Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Dom0 PAE panic when starting xend
Jean-Yves Migeon wrote:
Christoph Egger wrote:
Somewhere between uvm_map and privpgop_fault, the mfns are not passed
down correctly.
Stay tuned.
Does it matter if you use PAE or non-PAE ? on amd64, I can't reproduce
it the way I described in my earlier mail.
Both are affected by the bug (PAE and non PAE kernels). Not tested under
64bits, but last time I tried it worked (about a month ago).
Got it, things are really funny.
Is it expected that kmem_alloc() returns sometimes unaligned addresses
for PAGE_SIZE allocations, like this one?
...
/* we only need one L3 page */
l3_p2m_page = kmem_alloc(PAGE_SIZE, KM_NOSLEEP);
if (l3_p2m_page == NULL)
panic("could not allocate memory for l3_p2m_page");
...
+++++fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c0127594 cs 9 eflags 202 cr2 c29cf975 ilevel 6
Stopped in pid 0.2 (system) at netbsd:breakpoint+0x4: popl %ebp
db> x l3_p2m_page
netbsd:l3_p2m_page: c2830004
If yes, I'd like to add a comment about it in kmem_alloc(9), because it
is really _a_bad_thing_® in some cases with Xen.
Reverting my change from kmem_alloc() to a mere malloc() fixes my issue:
login: ++++fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c0127594 cs 9 eflags 202 cr2 805e064 ilevel 6
Stopped in pid 0.2 (system) at netbsd:breakpoint+0x4: popl %ebp
db> x l3_p2m_page
netbsd:l3_p2m_page: c064c000
On a side note, I would like to bring to your attention that this kind
of "bug" inside a domU _does_ bring down a dom0, by making it loop
inside its page fault handler. So, in essence, you got a DoS here,
potentially harming all your domUs when trying to save/migrate one. I
will test it with XenSource's Linux to see how it behaves.
Who is at fault here? Should NetBSD add some checks against invalid
mappings (when hypercall returns EINVAL for a foreign domain), or should
xentools check the validity (against a poison for example) and abort the
operation if it triggers?
Opinions are more than welcomed.
--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost
Home |
Main Index |
Thread Index |
Old Index