x153/0x30e [xen_gntdev]
>>>> [    2.731139]  mmap_region+0x3d9/0x660
>>>> [    2.731146]  do_mmap+0x372/0x520
>>>> [    2.731153]  vm_mmap_pgoff+0xd2/0x120
>>>> [    2.731160]  ksys_mmap_pgoff+0x1b8/0x270
>>>> [    2.731167]  ? ksys_ioctl+0x60/0x90
>>>> [    2.731174]  do_syscall_64+0x5b/0x180
>>>> [    2.731182]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
>>>> [    2.731191] RIP: 0033:0x7bc5c03e8133
>>>> [    2.731196] Code: 54 41 89 d4 55 48 89 fd 53 4c 89 cb 48 85 ff 74 56 49 89 d9 45 89 f8 45 89 f2 44 89 e2 4c 89 ee 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7d 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 2e 0f
>>>> [    2.731219] RSP: 002b:00007ffcbccc89b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
>>>> [    2.731230] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007bc5c03e8133
>>>> [    2.731243] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000000000000
>>>> [    2.731252] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
>>>> [    2.731263] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003
>>>> [    2.731273] R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000007
>>>> [    2.731284] Modules linked in: xen_netback u2mfn(O) xen_gntdev xen_gntalloc xen_blkback xen_evtchn parport_pc ppdev xenfs xen_privcmd lp parport ip_tables xen_netfront xen_blkfront crc32c_intel
>>>> [    2.731309] CR2: 00000000000003b0
>>>> [    2.731315] fbcon: Taking over console
>>>> [    2.731321] ---[ end trace 5ec57aa3f3a40247 ]---
>>>> [    2.731329] RIP: 0010:mmu_interval_read_begin+0x24/0xc0
>>>> [    2.731336] Code: e9 51 66 e1 ff 90 0f 1f 44 00 00 41 54 49 89 fc 55 53 48 83 ec 30 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 48 8b 47 38 <48> 8b a8 b0 03 00 00 48 8d 5d 0c 48 89 df e8 49 27 6f 00 4d 8b 64
>>>> [    2.731358] RSP: 0018:ffff9873001e7d20 EFLAGS: 00010246
>>>> [    2.731365] RAX: 0000000000000000 RBX: ffff8a4e94712500 RCX: 0000000000000000
>>>> [    2.731375] RDX: ffff8a4ef53add00 RSI: 0000000000000000 RDI: ffff8a4e94712500
>>>> [    2.731385] RBP: ffff8a4e0bf7a640 R08: 00007bc5c0573000 R09: 0000000000000008
>>>> [    2.731395] R10: ffff8a4ec756c190 R11: 00007bc5c05a2000 R12: ffff8a4e94712500
>>>> [    2.731405] R13: ffff8a4ed3ab9d50 R14: 0000000000000000 R15: 0000000000000001
>>>> [    2.731415] FS:  00007bc5c00dc7c0(0000) GS:ffff8a4ef5d00000(0000) knlGS:0000000000000000
>>>> [    2.731427] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>>> [    2.731436] CR2: 00000000000003b0 CR3: 000000008148e004 CR4: 00000000003606e0
>>>> [    2.731446] Kernel panic - not syncing: Fatal exception
>>>> [    2.731527] Kernel Offset: 0x2a000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>>>>
>>>> --
>>>>   i.
>>>>
>>>> _______________________________________________
>>>> Xen-devel mailing list
>>>> Xen-devel@lists.xenproject.org
>>>> https://lists.xenproject.org/mailman/listinfo/xen-devel
>>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xenproject.org
>>> https://lists.xenproject.org/mailman/listinfo/xen-devel
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xenproject.org
>> https://lists.xenproject.org/mailman/listinfo/xen-devel
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xenproject.org
> https://lists.xenproject.org/mailman/listinfo/xen-devel


[-- Attachment #1.2: Type: text/html, Size: 9895 bytes --]

[-- Attachment #2: Type: text/plain, Size: 157 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
