Xen devel - Sep 2010 - 2.6.32.22 (amd64) domU Kernel doesnt boot - kernel panic

Hello

I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from kernel.org.
2.6.32.22 has the important security fix (local user can be root with a 
exploit).

When booting up the domU with the new kernel, it hangs here:

[7061459.971314] installing Xen timer for CPU 0
[7061459.971338] BUG: unable to handle kernel NULL pointer dereference at (null)
[7061459.971347] IP: [<(null)>] (null)
[7061459.971353] PGD 0
[7061459.971357] Thread overran stack, or stack corrupted
[7061459.971362] Oops: 0010 [#1] SMP
[7061459.971368] last sysfs file:
[7061459.971372] CPU 0
[7061459.971377] Modules linked in:
[7061459.971383] Pid: 0, comm: swapper Not tainted 2.6.32.22 #1
[7061459.971389] RIP: e030:[<0000000000000000>]  [<(null)>] (null)
[7061459.971395] RSP: e02b:ffffffff81805da0  EFLAGS: 00010082
[7061459.971400] RAX: ffffffff81b62a50 RBX: 0000000000000000 RCX: 
00000000000002
 00
[7061459.971407] RDX: 0000000000000000 RSI: ffffffff81b434a8 RDI: 
00000000000000
 00
[7061459.971413] RBP: ffffffff81805db8 R08: ffff88007fc18080 R09: 
ffffffff818937
 30
[7061459.971420] R10: ffffffff81893750 R11: 0000000000000001 R12: 
ffffffff818272
 40
[7061459.971426] R13: ffff88007fc1b000 R14: 0000000000000000 R15: 
ffffffff818272
 a4
[7061459.971438] FS:  0000000000000000(0000) GS:ffff880001fd6000(0000) 
knlGS:000
 0000000000000
[7061459.971445] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[7061459.971450] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 
00000000000026
 60
[7061459.971457] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
00000000000000
 00
[7061459.971464] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 
00000000000004
 00
[7061459.971471] Process swapper (pid: 0, threadinfo ffffffff81804000, task 
ffff
 ffff818979f0)
[7061459.971478] Stack:
[7061459.971481]  ffffffff8107cac5 0000000000000000 00000000ffffffda 
ffffffff818
 05dd8
[7061459.971490] <0> ffffffff8107caa5 ffffffff815a94b1 ffffffff81827240 
ffffffff
 81805e18
[7061459.971502] <0> ffffffff8107c009 0000000000000200 ffff88007fc1b000 
00000000
 fffffff4
[7061459.971515] Call Trace:
[7061459.971525]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
[7061459.971533]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
[7061459.971542]  [<ffffffff815a94b1>] ? _spin_lock_irqsave+0x19/0x32
[7061459.971550]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
[7061459.971558]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7061459.971565]  [<ffffffff8107c22d>] request_threaded_irq+0xec/0x12b
[7061459.971575]  [<ffffffff812b278c>] bind_virq_to_irqhandler+0x13f/0x163
[7061459.971582]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7061459.971589]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
[7061459.971598]  [<ffffffff8198d5a3>] xen_time_init+0xb7/0xc0
[7061459.971604]  [<ffffffff8198da27>] x86_late_time_init+0xa/0x11
[7061459.971612]  [<ffffffff81989c2f>] start_kernel+0x2fe/0x385
[7061459.971618]  [<ffffffff819892bf>] x86_64_start_reservations+0xaa/0xae
[7061459.971626]  [<ffffffff8198cad2>] xen_start_kernel+0x541/0x548
[7061459.971631] Code:  Bad RIP value.
[7061459.971641] RIP  [<(null)>] (null)
[7061459.971646]  RSP <ffffffff81805da0>
[7061459.971650] CR2: 0000000000000000
[7061459.971660] ---[ end trace 4eaa2a86a8e2da22 ]---
[7061459.971665] Kernel panic - not syncing: Attempted to kill the idle task!
[7061459.971671] Pid: 0, comm: swapper Tainted: G      D    2.6.32.22 #1
[7061459.971676] Call Trace:
[7061459.971682]  [<ffffffff815a7537>] panic+0xa0/0x158
[7061459.971688]  [<ffffffff815a7656>] ? printk+0x67/0x69
[7061459.971696]  [<ffffffff81055e60>] ?
blocking_notifier_call_chain+0xf/0x11
[7061459.971705]  [<ffffffff81042b76>] do_exit+0x79/0x6c9
[7061459.971711]  [<ffffffff815aa492>] oops_end+0xb9/0xc1
[7061459.971718]  [<ffffffff8102aeed>] no_context+0x1ea/0x1f9
[7061459.971724]  [<ffffffff8102b0b5>] __bad_area_nosemaphore+0x1b9/0x1df
[7061459.971733]  [<ffffffff8108ec17>] ?
__alloc_pages_nodemask+0x11a/0x5e7
[7061459.971741]  [<ffffffff8100dd01>] ? xen_force_evtchn_callback+0xd/0xf
[7061459.971747]  [<ffffffff8100e352>] ? check_events+0x12/0x20
[7061459.971754]  [<ffffffff8102b0e9>] bad_area_nosemaphore+0xe/0x10
[7061459.971761]  [<ffffffff815ab98a>] do_page_fault+0x1a0/0x2d6
[7061459.971768]  [<ffffffff815a9975>] page_fault+0x25/0x30
[7061459.971775]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
[7061459.971782]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
[7061459.971788]  [<ffffffff815a94b1>] ? _spin_lock_irqsave+0x19/0x32
[7061459.971795]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
[7061459.971801]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7061459.971808]  [<ffffffff8107c22d>] request_threaded_irq+0xec/0x12b
[7061459.971815]  [<ffffffff812b278c>] bind_virq_to_irqhandler+0x13f/0x163
[7061460.172264]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7061460.172273]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
[7061460.172283]  [<ffffffff8198d5a3>] xen_time_init+0xb7/0xc0
[7061460.172290]  [<ffffffff8198da27>] x86_late_time_init+0xa/0x11
[7061460.172297]  [<ffffffff81989c2f>] start_kernel+0x2fe/0x385
[7061460.172304]  [<ffffffff819892bf>] x86_64_start_reservations+0xaa/0xae
[7061460.172311]  [<ffffffff8198cad2>] xen_start_kernel+0x541/0x548



