From: Jason Andryuk <jandryuk@gmail.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
bugzilla-daemon@bugzilla.kernel.org,
Matthew Wilcox <willy@infradead.org>,
linux-mm@kvack.org, akpm@linux-foundation.org,
xen-devel@lists.xen.org,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
labbott@redhat.com, Juergen Gross <jgross@suse.com>
Subject: Re: [Xen-devel] [Bug 198497] handle_mm_fault / xen_pmd_val / radix_tree_lookup_slot Null pointer
Date: Fri, 20 Apr 2018 11:52:10 -0400 [thread overview]
Message-ID: <CAKf6xps4RiC48zCie0o7VzTOCDu8ik1hmFP=b_qMx8qTo8F3TQ@mail.gmail.com> (raw)
In-Reply-To: <5ADA0A6D02000078001BD177@prv1-mh.provo.novell.com>
On Fri, Apr 20, 2018 at 11:42 AM, Jan Beulich <JBeulich@suse.com> wrote:
>>>> On 20.04.18 at 17:25, <andrew.cooper3@citrix.com> wrote:
>> On 20/04/18 16:20, Jason Andryuk wrote:
>>> Adding xen-devel and the Linux Xen maintainers.
>>>
>>> Summary: Some Xen users (and maybe others) are hitting a BUG in
>>> __radix_tree_lookup() under do_swap_page() - example backtrace is
>>> provided at the end. Matthew Wilcox provided a band-aid patch that
>>> prints errors like the following instead of triggering the bug.
>>>
>>> Skylake 32bit PAE Dom0:
>>> Bad swp_entry: 80000000
>>> mm/swap_state.c:683: bad pte d3a39f1c(8000000400000000)
>>>
>>> Ivy Bridge 32bit PAE Dom0:
>>> Bad swp_entry: 40000000
>>> mm/swap_state.c:683: bad pte d3a05f1c(8000000200000000)
>>>
>>> Other 32bit DomU:
>>> Bad swp_entry: 4000000
>>> mm/swap_state.c:683: bad pte e2187f30(8000000200000000)
>>>
>>> Other 32bit:
>>> Bad swp_entry: 2000000
>>> mm/swap_state.c:683: bad pte ef3a3f38(8000000100000000)
>>>
>>> The Linux bugzilla has more info
>>> https://bugzilla.kernel.org/show_bug.cgi?id=198497
>>>
>>> This may not be exclusive to Xen Linux, but most of the reports are on
>>> Xen. Matthew wonders if Xen might be stepping on the upper bits of a
>>> pte.
>>
>> Yes - Xen does use the upper bits of a PTE, but only 1 in release
>> builds, and a second in debug builds. I don't understand where you're
>> getting the 3rd bit in there.
>
> The former supposedly is _PAGE_GUEST_KERNEL, which we use for 64-bit
> guests only. Above talk is of 32-bit guests only.
>
> In addition both this and _PAGE_GNTTAB are used on present PTEs only,
> while above talk is about swap entries.
This hits a BUG going through do_swap_page, but it seems like users
don't think they are actually using swap at the time. One reporter
didn't have any swap configured. Some of this information was further
down in my original message.
I'm wondering if somehow we have a PTE that should be empty and should
be lazily filled. For some reason, the entry has some bits set and is
causing the trouble. Would Xen mess with the PTEs in that case?
Thanks,
Jason
next prev parent reply other threads:[~2018-04-20 15:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-198497-200779@https.bugzilla.kernel.org/>
[not found] ` <bug-198497-200779-43rwxa1kcg@https.bugzilla.kernel.org/>
2018-04-20 13:10 ` Jason Andryuk
2018-04-20 13:39 ` Matthew Wilcox
2018-04-20 15:20 ` Jason Andryuk
2018-04-20 15:25 ` [Xen-devel] " Andrew Cooper
2018-04-20 15:40 ` Andrew Cooper
2018-04-20 15:42 ` Jan Beulich
2018-04-20 15:52 ` Jason Andryuk [this message]
2018-04-20 16:00 ` Andrew Cooper
2018-04-20 16:02 ` Jan Beulich
2018-04-20 19:20 ` Boris Ostrovsky
2018-04-21 6:17 ` Juergen Gross
2018-04-21 14:35 ` Matthew Wilcox
2018-04-22 5:50 ` Juergen Gross
2018-04-23 8:17 ` Juergen Gross
2018-09-04 12:54 ` Jason Andryuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKf6xps4RiC48zCie0o7VzTOCDu8ik1hmFP=b_qMx8qTo8F3TQ@mail.gmail.com' \
--to=jandryuk@gmail.com \
--cc=JBeulich@suse.com \
--cc=akpm@linux-foundation.org \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=jgross@suse.com \
--cc=labbott@redhat.com \
--cc=linux-mm@kvack.org \
--cc=willy@infradead.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox