Pasi Kärkkäinen
2009-Sep-24 09:06 UTC
[Fedora-xen] Linux 2.6.31 domU crashes very early on RHEL5 Xen hypervisor (xen_load_gdt_boot / HYPERVISOR_update_va_mapping)
Hello,
I tried running the latest Fedora 12 rawhide kernel (2.6.31-33.fc12.x86_64)
as Xen domU on RHEL5.4 x86_64 Xen dom0.
domU kernel crashes very early, there''s no console output at all.
# /usr/lib64/xen/bin/xenctx -s System.map-2.6.31-33.fc12.x86_64 1
rip: ffffffff819f8d3f xen_load_gdt_boot+0xab
rsp: ffffffff81743f08
rax: ffffffea rbx: ffffffff81822000 rcx: 0021f527 rdx: 00000000
rsi: 800000021f527061 rdi: ffffffff81822000 rbp: ffffffff81743fa8
r8: 00000000 r9: 00000000 r10: 00000000 r11: 00000000
r12: ffffffff81743fb8 r13: ffffffff81743f50 r14: 00000080 r15: 00000000
cs: 0000e033 ds: 00000000 fs: 00000000 gs: 00000000
Stack:
000000000021f527 0000000000000000 ffffffff819f8d3f 000000010000e030
0000000000010082 ffffffff81743f48 000000000000e02b ffffffff819f8d3b
0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000001822 0000008000000000 ffffffff8100cb0e 0000000000000000
Code:
20 c3 78 81 31 d2 48 89 c6 48 89 df e8 85 04 61 ff 85 c0 74 04 <0f> 0b eb
fe 49
63 c7 48 81 c3 00
Call Trace:
[<ffffffff819f8d3f>] xen_load_gdt_boot+0xab <--
[<ffffffff819f8d3f>] xen_load_gdt_boot+0xab
[<ffffffff819f8d3b>] xen_load_gdt_boot+0xa7
[<ffffffff8100cb0e>] p2m_top_index+0x9
[<ffffffff8101f209>] switch_to_new_gdt+0x31
[<ffffffff819f8a24>] xen_start_kernel+0x282
# gdb vmlinux
(gdb) x/i 0xffffffff819f8d3f
0xffffffff819f8d3f <xen_load_gdt_boot+171>: ud2a
(gdb) x/60i xen_load_gdt_boot
0xffffffff819f8c94 <xen_load_gdt_boot>: push %rbp
0xffffffff819f8c95 <xen_load_gdt_boot+1>: mov %rsp,%rbp
0xffffffff819f8c98 <xen_load_gdt_boot+4>: push %r15
0xffffffff819f8c9a <xen_load_gdt_boot+6>: xor %r15d,%r15d
0xffffffff819f8c9d <xen_load_gdt_boot+9>: push %r14
0xffffffff819f8c9f <xen_load_gdt_boot+11>: push %r13
0xffffffff819f8ca1 <xen_load_gdt_boot+13>: push %r12
0xffffffff819f8ca3 <xen_load_gdt_boot+15>: mov %rdi,%r12
0xffffffff819f8ca6 <xen_load_gdt_boot+18>: push %rbx
0xffffffff819f8ca7 <xen_load_gdt_boot+19>: sub $0x18,%rsp
0xffffffff819f8cab <xen_load_gdt_boot+23>: movzwl (%rdi),%eax
0xffffffff819f8cae <xen_load_gdt_boot+26>: mov 0x2(%rdi),%rbx
0xffffffff819f8cb2 <xen_load_gdt_boot+30>: inc %eax
0xffffffff819f8cb4 <xen_load_gdt_boot+32>: mov %eax,%r14d
0xffffffff819f8cb7 <xen_load_gdt_boot+35>: mov %eax,-0x34(%rbp)
0xffffffff819f8cba <xen_load_gdt_boot+38>: lea 0xfff(%r14),%rax
0xffffffff819f8cc1 <xen_load_gdt_boot+45>: shr $0xc,%rax
0xffffffff819f8cc5 <xen_load_gdt_boot+49>: lea 0x1e(,%rax,8),%rax
0xffffffff819f8ccd <xen_load_gdt_boot+57>: and $0x7f0,%eax
0xffffffff819f8cd2 <xen_load_gdt_boot+62>: sub %rax,%rsp
0xffffffff819f8cd5 <xen_load_gdt_boot+65>: lea 0xf(%rsp),%r13
0xffffffff819f8cda <xen_load_gdt_boot+70>: and
$0xfffffffffffffff0,%r13
0xffffffff819f8cde <xen_load_gdt_boot+74>: test $0xfff,%ebx
0xffffffff819f8ce4 <xen_load_gdt_boot+80>: je 0xffffffff819f8d55
<xen_load_gdt_boot+193>
0xffffffff819f8ce6 <xen_load_gdt_boot+82>: ud2a
0xffffffff819f8ce8 <xen_load_gdt_boot+84>: jmp 0xffffffff819f8ce8
<xen_load_gdt_boot+84>
0xffffffff819f8cea <xen_load_gdt_boot+86>: mov %rbx,%rdi
0xffffffff819f8ced <xen_load_gdt_boot+89>: callq 0xffffffff8103ecfc
<__phys_addr>
0xffffffff819f8cf2 <xen_load_gdt_boot+94>: mov %rax,%rsi
0xffffffff819f8cf5 <xen_load_gdt_boot+97>: shr $0xc,%rsi
0xffffffff819f8cf9 <xen_load_gdt_boot+101>: mov %rsi,%rdi
0xffffffff819f8cfc <xen_load_gdt_boot+104>: mov %rsi,-0x40(%rbp)
0xffffffff819f8d00 <xen_load_gdt_boot+108>: callq 0xffffffff8100b397
<pfn_to_mfn>
0xffffffff819f8d05 <xen_load_gdt_boot+113>: mov -0x40(%rbp),%rsi
0xffffffff819f8d09 <xen_load_gdt_boot+117>: mov %rax,%rcx
0xffffffff819f8d0c <xen_load_gdt_boot+120>: mov
$0x8000000000000161,%rax
0xffffffff819f8d16 <xen_load_gdt_boot+130>:
and -0x1e362d(%rip),%rax # 0xffffffff818156f0
<__supported_pte_mask>
0xffffffff819f8d1d <xen_load_gdt_boot+137>: mov %rsi,%rdi
0xffffffff819f8d20 <xen_load_gdt_boot+140>: shl $0xc,%rdi
0xffffffff819f8d24 <xen_load_gdt_boot+144>: or %rax,%rdi
0xffffffff819f8d27 <xen_load_gdt_boot+147>: callq *0xffffffff8178c320
0xffffffff819f8d2e <xen_load_gdt_boot+154>: xor %edx,%edx
0xffffffff819f8d30 <xen_load_gdt_boot+156>: mov %rax,%rsi
0xffffffff819f8d33 <xen_load_gdt_boot+159>: mov %rbx,%rdi
0xffffffff819f8d36 <xen_load_gdt_boot+162>: callq 0xffffffff810091c0
<hypercall_page+448>
0xffffffff819f8d3b <xen_load_gdt_boot+167>: test %eax,%eax
0xffffffff819f8d3d <xen_load_gdt_boot+169>: je 0xffffffff819f8d43
<xen_load_gdt_boot+175>
0xffffffff819f8d3f <xen_load_gdt_boot+171>: ud2a
0xffffffff819f8d41 <xen_load_gdt_boot+173>: jmp 0xffffffff819f8d41
<xen_load_gdt_boot+173>
0xffffffff819f8d43 <xen_load_gdt_boot+175>: movslq %r15d,%rax
0xffffffff819f8d46 <xen_load_gdt_boot+178>: add $0x1000,%rbx
0xffffffff819f8d4d <xen_load_gdt_boot+185>: inc %r15d
0xffffffff819f8d50 <xen_load_gdt_boot+188>: mov
%rcx,0x0(%r13,%rax,8)
0xffffffff819f8d55 <xen_load_gdt_boot+193>: mov %r14,%rax
0xffffffff819f8d58 <xen_load_gdt_boot+196>: add 0x2(%r12),%rax
0xffffffff819f8d5d <xen_load_gdt_boot+201>: cmp %rax,%rbx
0xffffffff819f8d60 <xen_load_gdt_boot+204>: jb 0xffffffff819f8cea
<xen_load_gdt_boot+86>
0xffffffff819f8d62 <xen_load_gdt_boot+206>: mov -0x34(%rbp),%esi
0xffffffff819f8d65 <xen_load_gdt_boot+209>: mov %r13,%rdi
0xffffffff819f8d68 <xen_load_gdt_boot+212>: shr $0x3,%esi
(gdb)
So that translates to:
if (HYPERVISOR_update_va_mapping((unsigned long)va, pte, 0))
BUG();
return value was -EINVAL
Any ideas?
I also opened fedora bugzilla entry here:
https://bugzilla.redhat.com/show_bug.cgi?id=525290
-- Pasi
Paolo Bonzini
2009-Sep-24 09:53 UTC
[Fedora-xen] Re: Linux 2.6.31 domU crashes very early on RHEL5 Xen hypervisor (xen_load_gdt_boot / HYPERVISOR_update_va_mapping)
> I also opened fedora bugzilla entry here: https://bugzilla.redhat.com/show_bug.cgi?id=525290For the record, the corresponding RHEL bug is 524052. Paolo