Hi, Just got this one, see attached log ... cheers, Gerd -- Gerd Hoffmann <kraxel@suse.de> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hmm, ugly. Guest register state seems to indicate that this is not a continuation, yet the return value from do_mmuext_op() must clearly have been __HYPERVISOR_mmuext_op, i.e. must have come from hypervisor_create_continuation(). Was this during boot of the domain? Is this reproducible? Was there anything special happening in that guest (or maybe this was domain 0)? Can you send maybe send the xen-syms image exactly matching the crash, so I can associate stuff on the stack with source variables? Thanks, Jan>>> Gerd Hoffmann <kraxel@suse.de> 10.01.07 11:06 >>>Hi, Just got this one, see attached log ... cheers, Gerd -- Gerd Hoffmann <kraxel@suse.de> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
[This email is either empty or too large to be displayed at this time]
>Just got this one, see attached log ...Below patch should fix it - need to take multicall context into consideration when determining the continuation arguments for mmuext ops. Signed-off-by: Jan Beulich <jbeulich@novell.com> Index: 2007-01-08/xen/arch/x86/x86_64/compat/mm.c ==================================================================--- 2007-01-08.orig/xen/arch/x86/x86_64/compat/mm.c 2006-12-15 15:32:58.000000000 +0100 +++ 2007-01-08/xen/arch/x86/x86_64/compat/mm.c 2007-01-10 16:06:16.000000000 +0100 @@ -1,6 +1,7 @@ #ifdef CONFIG_COMPAT #include <xen/event.h> +#include <xen/multicall.h> #include <compat/memory.h> #include <compat/xen.h> @@ -289,20 +290,27 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm if ( err == __HYPERVISOR_mmuext_op ) { struct cpu_user_regs *regs = guest_cpu_user_regs(); - unsigned int left = regs->ecx & ~MMU_UPDATE_PREEMPTED; + struct mc_state *mcs = &this_cpu(mc_state); + unsigned int arg1 = !test_bit(_MCSF_in_multicall, &mcs->flags) + ? regs->ecx + : mcs->call.args[1]; + unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED; - BUG_ON(!(regs->ecx & MMU_UPDATE_PREEMPTED)); + BUG_ON(left == arg1); BUG_ON(left > count); guest_handle_add_offset(nat_ops, count - left); BUG_ON(left + i < count); guest_handle_add_offset(cmp_uops, (signed int)(count - left - i)); left = 1; BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops)); - BUG_ON(left != regs->ecx); - regs->ecx += count - i; + BUG_ON(left != arg1); + if (!test_bit(_MCSF_in_multicall, &mcs->flags)) + regs->_ecx += count - i; + else + mcs->compat_call.args[1] += count - i; } else - BUG_ON(rc > 0); + BUG_ON(err > 0); rc = err; } _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Applied. Cheers, Emmanuel. On Jan 10, 2007, at 16:44, Jan Beulich wrote:>> Just got this one, see attached log ... > > Below patch should fix it - need to take multicall context into > consideration when > determining the continuation arguments for mmuext ops. > > Signed-off-by: Jan Beulich <jbeulich@novell.com> > > Index: 2007-01-08/xen/arch/x86/x86_64/compat/mm.c > ==================================================================> --- 2007-01-08.orig/xen/arch/x86/x86_64/compat/mm.c 2006-12-15 > 15:32:58.000000000 +0100 > +++ 2007-01-08/xen/arch/x86/x86_64/compat/mm.c 2007-01-10 > 16:06:16.000000000 +0100 > @@ -1,6 +1,7 @@ > #ifdef CONFIG_COMPAT > > #include <xen/event.h> > +#include <xen/multicall.h> > #include <compat/memory.h> > #include <compat/xen.h> > > @@ -289,20 +290,27 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm > if ( err == __HYPERVISOR_mmuext_op ) > { > struct cpu_user_regs *regs = guest_cpu_user_regs(); > - unsigned int left = regs->ecx & ~MMU_UPDATE_PREEMPTED; > + struct mc_state *mcs = &this_cpu(mc_state); > + unsigned int arg1 = !test_bit(_MCSF_in_multicall, > &mcs->flags) > + ? regs->ecx > + : mcs->call.args[1]; > + unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED; > > - BUG_ON(!(regs->ecx & MMU_UPDATE_PREEMPTED)); > + BUG_ON(left == arg1); > BUG_ON(left > count); > guest_handle_add_offset(nat_ops, count - left); > BUG_ON(left + i < count); > guest_handle_add_offset(cmp_uops, (signed int)(count > - left - i)); > left = 1; > BUG_ON(!hypercall_xlat_continuation(&left, 0x01, > nat_ops, cmp_uops)); > - BUG_ON(left != regs->ecx); > - regs->ecx += count - i; > + BUG_ON(left != arg1); > + if (!test_bit(_MCSF_in_multicall, &mcs->flags)) > + regs->_ecx += count - i; > + else > + mcs->compat_call.args[1] += count - i; > } > else > - BUG_ON(rc > 0); > + BUG_ON(err > 0); > rc = err; > } > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel