From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: Re: Xen PANIC in MCE interrupt context : can global variable dom0 be NULL ? Date: Tue, 16 Feb 2010 09:05:33 +0000 Message-ID: <4B7A6DED020000780002F961@vpn.id2.novell.com> References: <4B795809.5070304@lsi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <4B795809.5070304@lsi.com> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Yunhong Jiang , Ashwin Pankaj Cc: Xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org >>> Ashwin Pankaj 15.02.10 15:19 >>> > After some digging, probable culprit seems to be smp_cmci_interrupt > >> if (bs.errcnt && mctc !=3D NULL) { >> if (guest_enabled_event(dom0->vcpu[0],=20 >> <------------------------------------ here >> VIRQ_MCA)) { >> mctelem_commit(mctc); >> printk(KERN_DEBUG "CMCI: send CMCI to DOM0 through = virq\n"); >> send_guest_global_virq(dom0, VIRQ_MCA); >> } else { >> x86_mcinfo_dump(mctelem_dataptr(mctc)); >> mctelem_dismiss(mctc); >> } > > >Looks like dom0 is NULL here ( vcpu[0] offset is 0x468). Is this = possible? Yes, your call trace confirms this. >Other functions like mce_softirq() perform a NULL check on dom0 before=20 >accessing it's members .... The majority of uses doesn't seem to do that check, yet it is essential if CMCIs occur during boot of Xen. Even more, it should not only be dom0 that is checked against NULL, but also dom0->vcpu (or dom0->max_vcpus) and dom0->vcpu[0]. Jan