Re: Dom0 PAE panic when starting xend

To: Christoph Egger <Christoph_Egger%gmx.de@localhost>, port-xen <port-xen%NetBSD.org@localhost>
Subject: Re: Dom0 PAE panic when starting xend
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Tue, 03 Mar 2009 20:02:25 +0100

Jean-Yves Migeon wrote:

Christoph Egger wrote:
Somewhere between uvm_map and privpgop_fault, the mfns are not passed
down correctly.

Stay tuned.
Does it matter if you use PAE or non-PAE ? on amd64, I can't reproduce
it the way I described in my earlier mail.
Both are affected by the bug (PAE and non PAE kernels). Not tested under64bits, but last time I tried it worked (about a month ago).


Got it, things are really funny.

Is it expected that kmem_alloc() returns sometimes unaligned addressesfor PAGE_SIZE allocations, like this one?


...
        /* we only need one L3 page */
        l3_p2m_page = kmem_alloc(PAGE_SIZE, KM_NOSLEEP);
        if (l3_p2m_page == NULL)
                panic("could not allocate memory for l3_p2m_page");
...


+++++fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c0127594 cs 9 eflags 202 cr2 c29cf975 ilevel 6
Stopped in pid 0.2 (system) at  netbsd:breakpoint+0x4:  popl    %ebp
db> x l3_p2m_page
netbsd:l3_p2m_page:     c2830004

If yes, I'd like to add a comment about it in kmem_alloc(9), because itis really _a_bad_thing_® in some cases with Xen.


Reverting my change from kmem_alloc() to a mere malloc() fixes my issue:

login: ++++fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c0127594 cs 9 eflags 202 cr2 805e064 ilevel 6
Stopped in pid 0.2 (system) at  netbsd:breakpoint+0x4:  popl    %ebp
db> x l3_p2m_page
netbsd:l3_p2m_page:     c064c000

On a side note, I would like to bring to your attention that this kindof "bug" inside a domU _does_ bring down a dom0, by making it loopinside its page fault handler. So, in essence, you got a DoS here,potentially harming all your domUs when trying to save/migrate one. Iwill test it with XenSource's Linux to see how it behaves.

Who is at fault here? Should NetBSD add some checks against invalidmappings (when hypercall returns EINVAL for a foreign domain), or shouldxentools check the validity (against a poison for example) and abort theoperation if it triggers?


Opinions are more than welcomed.

--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: Dom0 PAE panic when starting xend
  - From: Manuel Bouyer

References:
- Dom0 PAE panic when starting xend
  - From: Christoph Egger
- Re: Dom0 PAE panic when starting xend
  - From: Christoph Egger
- Re: Dom0 PAE panic when starting xend
  - From: Christoph Egger
- Re: Dom0 PAE panic when starting xend
  - From: Jean-Yves Migeon
- Re: Dom0 PAE panic when starting xend
  - From: Jean-Yves Migeon
- Re: Dom0 PAE panic when starting xend
  - From: Christoph Egger
- Re: Dom0 PAE panic when starting xend
  - From: Jean-Yves Migeon

Prev by Date: Xen 3.4 News
Next by Date: Re: Dom0 PAE panic when starting xend
Previous by Thread: Re: Dom0 PAE panic when starting xend
Next by Thread: Re: Dom0 PAE panic when starting xend
Indexes:

Home | Main Index | Thread Index | Old Index