Subject: Fix for NetBSD Dom0 boot problem
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Christoph Egger <Christoph_Egger@gmx.de>
List: port-xen
Date: 12/05/2007 18:23:46
Hi Manuel,

Please update pkgsrc's xenkernel3/patches/patch-ba:

hg clone http://xenbits.xensource.com/staging/xen-unstable.hg/
hg diff -p -r16534 -r16535 >netbsd_dom0_bootfix.diff

The content of netbsd_dom0_bootfix.diff should match this:
http://xenbits.xensource.com/staging/xen-unstable.hg/rev/c67d024fdd2d

Add this diff to above patch-ba.


This fixes a NetBSD Dom0 Xen-amd64 boot problem for me, which I have
with Xen 3.1.x and Xen-unstable. The Xen crash output is below. The crash
happened right before NetBSD loaded the symbol table.

The bug was a trampoline mapping leaking into Dom0s address space.
And the bug was hit when the Dom0 freed the pagetable.

Linux Dom0 uses the builder-provided pagetable as its kernel idle pagetable.
So it never frees the pagetable and so never hit the bad path.

Oh, I have no idea how you got NetBSD Dom0 booting without that fix.


[...]
(XEN) 3... 2... 1... 
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch input to 
Xen)
(XEN) Freed 132kB init memory.
(XEN) Assertion '(x & ((1U<<26)-1)) != 0' failed at mm.c:1714
(XEN) ----[ Xen-3.2-unstable  x86_64  debug=y  Tainted:    C ]----
(XEN) CPU:    0
(XEN) RIP:    e008:[<ffff828c8015c80d>] put_page_type+0x63/0x394
(XEN) RFLAGS: 0000000000010202   CONTEXT: hypervisor
(XEN) rax: 0000000000000001   rbx: 0000000000000000   rcx: 0000000000000008
(XEN) rdx: 0000000000000000   rsi: 000000000000000a   rdi: ffff828c8023e0a8
(XEN) rbp: ffff828c802a7b38   rsp: ffff828c802a7aa8   r8:  00000000ffffffff
(XEN) r9:  00000000ffffffff   r10: ffff828c802be05f   r11: ffff828c802bdc76
(XEN) r12: ffffffff80d5f000   r13: ffffffff80d65000   r14: ffffffff80d53000
(XEN) r15: ffffffff80ce7000   cr0: 000000008005003b   cr4: 00000000000006f0
(XEN) cr3: 000000011bd53000   cr2: 0000000000000000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen stack trace from rsp=ffff828c802a7aa8:
(XEN)    ffff8300deef0100 0000000a80219654 ffff828c802a7ae8 ffff828402cffd08
(XEN)    ffff828c802a7b10 ffffffffffffffff 0000000000000000 0000000000000000
(XEN)    ffff828c802a7bf8 0000000000000282 ffff828c8013b6dc ffff828c80220cde
(XEN)    000000011ffe7063 ffff828c802bdc7f 0000003000000018 ffff828c802a7c08
(XEN)    ffff828c802a7b48 0000000000000000 ffff828c802a7b58 ffff828c80157bcf
(XEN)    ffff828c802a7bc8 ffff828402cffd08 ffff828c802a7b78 ffff828c80159d01
(XEN)    000000000011bce7 000000011ffed063 ffff828c802a7bb8 ffff828c8015b0fb
(XEN)    00000001012a7bb8 ffff828402c58418 ffff8300dfdf4100 000000000011bce7
(XEN)    ffff83011bce7000 000000008027b4e0 ffff828c802a7bf8 ffff828c8015c726
(XEN)    00000000dfdf4100 0000000080000000 0000000088000001 ffff828402c58418
(XEN)    ffff8300dfdf4100 ffff8300dfdf4100 ffff828c802a7c98 ffff828c8015c9d5
(XEN)    000000080011bd53 0000000088000001 0000000080000005 ffff828402c58418
(XEN)    000000010011bce7 0000000088000000 0000000088000001 0000000088000001
(XEN)    0000000088000001 0000000880000004 0000000080000001 0000000088000001
(XEN)    ffff828402c58430 ffffffff80d65000 ffff828c802a7cb8 ffff828c8015863d
(XEN)    000000000011bce7 00000001dfdf4100 ffff828c802a7cb8 ffff828c80157bcf
(XEN)    000000000011bce7 ffff828402c58418 ffff828c802a7f08 ffff828c8015e479
(XEN)    ffff828c802a7d18 0000000080159adf 0000000000000000 ffff8300dfdf4100
(XEN)    0000000000000000 000000041bd53067 ffff8300dfdf4100 0000000000000000
(XEN)    ffff8300dfdf4100 0000000000000000 ffff8300dfdf4100 0000000000000000
(XEN) Xen call trace:
(XEN)    [<ffff828c8015c80d>] put_page_type+0x63/0x394
(XEN)    [<ffff828c80157bcf>] put_page_and_type+0x15/0x20
(XEN)    [<ffff828c80159d01>] put_page_from_l4e+0x89/0x8b
(XEN)    [<ffff828c8015b0fb>] free_l4_table+0xf5/0x103
(XEN)    [<ffff828c8015c726>] free_page_type+0x217/0x272
(XEN)    [<ffff828c8015c9d5>] put_page_type+0x22b/0x394
(XEN)    [<ffff828c80157bcf>] put_page_and_type+0x15/0x20
(XEN)    [<ffff828c8015e479>] do_mmuext_op+0xa03/0x113c
(XEN)    [<ffff828c802051bf>] tracing_off+0xb/0x65
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Assertion '(x & ((1U<<26)-1)) != 0' failed at mm.c:1714
(XEN) ****************************************
(XEN)
(XEN) Reboot in five seconds...