dom0 is XEN 3.4.3 selfcompiled on Debian Lenny amd64.
Hardware is Supermicro Board with XEON E5506 CPU.

Best regards
Gio



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Tue, Sep 21, 2010 at 10:02:53AM +0000, Giovanni Bellac
wrote:
> Hello
> 
> I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from
kernel.org.
> 2.6.32.22 has the important security fix (local user can be root with a 
> exploit).
Did it used to work before? With 2.6.32.20 ? Was that kernel from
kernel.org too? Did you try to bisect the kernels to see which git commit
from 2.6.32.20 through 2.6.32.22 caused the failure?

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi,

----- "Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com> wrote:
> On Tue, Sep 21, 2010 at 10:02:53AM +0000, Giovanni Bellac wrote:
> > Hello
> > 
> > I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from
> kernel.org.
> > 2.6.32.22 has the important security fix (local user can be root
> with a 
> > exploit).
> 
> Did it used to work before? With 2.6.32.20 ? Was that kernel from
> kernel.org too? Did you try to bisect the kernels to see which git
> commit
> from 2.6.32.20 through 2.6.32.22 caused the failure?
2.6.32.21 boots fine on Xen.  2.6.32.22 does not due to NULL rip, so it
is probably related to the security fix that was done.  Will bisect
later.

William

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 09/21/2010 03:02 AM, Giovanni Bellac wrote:
> Hello
>
> I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from
> kernel.org.
> 2.6.32.22 has the important security fix (local user can be root with
> a exploit).
>
> When booting up the domU with the new kernel, it hangs here:
>
> [7061459.971314] installing Xen timer for CPU 0
> [7061459.971338] BUG: unable to handle kernel NULL pointer dereference
> at (null)
> [7061459.971347] IP: [<(null)>] (null)

Aiee - that''s not good.  I see the problem, but I''m not sure
why I
didn''t see it in testing.  Patch shortly.

    J
> [7061459.971353] PGD 0
> [7061459.971357] Thread overran stack, or stack corrupted
> [7061459.971362] Oops: 0010 [#1] SMP
> [7061459.971368] last sysfs file:
> [7061459.971372] CPU 0
> [7061459.971377] Modules linked in:
> [7061459.971383] Pid: 0, comm: swapper Not tainted 2.6.32.22 #1
> [7061459.971389] RIP: e030:[<0000000000000000>]  [<(null)>]
(null)
> [7061459.971395] RSP: e02b:ffffffff81805da0  EFLAGS: 00010082
> [7061459.971400] RAX: ffffffff81b62a50 RBX: 0000000000000000 RCX:
> 00000000000002
> 00
> [7061459.971407] RDX: 0000000000000000 RSI: ffffffff81b434a8 RDI:
> 00000000000000
> 00
> [7061459.971413] RBP: ffffffff81805db8 R08: ffff88007fc18080 R09:
> ffffffff818937
> 30
> [7061459.971420] R10: ffffffff81893750 R11: 0000000000000001 R12:
> ffffffff818272
> 40
> [7061459.971426] R13: ffff88007fc1b000 R14: 0000000000000000 R15:
> ffffffff818272
> a4
> [7061459.971438] FS:  0000000000000000(0000) GS:ffff880001fd6000(0000)
> knlGS:000
> 0000000000000
> [7061459.971445] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
> [7061459.971450] CR2: 0000000000000000 CR3: 0000000001001000 CR4:
> 00000000000026
> 60
> [7061459.971457] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 00000000000000
> 00
> [7061459.971464] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 00000000000004
> 00
> [7061459.971471] Process swapper (pid: 0, threadinfo ffffffff81804000,
> task
> ffff
> ffff818979f0)
> [7061459.971478] Stack:
> [7061459.971481]  ffffffff8107cac5 0000000000000000 00000000ffffffda
> ffffffff818
> 05dd8
> [7061459.971490] <0> ffffffff8107caa5 ffffffff815a94b1
> ffffffff81827240
> ffffffff
> 81805e18
> [7061459.971502] <0> ffffffff8107c009 0000000000000200
> ffff88007fc1b000
> 00000000
> fffffff4
> [7061459.971515] Call Trace:
> [7061459.971525]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
> [7061459.971533]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
> [7061459.971542]  [<ffffffff815a94b1>] ? _spin_lock_irqsave+0x19/0x32
> [7061459.971550]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
> [7061459.971558]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
> [7061459.971565]  [<ffffffff8107c22d>]
request_threaded_irq+0xec/0x12b
> [7061459.971575]  [<ffffffff812b278c>]
bind_virq_to_irqhandler+0x13f/0x163
> [7061459.971582]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
> [7061459.971589]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
> [7061459.971598]  [<ffffffff8198d5a3>] xen_time_init+0xb7/0xc0
> [7061459.971604]  [<ffffffff8198da27>] x86_late_time_init+0xa/0x11
> [7061459.971612]  [<ffffffff81989c2f>] start_kernel+0x2fe/0x385
> [7061459.971618]  [<ffffffff819892bf>]
x86_64_start_reservations+0xaa/0xae
> [7061459.971626]  [<ffffffff8198cad2>] xen_start_kernel+0x541/0x548
> [7061459.971631] Code:  Bad RIP value.
> [7061459.971641] RIP  [<(null)>] (null)
> [7061459.971646]  RSP <ffffffff81805da0>
> [7061459.971650] CR2: 0000000000000000
> [7061459.971660] ---[ end trace 4eaa2a86a8e2da22 ]---
> [7061459.971665] Kernel panic - not syncing: Attempted to kill the
> idle task!
> [7061459.971671] Pid: 0, comm: swapper Tainted: G      D    2.6.32.22 #1
> [7061459.971676] Call Trace:
> [7061459.971682]  [<ffffffff815a7537>] panic+0xa0/0x158
> [7061459.971688]  [<ffffffff815a7656>] ? printk+0x67/0x69
> [7061459.971696]  [<ffffffff81055e60>] ?
> blocking_notifier_call_chain+0xf/0x11
> [7061459.971705]  [<ffffffff81042b76>] do_exit+0x79/0x6c9
> [7061459.971711]  [<ffffffff815aa492>] oops_end+0xb9/0xc1
> [7061459.971718]  [<ffffffff8102aeed>] no_context+0x1ea/0x1f9
> [7061459.971724]  [<ffffffff8102b0b5>]
__bad_area_nosemaphore+0x1b9/0x1df
> [7061459.971733]  [<ffffffff8108ec17>] ?
> __alloc_pages_nodemask+0x11a/0x5e7
> [7061459.971741]  [<ffffffff8100dd01>] ?
xen_force_evtchn_callback+0xd/0xf
> [7061459.971747]  [<ffffffff8100e352>] ? check_events+0x12/0x20
> [7061459.971754]  [<ffffffff8102b0e9>] bad_area_nosemaphore+0xe/0x10
> [7061459.971761]  [<ffffffff815ab98a>] do_page_fault+0x1a0/0x2d6
> [7061459.971768]  [<ffffffff815a9975>] page_fault+0x25/0x30
> [7061459.971775]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
> [7061459.971782]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
> [7061459.971788]  [<ffffffff815a94b1>] ? _spin_lock_irqsave+0x19/0x32
> [7061459.971795]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
> [7061459.971801]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
> [7061459.971808]  [<ffffffff8107c22d>]
request_threaded_irq+0xec/0x12b
> [7061459.971815]  [<ffffffff812b278c>]
bind_virq_to_irqhandler+0x13f/0x163
> [7061460.172264]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
> [7061460.172273]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
> [7061460.172283]  [<ffffffff8198d5a3>] xen_time_init+0xb7/0xc0
> [7061460.172290]  [<ffffffff8198da27>] x86_late_time_init+0xa/0x11
> [7061460.172297]  [<ffffffff81989c2f>] start_kernel+0x2fe/0x385
> [7061460.172304]  [<ffffffff819892bf>]
x86_64_start_reservations+0xaa/0xae
> [7061460.172311]  [<ffffffff8198cad2>] xen_start_kernel+0x541/0x548
>
>
>
> dom0 is XEN 3.4.3 selfcompiled on Debian Lenny amd64.
> Hardware is Supermicro Board with XEON E5506 CPU.
>
> Best regards
> Gio
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 09/21/2010 08:48 AM, Jeremy Fitzhardinge wrote:
>  On 09/21/2010 03:02 AM, Giovanni Bellac wrote:
>> Hello
>>
>> I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from
>> kernel.org.
>> 2.6.32.22 has the important security fix (local user can be root with
>> a exploit).
>>
>> When booting up the domU with the new kernel, it hangs here:
>>
>> [7061459.971314] installing Xen timer for CPU 0
>> [7061459.971338] BUG: unable to handle kernel NULL pointer dereference
>> at (null)
>> [7061459.971347] IP: [<(null)>] (null)
>
> Aiee - that''s not good.  I see the problem, but I''m not
sure why I
> didn''t see it in testing.  Patch shortly.
No, its a little more subtle than I first thought (which is just as
well, because my first thought was a brain-stabbingly dumb bug).  I''m
guessing its a race where the timer interrupt is being enabled too early
before its irq state has been set up properly, but I need to look at it
a bit more closely.

    J
>> [7061459.971353] PGD 0
>> [7061459.971357] Thread overran stack, or stack corrupted
>> [7061459.971362] Oops: 0010 [#1] SMP
>> [7061459.971368] last sysfs file:
>> [7061459.971372] CPU 0
>> [7061459.971377] Modules linked in:
>> [7061459.971383] Pid: 0, comm: swapper Not tainted 2.6.32.22 #1
>> [7061459.971389] RIP: e030:[<0000000000000000>]  [<(null)>]
(null)
>> [7061459.971395] RSP: e02b:ffffffff81805da0  EFLAGS: 00010082
>> [7061459.971400] RAX: ffffffff81b62a50 RBX: 0000000000000000 RCX:
>> 00000000000002
>> 00
>> [7061459.971407] RDX: 0000000000000000 RSI: ffffffff81b434a8 RDI:
>> 00000000000000
>> 00
>> [7061459.971413] RBP: ffffffff81805db8 R08: ffff88007fc18080 R09:
>> ffffffff818937
>> 30
>> [7061459.971420] R10: ffffffff81893750 R11: 0000000000000001 R12:
>> ffffffff818272
>> 40
>> [7061459.971426] R13: ffff88007fc1b000 R14: 0000000000000000 R15:
>> ffffffff818272
>> a4
>> [7061459.971438] FS:  0000000000000000(0000) GS:ffff880001fd6000(0000)
>> knlGS:000
>> 0000000000000
>> [7061459.971445] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
>> [7061459.971450] CR2: 0000000000000000 CR3: 0000000001001000 CR4:
>> 00000000000026
>> 60
>> [7061459.971457] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 00000000000000
>> 00
>> [7061459.971464] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
>> 00000000000004
>> 00
>> [7061459.971471] Process swapper (pid: 0, threadinfo ffffffff81804000,
>> task
>> ffff
>> ffff818979f0)
>> [7061459.971478] Stack:
>> [7061459.971481]  ffffffff8107cac5 0000000000000000 00000000ffffffda
>> ffffffff818
>> 05dd8
>> [7061459.971490] <0> ffffffff8107caa5 ffffffff815a94b1
>> ffffffff81827240
>> ffffffff
>> 81805e18
>> [7061459.971502] <0> ffffffff8107c009 0000000000000200
>> ffff88007fc1b000
>> 00000000
>> fffffff4
>> [7061459.971515] Call Trace:
>> [7061459.971525]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
>> [7061459.971533]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
>> [7061459.971542]  [<ffffffff815a94b1>] ?
_spin_lock_irqsave+0x19/0x32
>> [7061459.971550]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
>> [7061459.971558]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
>> [7061459.971565]  [<ffffffff8107c22d>]
request_threaded_irq+0xec/0x12b
>> [7061459.971575]  [<ffffffff812b278c>]
bind_virq_to_irqhandler+0x13f/0x163
>> [7061459.971582]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
>> [7061459.971589]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
>> [7061459.971598]  [<ffffffff8198d5a3>] xen_time_init+0xb7/0xc0
>> [7061459.971604]  [<ffffffff8198da27>]
x86_late_time_init+0xa/0x11
>> [7061459.971612]  [<ffffffff81989c2f>] start_kernel+0x2fe/0x385
>> [7061459.971618]  [<ffffffff819892bf>]
x86_64_start_reservations+0xaa/0xae
>> [7061459.971626]  [<ffffffff8198cad2>]
xen_start_kernel+0x541/0x548
>> [7061459.971631] Code:  Bad RIP value.
>> [7061459.971641] RIP  [<(null)>] (null)
>> [7061459.971646]  RSP <ffffffff81805da0>
>> [7061459.971650] CR2: 0000000000000000
>> [7061459.971660] ---[ end trace 4eaa2a86a8e2da22 ]---
>> [7061459.971665] Kernel panic - not syncing: Attempted to kill the
>> idle task!
>> [7061459.971671] Pid: 0, comm: swapper Tainted: G      D    2.6.32.22
#1
>> [7061459.971676] Call Trace:
>> [7061459.971682]  [<ffffffff815a7537>] panic+0xa0/0x158
>> [7061459.971688]  [<ffffffff815a7656>] ? printk+0x67/0x69
>> [7061459.971696]  [<ffffffff81055e60>] ?
>> blocking_notifier_call_chain+0xf/0x11
>> [7061459.971705]  [<ffffffff81042b76>] do_exit+0x79/0x6c9
>> [7061459.971711]  [<ffffffff815aa492>] oops_end+0xb9/0xc1
>> [7061459.971718]  [<ffffffff8102aeed>] no_context+0x1ea/0x1f9
>> [7061459.971724]  [<ffffffff8102b0b5>]
__bad_area_nosemaphore+0x1b9/0x1df
>> [7061459.971733]  [<ffffffff8108ec17>] ?
>> __alloc_pages_nodemask+0x11a/0x5e7
>> [7061459.971741]  [<ffffffff8100dd01>] ?
xen_force_evtchn_callback+0xd/0xf
>> [7061459.971747]  [<ffffffff8100e352>] ? check_events+0x12/0x20
>> [7061459.971754]  [<ffffffff8102b0e9>]
bad_area_nosemaphore+0xe/0x10
>> [7061459.971761]  [<ffffffff815ab98a>] do_page_fault+0x1a0/0x2d6
>> [7061459.971768]  [<ffffffff815a9975>] page_fault+0x25/0x30
>> [7061459.971775]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
>> [7061459.971782]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
>> [7061459.971788]  [<ffffffff815a94b1>] ?
_spin_lock_irqsave+0x19/0x32
>> [7061459.971795]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
>> [7061459.971801]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
>> [7061459.971808]  [<ffffffff8107c22d>]
request_threaded_irq+0xec/0x12b
>> [7061459.971815]  [<ffffffff812b278c>]
bind_virq_to_irqhandler+0x13f/0x163
>> [7061460.172264]  [<ffffffff8100e05f>] ?
xen_timer_interrupt+0x0/0x182
>> [7061460.172273]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
>> [7061460.172283]  [<ffffffff8198d5a3>] xen_time_init+0xb7/0xc0
>> [7061460.172290]  [<ffffffff8198da27>]
x86_late_time_init+0xa/0x11
>> [7061460.172297]  [<ffffffff81989c2f>] start_kernel+0x2fe/0x385
>> [7061460.172304]  [<ffffffff819892bf>]
x86_64_start_reservations+0xaa/0xae
>> [7061460.172311]  [<ffffffff8198cad2>]
xen_start_kernel+0x541/0x548
>>
>>
>>
>> dom0 is XEN 3.4.3 selfcompiled on Debian Lenny amd64.
>> Hardware is Supermicro Board with XEON E5506 CPU.
>>
>> Best regards
>> Gio
>>
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 09/21/2010 03:02 AM, Giovanni Bellac wrote:
> Hello
>
> I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from
> kernel.org.
> 2.6.32.22 has the important security fix (local user can be root with
> a exploit).
Does this help?

Thanks,
    J

From: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Date: Wed, 22 Sep 2010 15:28:52 -0700
Subject: [PATCH] xen: set up IRQ before binding virq to evtchn

Make sure the irq is set up before binding a virq event channel to it.

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>

diff --git a/drivers/xen/events.c b/drivers/xen/events.c
index 3132a5e..cd17f86 100644
--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -426,6 +426,11 @@ static int bind_virq_to_irq(unsigned int virq, unsigned int
cpu)
 	irq = per_cpu(virq_to_irq, cpu)[virq];
 
 	if (irq == -1) {
+		irq = find_unbound_irq();
+
+		set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
+					      handle_percpu_irq, "virq");
+
 		bind_virq.virq = virq;
 		bind_virq.vcpu = cpu;
 		if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_virq,
@@ -433,11 +438,6 @@ static int bind_virq_to_irq(unsigned int virq, unsigned int
cpu)
 			BUG();
 		evtchn = bind_virq.port;
 
-		irq = find_unbound_irq();
-
-		set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
-					      handle_percpu_irq, "virq");
-
 		evtchn_to_irq[evtchn] = irq;
 		irq_info[irq] = mk_virq_info(evtchn, virq);
 



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hello

no, got a kernel panic too:

[7257008.739405] SLUB: Genslabs=14, HWalign=64, Order=0-3, MinObjects=0, 
CPUs=4,                                                             Nodes=1
[7257008.739427] Hierarchical RCU implementation.
[7257008.739432] NR_IRQS:2304
[7257008.739821] Console: colour dummy device 80x25
[7257008.739918] console [tty0] enabled
[7257008.740107] console [hvc0] enabled
[7257008.740137] installing Xen timer for CPU 0
[7257008.740160] BUG: unable to handle kernel NULL pointer dereference at (null)
[7257008.740169] IP: [<(null)>] (null)
[7257008.740175] PGD 0
[7257008.740179] Thread overran stack, or stack corrupted
[7257008.740184] Oops: 0010 [#1] SMP
[7257008.740190] last sysfs file:
[7257008.740194] CPU 0
[7257008.740198] Modules linked in:
[7257008.740205] Pid: 0, comm: swapper Not tainted 2.6.32.22 #1
[7257008.740210] RIP: e030:[<0000000000000000>]  [<(null)>] (null)
[7257008.740217] RSP: e02b:ffffffff81807da0  EFLAGS: 00010082
[7257008.740222] RAX: ffffffff81b64a50 RBX: 0000000000000000 RCX: 
00000000000002                                                            00
[7257008.740229] RDX: 0000000000000000 RSI: ffffffff81b454a8 RDI: 
00000000000000                                                            00
[7257008.740235] RBP: ffffffff81807db8 R08: ffff88007fc18080 R09: 
ffffffff818957                                                            30
[7257008.740241] R10: ffffffff81895750 R11: 0000000000000001 R12: 
ffffffff818292                                                            40
[7257008.740248] R13: ffff88007fc1b000 R14: 0000000000000000 R15: 
ffffffff818292                                                            a4
[7257008.740259] FS:  0000000000000000(0000) GS:ffff880001fd8000(0000) 
knlGS:000                                                            
0000000000000
[7257008.740266] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[7257008.740272] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 
00000000000026                                                            60
[7257008.740279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
00000000000000                                                            00
[7257008.740286] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 
00000000000004                                                            00
[7257008.740292] Process swapper (pid: 0, threadinfo ffffffff81806000, task 
ffff                                                            ffff818999f0)
[7257008.740299] Stack:
[7257008.740302]  ffffffff8107cac5 0000000000000000 00000000ffffffda 
ffffffff818                                                            07dd8
[7257008.740312] <0> ffffffff8107caa5 ffffffff815a94b1 ffffffff81829240 
ffffffff                                                            81807e18
[7257008.740323] <0> ffffffff8107c009 0000000000000200 ffff88007fc1b000 
00000000                                                            fffffff4
[7257008.740336] Call Trace:
[7257008.740346]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
[7257008.740354]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
[7257008.740363]  [<ffffffff815a94b1>] ? _spin_lock_irqsave+0x19/0x32
[7257008.740371]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
[7257008.740379]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7257008.740386]  [<ffffffff8107c22d>] request_threaded_irq+0xec/0x12b
[7257008.740396]  [<ffffffff812b278c>] bind_virq_to_irqhandler+0x13f/0x163
[7257008.740404]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7257008.740411]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
[7257008.740420]  [<ffffffff8198f5a3>] xen_time_init+0xb7/0xc0
[7257008.740427]  [<ffffffff8198fa27>] x86_late_time_init+0xa/0x11
[7257008.740434]  [<ffffffff8198bc2f>] start_kernel+0x2fe/0x385
[7257008.740441]  [<ffffffff8198b2bf>] x86_64_start_reservations+0xaa/0xae
[7257008.740448]  [<ffffffff8198ead2>] xen_start_kernel+0x541/0x548
[7257008.740453] Code:  Bad RIP value.
[7257008.740463] RIP  [<(null)>] (null)
[7257008.740468]  RSP <ffffffff81807da0>
[7257008.740472] CR2: 0000000000000000
[7257008.740482] ---[ end trace 4eaa2a86a8e2da22 ]---
[7257008.740487] Kernel panic - not syncing: Attempted to kill the idle task!
[7257008.740494] Pid: 0, comm: swapper Tainted: G      D    2.6.32.22 #1
[7257008.740499] Call Trace:
[7257008.740504]  [<ffffffff815a7537>] panic+0xa0/0x158
[7257008.740510]  [<ffffffff815a7656>] ? printk+0x67/0x69
[7257008.740519]  [<ffffffff81055e60>] ?
blocking_notifier_call_chain+0xf/0x11
[7257008.740528]  [<ffffffff81042b76>] do_exit+0x79/0x6c9
[7257008.740534]  [<ffffffff815aa492>] oops_end+0xb9/0xc1
[7257008.740541]  [<ffffffff8102aeed>] no_context+0x1ea/0x1f9
[7257008.740547]  [<ffffffff8102b0b5>] __bad_area_nosemaphore+0x1b9/0x1df
[7257008.740556]  [<ffffffff8108ec17>] ?
__alloc_pages_nodemask+0x11a/0x5e7
[7257008.740563]  [<ffffffff8100dd01>] ? xen_force_evtchn_callback+0xd/0xf
[7257008.740570]  [<ffffffff8100e352>] ? check_events+0x12/0x20
[7257008.740576]  [<ffffffff8102b0e9>] bad_area_nosemaphore+0xe/0x10
[7257008.740584]  [<ffffffff815ab98a>] do_page_fault+0x1a0/0x2d6
[7257008.740590]  [<ffffffff815a9975>] page_fault+0x25/0x30
[7257008.740597]  [<ffffffff8107cac5>] ? default_enable+0x1a/0x28
[7257008.740604]  [<ffffffff8107caa5>] default_startup+0x19/0x1f
[7257008.740611]  [<ffffffff815a94b1>] ? _spin_lock_irqsave+0x19/0x32
[7257008.740617]  [<ffffffff8107c009>] __setup_irq+0x197/0x2cf
[7257008.740624]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7257008.740631]  [<ffffffff8107c22d>] request_threaded_irq+0xec/0x12b
[7257008.740638]  [<ffffffff812b278c>] bind_virq_to_irqhandler+0x13f/0x163
[7257008.940292]  [<ffffffff8100e05f>] ? xen_timer_interrupt+0x0/0x182
[7257008.940305]  [<ffffffff8100e01a>] xen_setup_timer+0x59/0x9e
[7257008.940317]  [<ffffffff8198f5a3>] xen_time_init+0xb7/0xc0
[7257008.940327]  [<ffffffff8198fa27>] x86_late_time_init+0xa/0x11
[7257008.940336]  [<ffffffff8198bc2f>] start_kernel+0x2fe/0x385
[7257008.940345]  [<ffffffff8198b2bf>] x86_64_start_reservations+0xaa/0xae
[7257008.940355]  [<ffffffff8198ead2>] xen_start_kernel+0x541/0x548



Best regards
Gio





________________________________
Von: Jeremy Fitzhardinge <jeremy@goop.org>
An: Giovanni Bellac <giovannib1979@ymail.com>
CC: xen-devel@lists.xensource.com
Gesendet: Donnerstag, den 23. September 2010, 0:48:57 Uhr
Betreff: Re: [Xen-devel] 2.6.32.22 (amd64) domU Kernel doesnt boot - kernel 
panic

On 09/21/2010 03:02 AM, Giovanni Bellac wrote:
> Hello
>
> I have used my 2.6.32.20 config and compiled now a 2.6.32.22 from
> kernel.org.
> 2.6.32.22 has the important security fix (local user can be root with
> a exploit).
Does this help?

Thanks,
    J

From: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Date: Wed, 22 Sep 2010 15:28:52 -0700
Subject: [PATCH] xen: set up IRQ before binding virq to evtchn

Make sure the irq is set up before binding a virq event channel to it.

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>

diff --git a/drivers/xen/events.c b/drivers/xen/events.c
index 3132a5e..cd17f86 100644
--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -426,6 +426,11 @@ static int bind_virq_to_irq(unsigned int virq, unsigned int
cpu)
    irq = per_cpu(virq_to_irq, cpu)[virq];

    if (irq == -1) {
+        irq = find_unbound_irq();
+
+        set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
+                          handle_percpu_irq, "virq");
+
        bind_virq.virq = virq;
        bind_virq.vcpu = cpu;
        if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_virq,
@@ -433,11 +438,6 @@ static int bind_virq_to_irq(unsigned int virq, unsigned int
cpu)
            BUG();
        evtchn = bind_virq.port;

-        irq = find_unbound_irq();
-
-        set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
-                          handle_percpu_irq, "virq");
-
        evtchn_to_irq[evtchn] = irq;
        irq_info[irq] = mk_virq_info(evtchn, virq);



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel