On Fri, 2008-08-22 at 08:18 +0100, Keir Fraser wrote:> On 21/8/08 22:28, "Sandesh" <sandesh.ahiremath@wipro.com>
wrote:
>
> > I am trying to release domU pages from page_list and xenpage_list
> > after domU shutdown while retaining the rest of the domain
information.
> > To achieve this in __domain_finalise_shutdown i call
> > domain_relinquish_resources. This is failing to release pages from
> > page_list for type PGT_l2_page_tables and crashing dom0.
> > To be specific, while testing on mini-os i saw that when
> > domain_relinquish_resources calls relinquish_memory for
> > PGT_l2_page_tables, this eventually calls free_l2_table which fails at
> > map_domain_page() by returning an invalid virtual address, due to
which
> > dom0 crashes immediately.
> >
> > When the same sequence of functions works perfectly fine during domU
> > destruction, why not during shutdown. Am I missing anything important?
>
> I wouldn''t guarantee that calling from shutdown will work entirely
race-free
> in all cases, but I would think it would generally work okay. A bad pointer
> from map_domain_page() is odd -- make a debug build ''debug=y
make'' and
> perhaps add tracing to see what''s going wrong there.
>
Hi Keir,
i could find that dom0 crashes when trying to reference pl2e pointer
returned by map_domain_page() in free_l2_table(). At the time of crash
pl2e refers to fef2900 virtual address. I tried with different domU
kernels and all are showing the exact same problem. I have provided the
dump of registers and call trace at the end.
Can this be due to an invalid page in page_list, since the domU has
already shutdown??
Is there any other direct way to just release the pages to xen heap??
Here is the Dump from the hypervisor debugger...just before the crash...
(XEN) Xen stack trace from esp=ff20fe8c:
(XEN) 000185da 40000000 f6a48c70 48000000 ff1d34e4 48000001 00010000
f6a48c70
(XEN) f6a48c70 48000000 ff1d34e4 ff12d057 f6a48c70 40000000 ff1d2080
ff1d2326
(XEN) 40000000 ff1d2090 ff1d2080 ff1d2090 ff1d2080 ff1d2326 0001bfa4
ff12d1d9
(XEN) ff1a3959 ff1d2080 ff1d2080 ff10438f ff1d2080 00000011 00000292
ff105db6
(XEN) ff202080 00000011 1b4e3023 ff1d9080 ff1d2080 00000000 ff1d2080
ff1045a7
(XEN) ff1d9080 0001bf00 00000004 fd800000 ff1d9080 0000e021 0000e021
ff114670
(XEN) ff1d2080 00000000 00000004 000185b2 185b2018 00000000 001db023
00000000
(XEN) 00000001 00000004 00000000 0001bfa0 00000000 00000000 000001db
ff1d9080
(XEN) 0000e021 0000e021 0001bfa4 ff18e014 00000002 0001bfc0 00028000
00026000
(XEN) 00000000 0001bfa4 00000002 0001bfc0 00028000 00026000 00000000
0001bfa4
(XEN) 0000001d 00f20000 000023a7 0000e019 00000206 0001bf8c 0000e021
0000e021
(XEN) 0000e021 0000e021 0000e021 00000000 ff1d9080
(XEN) Xen call trace:
(XEN) [<ff1387a0>] free_page_type+0xe0/0x280
(XEN) [<ff1d34e4>] bogus_saved_magic+0x72a/0x1016
(XEN) [<ff1d34e4>] bogus_saved_magic+0x72a/0x1016
(XEN) [<ff12d057>] relinquish_memory+0x297/0x2d0
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1d2326>] boot_edd_info+0x170/0x200
(XEN) [<ff1d2090>] edd_mbr_sig_start+0x4/0x5
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1d2090>] edd_mbr_sig_start+0x4/0x5
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1d2326>] boot_edd_info+0x170/0x200
(XEN) [<ff12d1d9>] domain_relinquish_resources+0x149/0x190
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff10438f>] __domain_finalise_shutdown+0x9f/0x160
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff105db6>] evtchn_send+0xf6/0x100
(XEN) [<ff1d9080>] APIC_init_uniprocessor+0x20/0x140
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1045a7>] domain_shutdown+0x67/0xb0
(XEN) [<ff1d9080>] APIC_init_uniprocessor+0x20/0x140
(XEN) [<ff1d9080>] APIC_init_uniprocessor+0x20/0x140
(XEN) [<ff114670>] do_sched_op+0x240/0x440
(XEN) [<ff1d2080>] get_edd+0x4/0x10
(XEN) [<ff1d9080>] APIC_init_uniprocessor+0x20/0x140
(XEN) [<ff18e014>] tracing_off+0x7/0xe
(XEN) [<ff1d9080>] APIC_init_uniprocessor+0x20/0x140
These are the instructions before the crash.....
00000000ff18db2c: map_domain_page+dc lea 0xfec00000(%edi), %
eax
00000000ff18db32: map_domain_page+e2 mov 0x20(%esp), %esi
00000000ff18db36: map_domain_page+e6 mov 0x24(%esp), %edi
00000000ff18db3a: map_domain_page+ea mov 0x28(%esp), %ebp
00000000ff18db3e: map_domain_page+ee add $0x2c, %esp
00000000ff18db41: map_domain_page+f1 ret
00000000ff13879c: free_page_type+dc mov %eax, %esi
00000000ff13879e: free_page_type+de o16 nop
==>> 00000000ff1387a0: free_page_type+e0 mov (%esi,%ebx,8),
%eax
above instruction is the last executed instruction...
and here is the dump of registers just before that....
(XEN) ----[ Xen-3.3-unstable x86_32p debug=n Not tainted ]----
(XEN) CPU: 0
(XEN) EIP: e008:[<ff1387a0>] free_page_type+0xe0/0x280
(XEN) EFLAGS: 00000396 CONTEXT: hypervisor
(XEN) eax: fef29000 ebx: 00000000 ecx: 00000000 edx: 00000000
(XEN) esi: fef29000 edi: f6a48c70 ebp: 000185da esp: ff20fe8c
(XEN) cr0: 8005003b cr4: 000006f0 cr3: 185db000 cr2: b7c91340
(XEN) ds: e010 es: e010 fs: e021 gs: e021 ss: e010 cs: e008
Thanks a lot.
Regards,
Sandesh
\m/ \m/> -- Keir
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this
message are intended for the exclusive use of the addressee(s) and may contain
proprietary, confidential or privileged information. If you are not the intended
recipient, you should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately and destroy all copies of this message and any
attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.wipro.com
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel