From: Keir Fraser <keir.fraser@eu.citrix.com>
To: Jan Beulich <JBeulich@novell.com>
Cc: MaoXiaoyun <tinnycloud@hotmail.com>,
xen devel <xen-devel@lists.xensource.com>
Subject: Re: Xen-unstable panic: FATAL PAGE FAULT
Date: Wed, 1 Sep 2010 09:49:18 +0100 [thread overview]
Message-ID: <C8A3D220.21A02%keir.fraser@eu.citrix.com> (raw)
In-Reply-To: <4C7E24BE02000078000139EC@vpn.id2.novell.com>
[-- Attachment #1: Type: text/plain, Size: 1459 bytes --]
On 01/09/2010 09:02, "Jan Beulich" <JBeulich@novell.com> wrote:
>> Well I agree with your logic anyway. So I don't see that this can be the
>> cause of MaoXiaoyun's bug. At least not directly. But then I'm stumped as to
>> why the page arithmetic and checks in free_heap_pages are (apparently)
>> resulting in a page pointer way outside the frame-table region and actually
>> in the directmap region.
>
> There must be some unchecked use of PAGE_LIST_NULL, i.e.
> running off a list end without taking notice (0xffff8315ffffffe4
> exactly corresponds with that).
Okay, my next guess then is that we are deleting a chunk from the wrong list
head. I don't see any check that the adjacent chunks we are considering to
merge are from the same node and zone. I suppose the zone logic does just
work as we're dealing with 2**x aligned and sized regions. But, shouldn't
the merging logic in free_heap_pages be checking that the merging candidate
is from the same NUMA node? I see I have an ASSERTion later in the same
function, but it's too weak and wishful I suspect.
MaoXiaoyun: can you please test with the attached patch? If I'm right, you
will crash on one of the BUG_ON checks that I added, rather than crashing on
a pointer dereference. You may even crash during boot. Anyhow, what is
interesting is whether this patch always makes you crash on BUG_ON before
you would normally crash on pointer dereference. If so this is trivial to
fix.
Thanks,
Keir
[-- Attachment #2: 00-bugcheck --]
[-- Type: application/octet-stream, Size: 865 bytes --]
diff -r 573ddf5cc145 xen/common/page_alloc.c
--- a/xen/common/page_alloc.c Tue Aug 31 19:16:23 2010 +0100
+++ b/xen/common/page_alloc.c Wed Sep 01 09:41:42 2010 +0100
@@ -581,6 +581,8 @@
!page_state_is(pg-mask, free) ||
(PFN_ORDER(pg-mask) != order) )
break;
+ BUG_ON(page_to_zone(pg-mask) != zone);
+ BUG_ON(phys_to_nid(page_to_maddr(pg-mask)) != node);
pg -= mask;
page_list_del(pg, &heap(node, zone, order));
}
@@ -591,6 +593,8 @@
!page_state_is(pg+mask, free) ||
(PFN_ORDER(pg+mask) != order) )
break;
+ BUG_ON(page_to_zone(pg+mask) != zone);
+ BUG_ON(phys_to_nid(page_to_maddr(pg+mask)) != node);
page_list_del(pg + mask, &heap(node, zone, order));
}
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2010-09-01 8:49 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <SNT0-MC2-F12iKC1rdi000797d9@snt0-mc2-f12.Snt0.hotmail.com>
2010-08-26 4:49 ` Re:Re: Xen-unstable panic: FATAL PAGE FAULT MaoXiaoyun
2010-08-26 7:39 ` Keir Fraser
2010-08-26 8:59 ` MaoXiaoyun
2010-08-26 9:11 ` Keir Fraser
2010-08-30 8:47 ` MaoXiaoyun
2010-08-30 9:02 ` Keir Fraser
2010-08-30 13:03 ` MaoXiaoyun
2010-08-30 13:16 ` Keir Fraser
2010-08-31 13:49 ` MaoXiaoyun
2010-08-31 14:49 ` Keir Fraser
2010-08-31 15:00 ` Keir Fraser
2010-08-31 15:07 ` Jan Beulich
2010-08-31 16:01 ` Keir Fraser
2010-08-31 16:22 ` Jan Beulich
2010-08-31 16:35 ` Keir Fraser
2010-08-31 17:03 ` Keir Fraser
2010-09-01 7:17 ` MaoXiaoyun
2010-09-01 7:40 ` Keir Fraser
2010-09-01 8:05 ` Jan Beulich
2010-09-01 8:32 ` MaoXiaoyun
2010-09-01 8:02 ` Jan Beulich
2010-09-01 8:49 ` Keir Fraser [this message]
2010-09-01 9:01 ` Jan Beulich
2010-09-01 9:28 ` Keir Fraser
2010-09-01 9:48 ` MaoXiaoyun
2010-09-01 10:09 ` Jan Beulich
2010-09-01 9:06 ` MaoXiaoyun
2010-09-01 9:23 ` MaoXiaoyun
2010-09-01 9:58 ` Keir Fraser
2010-09-01 10:21 ` MaoXiaoyun
2010-09-01 10:25 ` Keir Fraser
2010-09-01 10:28 ` Keir Fraser
2010-09-01 10:34 ` Jan Beulich
2010-09-01 11:32 ` MaoXiaoyun
2010-09-01 7:54 ` Jan Beulich
2010-09-01 3:17 ` MaoXiaoyun
2010-02-06 22:56 Mark Hurenkamp
2010-02-07 11:56 ` Keir Fraser
2010-04-30 20:52 ` Bastian Blank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C8A3D220.21A02%keir.fraser@eu.citrix.com \
--to=keir.fraser@eu.citrix.com \
--cc=JBeulich@novell.com \
--cc=tinnycloud@hotmail.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).