Michael Vrable
2006-Feb-22 21:45 UTC
[Xen-devel] [PATCH] Do not call BUG() in translated mode in xen_create_contiguous_region
I''ve encountered a kernel crash when running a domain in shadow
translated mode with networking support:
kernel BUG at arch/i386/mm/hypervisor.c:328!
invalid opcode: 0000 [#1]
SMP
Modules linked in:
CPU: 0
EIP: 0061:[<c01165ba>] Not tainted VLI
EFLAGS: 00010002 (2.6.16-rc4-xenU #1)
EIP is at xen_create_contiguous_region+0x2ea/0x3f0
[...]
[<c01087ed>] show_stack_log_lvl+0xcd/0x120
[<c01089eb>] show_registers+0x1ab/0x240
[<c0108cf1>] die+0x111/0x240
[<c0109048>] do_trap+0x98/0xe0
[<c0109361>] do_invalid_op+0xa1/0xb0
[<c01081d7>] error_code+0x2b/0x30
[<c02503ec>] skbuff_ctor+0x6c/0x80
[<c015eb94>] cache_alloc_refill+0x524/0x570
[<c015e65c>] kmem_cache_alloc+0x7c/0x90
[<c0263588>] alloc_skb_from_cache+0x58/0x110
[<c0250488>] __alloc_skb+0x48/0xa0
[<c028e2a2>] tcp_collapse+0x132/0x360
[<c028e5f5>] tcp_prune_queue+0x125/0x330
[<c0291445>] tcp_data_queue+0x5b5/0xca0
[<c0292c16>] tcp_rcv_established+0x276/0x7e0
[<c0299faa>] tcp_v4_do_rcv+0xda/0x320
[<c029b0e0>] tcp_v4_rcv+0x830/0x900
[<c027f2ee>] ip_local_deliver+0xae/0x1a0
[<c027f087>] ip_rcv+0x2e7/0x4a0
[<c026b387>] netif_receive_skb+0x197/0x220
[<c0259563>] netif_poll+0x3d3/0x7f0
[<c0268f0e>] net_rx_action+0xbe/0x1c0
[<c0124ccc>] __do_softirq+0x8c/0x120
[<c0124de5>] do_softirq+0x85/0x90
[<c0124f39>] irq_exit+0x39/0x50
[<c0109e05>] do_IRQ+0x25/0x30
[<c024e63f>] evtchn_do_upcall+0x9f/0xe0
[<c0108208>] hypervisor_callback+0x2c/0x34
[<c0106a67>] cpu_idle+0x77/0xf0
[<c0105035>] rest_init+0x35/0x40
[<c034e56a>] start_kernel+0x2ea/0x380
[<c010005e>] 0xc010005e
The following patch against xen-unstable.hg should fix the problem.
--Michael Vrable
# HG changeset patch
# User Michael Vrable <mvrable@cs.ucsd.edu>
# Node ID 5747b738b00a6322cd3b61220eb508c24183fa0a
# Parent 697fac283c9e565b4c9697c70a5529d06a488df9
Return -ENOMEM in xen_create_contiguous_region when running translated.
Previously, calling xen_create_contiguous_region with order > 0 while
running in translated shadow mode (XENFEAT_auto_translated_physmap set)
resulted in BUG() being called. This can cause a crash in Xen''s
skbuff_ctor.
xen_create_contiguous_region does have a mechanism to signal failure to
create a contiguous region: it returns -ENOMEM. Simply do this
unconditionally for multi-page requests when in translated mode.
Signed-off-by: Michael Vrable <mvrable@cs.ucsd.edu>
diff -r 697fac283c9e -r 5747b738b00a
linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c
--- a/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c Wed Feb 22 19:11:23 2006
+0000
+++ b/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c Wed Feb 22 13:30:48 2006
-0800
@@ -325,7 +325,9 @@ int xen_create_contiguous_region(
};
if (xen_feature(XENFEAT_auto_translated_physmap)) {
- BUG_ON(order >= 1);
+ if (order >= 1)
+ return -ENOMEM;
+
return 0;
}
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel