From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jason Andryuk <jandryuk@gmail.com>, Matthew Wilcox <willy@infradead.org>
Cc: Juergen Gross <jgross@suse.com>,
bugzilla-daemon@bugzilla.kernel.org, xen-devel@lists.xen.org,
linux-mm@kvack.org, Boris Ostrovsky <boris.ostrovsky@oracle.com>,
labbott@redhat.com, akpm@linux-foundation.org
Subject: Re: [Xen-devel] [Bug 198497] handle_mm_fault / xen_pmd_val / radix_tree_lookup_slot Null pointer
Date: Fri, 20 Apr 2018 16:40:16 +0100 [thread overview]
Message-ID: <691aee9e-b82f-b1d2-3419-46c78135688a@citrix.com> (raw)
In-Reply-To: <76a4ee3b-e00a-5032-df90-07d8e207f707@citrix.com>
On 20/04/18 16:25, Andrew Cooper wrote:
> On 20/04/18 16:20, Jason Andryuk wrote:
>> Adding xen-devel and the Linux Xen maintainers.
>>
>> Summary: Some Xen users (and maybe others) are hitting a BUG in
>> __radix_tree_lookup() under do_swap_page() - example backtrace is
>> provided at the end. Matthew Wilcox provided a band-aid patch that
>> prints errors like the following instead of triggering the bug.
>>
>> Skylake 32bit PAE Dom0:
>> Bad swp_entry: 80000000
>> mm/swap_state.c:683: bad pte d3a39f1c(8000000400000000)
>>
>> Ivy Bridge 32bit PAE Dom0:
>> Bad swp_entry: 40000000
>> mm/swap_state.c:683: bad pte d3a05f1c(8000000200000000)
>>
>> Other 32bit DomU:
>> Bad swp_entry: 4000000
>> mm/swap_state.c:683: bad pte e2187f30(8000000200000000)
>>
>> Other 32bit:
>> Bad swp_entry: 2000000
>> mm/swap_state.c:683: bad pte ef3a3f38(8000000100000000)
>>
>> The Linux bugzilla has more info
>> https://bugzilla.kernel.org/show_bug.cgi?id=198497
>>
>> This may not be exclusive to Xen Linux, but most of the reports are on
>> Xen. Matthew wonders if Xen might be stepping on the upper bits of a
>> pte.
> Yes - Xen does use the upper bits of a PTE, but only 1 in release
> builds, and a second in debug builds.A I don't understand where you're
> getting the 3rd bit in there.
>
> The use of these bits are dubious, and not adequately described in the
> ABI, and attempts to improve the state of play has come to nothing in
> the past.
Sorry - hit send too early.A To be rather more helpful:
For 64bit guests only, we use one bit to distinguish between guest
kernel and guest user pages.A This is because both guest user and kernel
run in ring3, and have to have _PAGE_USER set on them.A We use bit 52 to
tag guest kernel mappings, which is seeded from the guest kernels choice
of _PAGE_USER.
In debug builds of the hypervisor only, we use bit 62 to tag grant
mappings.A This is to help spot API errors in the guest, and results in
an instant crash if we spot misuse.
~Andrew
next prev parent reply other threads:[~2018-04-20 15:40 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-198497-200779@https.bugzilla.kernel.org/>
[not found] ` <bug-198497-200779-43rwxa1kcg@https.bugzilla.kernel.org/>
2018-04-20 13:10 ` Jason Andryuk
2018-04-20 13:39 ` Matthew Wilcox
2018-04-20 15:20 ` Jason Andryuk
2018-04-20 15:25 ` [Xen-devel] " Andrew Cooper
2018-04-20 15:40 ` Andrew Cooper [this message]
2018-04-20 15:42 ` Jan Beulich
2018-04-20 15:52 ` Jason Andryuk
2018-04-20 16:00 ` Andrew Cooper
2018-04-20 16:02 ` Jan Beulich
2018-04-20 19:20 ` Boris Ostrovsky
2018-04-21 6:17 ` Juergen Gross
2018-04-21 14:35 ` Matthew Wilcox
2018-04-22 5:50 ` Juergen Gross
2018-04-23 8:17 ` Juergen Gross
2018-09-04 12:54 ` Jason Andryuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=691aee9e-b82f-b1d2-3419-46c78135688a@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=akpm@linux-foundation.org \
--cc=boris.ostrovsky@oracle.com \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=jandryuk@gmail.com \
--cc=jgross@suse.com \
--cc=labbott@redhat.com \
--cc=linux-mm@kvack.org \
--cc=willy@infradead.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox