Date: Sun, 19 Aug 2018 22:48:52 +0200 From: Marko Zec <zec@fer.hr> To: Nathan Friess <nathan.friess@gmail.com> Cc: <freebsd-xen@freebsd.org> Subject: Re: xen+vimage kernel panic Message-ID: <20180819224852.40754d2a@x23> In-Reply-To: <1f010180-30c3-3a28-a2ca-b9f6279aee9c@gmail.com> References: <1f010180-30c3-3a28-a2ca-b9f6279aee9c@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--MP_/5WN0LEJF/eawDrcVx6qa0bP Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sun, 19 Aug 2018 12:50:55 -0600 Nathan Friess <nathan.friess@gmail.com> wrote: > Hi, > > While testing out the new PVH support in a domU (which is running > great!), I discovered a kernel panic related to xen and vimage > support when trying to add an xn interface into a bridge. > > I'm running r337024 from svn. Removing vimage (which seems to be > turned on in 12-CURRENT now) allows using the bridge with no panics. > As part of attempting to debug this I enabled vimage in my 11.2 domU > and that also panics in the same code. > > I'm not sure if the problem is a xen issue or a vimage issue so I > haven't submitted a PR yet. The kernel output is listed below. > > It looks like netfront_backend_changed() calls > netfront_send_fake_arp(), which calls arp_ifinit() on the interface. > The first line of the call stack with arprequest+0x454 corresponds to > a call to ARPSTAT_INC(txrequests) at the end of arprequest, which > expands to VNET_PCPUSTAT_ADD(). I tried to debug further and I got a > little lost, but that's where I figured out that vimage is involved > somehow. > > Are there any thoughts on why the xn interface would cause a panic > there? The xn driver calls arp_ifinit() without setting the vnet context first. Perhaps the attached patch could help (not even compile tested...) Marko > > Thanks, > > Nathan > > > > > ======= > > Steps to reproduce: > > # ifconfig bridge create > bridge0 > # ifconfig bridge0 addm xn0 > (panic...) > > > ====== > > Kernel output: > > xn0: performing interface reset due to feature change > (... lock reversal) > xn0: backend features: feature-sg feature-gso-tcp4 > > > Fatal trap 12: page fault while in kernel mode > cpuid = 1; apic id = 02 > fault virtual address = 0x28 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff80d15db4 > stack pointer = 0x0:0xfffffe0000483840 > frame pointer = 0x0:0xfffffe0000483940 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 14 (xenwatch) > [ thread pid 14 tid 100033 ] > Stopped at arprequest+0x454: movq ll+0x7(%rax),%rax > > db> bt > Tracing pid 14 tid 100033 td 0xfffff800032f5000 > arprequest() at arprequest+0x454/frame 0xfffffe0000483940 > arp_ifinit() at arp_ifinit+0x58/frame 0xfffffe0000483980 > netfront_backend_changed() at netfront_backend_changed+0x144/frame > 0xfffffe0000483a40 > xenwatch_thread() at xenwatch_thread+0x182/frame 0xfffffe0000483a70 > fork_exit() at fork_exit+0x84/frame 0xfffffe0000483ab0 > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000483ab0 > > ====== > > _______________________________________________ > freebsd-xen@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-xen > To unsubscribe, send any mail to "freebsd-xen-unsubscribe@freebsd.org" --MP_/5WN0LEJF/eawDrcVx6qa0bP Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="xn_vnet.diff" Index: sys/dev/xen/netfront/netfront.c =================================================================== --- sys/dev/xen/netfront/netfront.c (revision 335557) +++ sys/dev/xen/netfront/netfront.c (working copy) @@ -942,11 +942,13 @@ struct ifaddr *ifa; ifp = info->xn_ifp; + CURVNET_SET(ifp->if_vnet); TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { if (ifa->ifa_addr->sa_family == AF_INET) { arp_ifinit(ifp, ifa); } } + CURVNET_RESTORE(); } #endif --MP_/5WN0LEJF/eawDrcVx6qa0bP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180819224852.40754d2a>