From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Thomas DEBESSE <thomas.debesse@diocese-frejus-toulon.com>,
xen-devel@lists.xen.org
Subject: Re: DomU: kernel BUG at arch/x86/xen/enlighten.c:425
Date: Tue, 15 Sep 2015 17:09:11 +0100 [thread overview]
Message-ID: <55F842A7.4080903@citrix.com> (raw)
In-Reply-To: <CAGXJp70niYhstkCxQKsZQ4kNLckcqhMTbpFt+zeqSm-W276geg@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 5281 bytes --]
On 15/09/15 17:03, Thomas DEBESSE wrote:
> Hi, I'm replying to this thread from 2013:
> http://lists.xen.org/archives/html/xen-devel/2013-03/threads.html#00649
>
> Like James Sinclair, all I could find is a closed Debian bug from Dec
> 2010 with no resolution:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=60770
>
> Do you have some news about this bug?
>
> I got it too with a 3.16 kernel on Debian:
>
> Sep 15 16:57:14 server kernel: [ 19.844447] ------------[ cut here
> ]------------
> Sep 15 16:57:14 server kernel: [ 19.844468] kernel BUG at
> /build/linux-sPqfgd/linux-3.16.7-ckt11/arch/x86/xen/enlighten.c:494!
> Sep 15 16:57:14 server kernel: [ 19.844479] invalid opcode: 0000
> [#1] SMP
> Sep 15 16:57:14 server kernel: [ 19.844487] Modules linked in: fuse
> nfsd auth_rpcgss oid_registry nfs_acl nfs lockd fscache sunrpc evdev
> coretemp pcspkr ext4 crc16 mbcache jbd2 dm_mod md_mod xen_netfront
> xen_blkfront
> Sep 15 16:57:14 server kernel: [ 19.844519] CPU: 1 PID: 930 Comm:
> cmd Not tainted 3.16.0-4-686-pae #1 Debian 3.16.7-ckt11-1
> Sep 15 16:57:14 server kernel: [ 19.844529] task: e8ba4560 ti:
> c29f8000 task.ti: c29f8000
> Sep 15 16:57:14 server kernel: [ 19.844535] EIP: 0061:[<c100373d>]
> EFLAGS: 00010282 CPU: 1
> Sep 15 16:57:14 server kernel: [ 19.844545] EIP is at
> set_aliased_prot+0x10d/0x120
> Sep 15 16:57:14 server kernel: [ 19.844551] EAX: ffffffea EBX:
> ede01000 ECX: cc5ae063 EDX: 80000000
> Sep 15 16:57:14 server kernel: [ 19.844558] ESI: 00000000 EDI:
> 80000001 EBP: c29f9dbc ESP: c29f9d98
> Sep 15 16:57:14 server kernel: [ 19.844564] DS: 007b ES: 007b FS:
> 00d8 GS: 00e0 SS: 0069
> Sep 15 16:57:14 server kernel: [ 19.844570] CR0: 8005003b CR2:
> 00111484 CR3: 029ab000 CR4: 00002660
> Sep 15 16:57:14 server kernel: [ 19.844578] Stack:
> Sep 15 16:57:14 server kernel: [ 19.844582] 80000000 cc5ae063
> 001f3c8a ede01000 ecac2140 00000001 ede02000 00000400
> Sep 15 16:57:14 server kernel: [ 19.844594] 00000000 c29f9dd0
> c1003781 c2831ac0 e8892010 c2831ac0 c29f9ddc c10122be
> Sep 15 16:57:14 server kernel: [ 19.844606] 00000000 c29f9e00
> c1053fa6 c29f9df0 c1002e90 e8ba4560 ecdcf8c0 00000000
> Sep 15 16:57:14 server kernel: [ 19.844618] Call Trace:
> Sep 15 16:57:14 server kernel: [ 19.844628] [<c1003781>] ?
> xen_free_ldt+0x31/0x40
> Sep 15 16:57:14 server kernel: [ 19.844640] [<c10122be>] ?
> destroy_context+0x2e/0x90
> Sep 15 16:57:14 server kernel: [ 19.844651] [<c1053fa6>] ?
> __mmdrop+0x26/0x90
> Sep 15 16:57:14 server kernel: [ 19.844659] [<c1002e90>] ?
> xen_end_context_switch+0x10/0x20
> Sep 15 16:57:14 server kernel: [ 19.844668] [<c107c59f>] ?
> finish_task_switch+0x9f/0xd0
> Sep 15 16:57:14 server kernel: [ 19.844677] [<c1478e60>] ?
> __schedule+0x230/0x6e0
> Sep 15 16:57:14 server kernel: [ 19.844685] [<c116e381>] ?
> __sb_end_write+0x31/0x70
> Sep 15 16:57:14 server kernel: [ 19.844694] [<c117361c>] ?
> pipe_write+0x34c/0x3d0
> Sep 15 16:57:14 server kernel: [ 19.844703] [<c147be59>] ?
> _raw_spin_lock_irqsave+0x19/0x40
> Sep 15 16:57:14 server kernel: [ 19.844713] [<c147baa3>] ?
> _raw_spin_unlock_irqrestore+0x13/0x20
> Sep 15 16:57:14 server kernel: [ 19.844723] [<c1090398>] ?
> prepare_to_wait+0x48/0x70
> Sep 15 16:57:14 server kernel: [ 19.844732] [<c117324d>] ?
> pipe_wait+0x4d/0x80
> Sep 15 16:57:14 server kernel: [ 19.844740] [<c1090680>] ?
> prepare_to_wait_event+0xd0/0xd0
> Sep 15 16:57:14 server kernel: [ 19.844749] [<c11737f1>] ?
> pipe_read+0x151/0x260
> Sep 15 16:57:14 server kernel: [ 19.844758] [<c116bd96>] ?
> new_sync_read+0x66/0xa0
> Sep 15 16:57:14 server kernel: [ 19.844766] [<c116bd30>] ?
> default_llseek+0x170/0x170
> Sep 15 16:57:14 server kernel: [ 19.844774] [<c116c620>] ?
> vfs_read+0x80/0x150
> Sep 15 16:57:14 server kernel: [ 19.844780] [<c116cdc6>] ?
> SyS_read+0x46/0x90
> Sep 15 16:57:14 server kernel: [ 19.844789] [<c147c2df>] ?
> sysenter_do_call+0x12/0x12
> Sep 15 16:57:14 server kernel: [ 19.844794] Code: 2e 83 c4 18 5b 5e
> 5f 5d c3 90 8d 74 26 00 83 3d d4 92 76 c1 02 75 c8 8d b4 26 00 00 00
> 00 e8 2b 5e 13 00 83 c4 18 5b 5e 5f 5d c3 <0f> 0b 0f 0b 0f 0b 8d b6 00
> 00 00 00 8d bc 27 00 00 00 00 55 89
> Sep 15 16:57:14 server kernel: [ 19.844868] EIP: [<c100373d>]
> set_aliased_prot+0x10d/0x120 SS:ESP 0069:c29f9d98
> Sep 15 16:57:14 server kernel: [ 19.844882] ---[ end trace
> 5b8a5a9c639bac8c ]---
>
> The message above is from DomU kernel. In fact, when I get this
> message, I'm lucky: it means the error was handled without crashing.
> Most of the case the vm just reboot itself before logging or printing
> any message at all.
> On Dom0 side, `xl dmesg` shows nothing.
>
> I downgraded my DomU kernel to 3.2 and it seems to work for now but
> it's not a fix.
> //
>
> I was running xen 4.4.1-9 and linux 3.16.7-ckt11-1 (686-pae) from Debian.
>
> I don't have more information, at all.
The instantiation of HYPERVISOR_update_va_mapping() in
set_aliased_prot() has always been buggy in pvops kernels.
This bug should be fixed by c/s 0b0e55 "x86/xen: Probe target addresses
in set_aliased_prot before the hypercall" which is in the process of
being backported to #stable as a prerequisite for the recent LDT CVE fixes.
~Andrew
[-- Attachment #1.2: Type: text/html, Size: 7731 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2015-09-15 16:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-15 16:03 DomU: kernel BUG at arch/x86/xen/enlighten.c:425 Thomas DEBESSE
2015-09-15 16:09 ` Andrew Cooper [this message]
2015-09-15 16:28 ` Thomas DEBESSE
2015-09-15 16:35 ` Andrew Cooper
-- strict thread matches above, loose matches on Subject: below --
2013-03-08 2:23 James Sinclair
2013-03-08 8:38 ` Jan Beulich
[not found] ` <4A885B42-B352-4FE4-A0A7-2B10CF595E61@linode.com>
2013-03-12 7:45 ` Jan Beulich
2013-03-12 22:56 ` James Sinclair
2013-03-13 0:38 ` James Sinclair
2013-03-13 9:50 ` Ian Campbell
2013-03-18 0:27 ` James Sinclair
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F842A7.4080903@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=thomas.debesse@diocese-frejus-toulon.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).