On Sun, 1 Jul 2018, M A Young wrote:
I get (with kernel-4.17.3-200.fc28.x86_64 which is a bit easier)
rip: ffffffff81062330 native_irq_disable
flags: 00000246 i z p
rsp: ffffffff82203d90
rax: 0000000000000246 rcx: 0000000000000000 rdx: 0000000000000000
rbx: 00000000ffffffff rsi: 00000000ffffffff rdi: 0000000000000000
rbp: 0000000000000000 r8: ffffffff820bb698 r9: ffffffff82203e38
r10: 0000000000000000 r11: 0000000000000000 r12: 0000000000000000
r13: ffffffff820bb698 r14: ffffffff82203e38 r15: 0000000000000000
cs: e033 ss: e02b ds: 0000 es: 0000
fs: 0000 @ 0000000000000000
gs: 0000 @ ffffffff82731000/0000000000000000 __init_begin/
Code (instr addr ffffffff81062330)
00 00 00 00 00 57 9d c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 <fa> c3 0f
1f 40 00 66 2e 0f 1f 84
Stack:
0000000000000000 0000000000000000 0000000000000000 ffffffff81062330
000000010000e030 0000000000010046 ffffffff82203dd8 000000000000e02b
0000000000000246 ffffffff8110dff9 0000000000000000 0000000000000246
0000000000000000 0000000000000000 ffffffff820a6cd0 ffffffff82203e88
ffffffff82739000 8000000000000061 0000000000000000 0000000000000000
Call Trace:
[<ffffffff81062330>] native_irq_disable <--
ffffffff82203da8: [<ffffffff81062330>] native_irq_disable
ffffffff82203dd8: [<ffffffff8110dff9>] vprintk_emit+0xe9
ffffffff82203e30: [<ffffffff8110ec96>] printk+0x58
ffffffff82203e90: [<ffffffff810ac970>] __warn_printk+0x46
ffffffff82203ef8: [<ffffffff8275db62>] xen_load_gdt_boot+0x108
ffffffff82203f28: [<ffffffff81037c70>] load_direct_gdt+0x30
ffffffff82203f40: [<ffffffff81037f08>] switch_to_new_gdt+0x8
ffffffff82203f48: [<ffffffff8102aae0>] x86_init_noop
ffffffff82203f50: [<ffffffff8275dc8c>] xen_start_kernel+0xed
The xen_load_gdt_boot code is
0xffffffff8275da5a <xen_load_gdt_boot>:
callq 0xffffffff81a017a0 <__fentry__>
0xffffffff8275da5f <xen_load_gdt_boot+5>: push %r13
0xffffffff8275da61 <xen_load_gdt_boot+7>: push %r12
0xffffffff8275da63 <xen_load_gdt_boot+9>: push %rbp
0xffffffff8275da64 <xen_load_gdt_boot+10>: push %rbx
0xffffffff8275da65 <xen_load_gdt_boot+11>: push %rdx
0xffffffff8275da66 <xen_load_gdt_boot+12>: movzwl (%rdi),%ebp
0xffffffff8275da69 <xen_load_gdt_boot+15>: mov 0x2(%rdi),%r12
0xffffffff8275da6d <xen_load_gdt_boot+19>: inc %ebp
0xffffffff8275da6f <xen_load_gdt_boot+21>: cmp $0x1000,%ebp
0xffffffff8275da75 <xen_load_gdt_boot+27>:
jle 0xffffffff8275da79 <xen_load_gdt_boot+31>
0xffffffff8275da77 <xen_load_gdt_boot+29>: ud2
0xffffffff8275da79 <xen_load_gdt_boot+31>: test $0xfff,%r12d
0xffffffff8275da80 <xen_load_gdt_boot+38>:
je 0xffffffff8275da84 <xen_load_gdt_boot+42>
0xffffffff8275da82 <xen_load_gdt_boot+40>: ud2
0xffffffff8275da84 <xen_load_gdt_boot+42>: mov $0x80000000,%ebx
0xffffffff8275da89 <xen_load_gdt_boot+47>:
mov -0x54ba80(%rip),%rax # 0xffffffff82212010
0xffffffff8275da90 <xen_load_gdt_boot+54>: add %r12,%rbx
0xffffffff8275da93 <xen_load_gdt_boot+57>: mov %rbx,%rdi
0xffffffff8275da96 <xen_load_gdt_boot+60>:
jb 0xffffffff8275daa9 <xen_load_gdt_boot+79>
0xffffffff8275da98 <xen_load_gdt_boot+62>: mov
$0xffffffff80000000,%rbx
0xffffffff8275da9f <xen_load_gdt_boot+69>: mov %rbx,%rax
0xffffffff8275daa2 <xen_load_gdt_boot+72>:
sub -0x5dec19(%rip),%rax # 0xffffffff8217ee90
<page_offset_base>
0xffffffff8275daa9 <xen_load_gdt_boot+79>: lea (%rdi,%rax,1),%rbx
0xffffffff8275daad <xen_load_gdt_boot+83>: mov %rbx,%rdi
0xffffffff8275dab0 <xen_load_gdt_boot+86>: shr $0xc,%rdi
0xffffffff8275dab4 <xen_load_gdt_boot+90>:
cmpb $0x0,-0x3d0459(%rip) # 0xffffffff8238d662
<xen_features+2>
0xffffffff8275dabb <xen_load_gdt_boot+97>: mov %rdi,%rax
0xffffffff8275dabe <xen_load_gdt_boot+100>:
jne 0xffffffff8275db02 <xen_load_gdt_boot+168>
0xffffffff8275dac0 <xen_load_gdt_boot+102>:
cmp -0x3d9a67(%rip),%rdi # 0xffffffff82384060 <xen_p2m_size>
0xffffffff8275dac7 <xen_load_gdt_boot+109>:
jae 0xffffffff8275dadc <xen_load_gdt_boot+130>
0xffffffff8275dac9 <xen_load_gdt_boot+111>:
mov -0x3d9a68(%rip),%rdx # 0xffffffff82384068 <xen_p2m_addr>
0xffffffff8275dad0 <xen_load_gdt_boot+118>: mov (%rdx,%rdi,8),%rax
0xffffffff8275dad4 <xen_load_gdt_boot+122>: cmp
$0xffffffffffffffff,%rax
0xffffffff8275dad8 <xen_load_gdt_boot+126>:
jne 0xffffffff8275daf5 <xen_load_gdt_boot+155>
0xffffffff8275dada <xen_load_gdt_boot+128>:
jmp 0xffffffff8275daea <xen_load_gdt_boot+144>
0xffffffff8275dadc <xen_load_gdt_boot+130>: bts $0x3e,%rax
0xffffffff8275dae1 <xen_load_gdt_boot+135>:
cmp -0x3d9a90(%rip),%rdi # 0xffffffff82384058
<xen_max_p2m_pfn>
0xffffffff8275dae8 <xen_load_gdt_boot+142>:
jae 0xffffffff8275daf5 <xen_load_gdt_boot+155>
0xffffffff8275daea <xen_load_gdt_boot+144>:
callq 0xffffffff81017190 <get_phys_to_machine>
0xffffffff8275daef <xen_load_gdt_boot+149>: cmp
$0xffffffffffffffff,%rax
0xffffffff8275daf3 <xen_load_gdt_boot+153>:
je 0xffffffff8275db02 <xen_load_gdt_boot+168>
0xffffffff8275daf5 <xen_load_gdt_boot+155>: movabs
$0x3fffffffffffffff,%rdx
0xffffffff8275daff <xen_load_gdt_boot+165>: and %rdx,%rax
0xffffffff8275db02 <xen_load_gdt_boot+168>: movabs
$0x8000000000000161,%rsi
0xffffffff8275db0c <xen_load_gdt_boot+178>:
or -0x523d53(%rip),%rsi # 0xffffffff82239dc0 <sme_me_mask>
0xffffffff8275db13 <xen_load_gdt_boot+185>:
and -0x3d847a(%rip),%rsi # 0xffffffff823856a0
<__default_kernel_pte_mask>
0xffffffff8275db1a <xen_load_gdt_boot+192>: mov %rax,(%rsp)
0xffffffff8275db1e <xen_load_gdt_boot+196>: and
$0xfffffffffffff000,%rbx
0xffffffff8275db25 <xen_load_gdt_boot+203>: mov %rsi,%r13
0xffffffff8275db28 <xen_load_gdt_boot+206>: test $0x1,%sil
0xffffffff8275db2c <xen_load_gdt_boot+210>:
je 0xffffffff8275db64 <xen_load_gdt_boot+266>
0xffffffff8275db2e <xen_load_gdt_boot+212>:
mov -0x3d848d(%rip),%rcx # 0xffffffff823856a8
<__supported_pte_mask>
0xffffffff8275db35 <xen_load_gdt_boot+219>: and %rcx,%r13
0xffffffff8275db38 <xen_load_gdt_boot+222>: cmp %r13,%rsi
0xffffffff8275db3b <xen_load_gdt_boot+225>:
je 0xffffffff8275db64 <xen_load_gdt_boot+266>
0xffffffff8275db3d <xen_load_gdt_boot+227>:
cmpb $0x0,-0x424ea8(%rip) # 0xffffffff82338c9c
<__warned.24604>
0xffffffff8275db44 <xen_load_gdt_boot+234>:
jne 0xffffffff8275db64 <xen_load_gdt_boot+266>
0xffffffff8275db46 <xen_load_gdt_boot+236>: mov %rcx,%rdx
0xffffffff8275db49 <xen_load_gdt_boot+239>: mov
$0xffffffff820a6cd0,%rdi
0xffffffff8275db50 <xen_load_gdt_boot+246>:
movb $0x1,-0x424ebb(%rip) # 0xffffffff82338c9c
<__warned.24604>
0xffffffff8275db57 <xen_load_gdt_boot+253>: not %rdx
0xffffffff8275db5a <xen_load_gdt_boot+256>: and %rsi,%rdx
0xffffffff8275db5d <xen_load_gdt_boot+259>:
callq 0xffffffff810ac92a <__warn_printk>
0xffffffff8275db62 <xen_load_gdt_boot+264>: ud2
0xffffffff8275db64 <xen_load_gdt_boot+266>: or %r13,%rbx
0xffffffff8275db67 <xen_load_gdt_boot+269>: mov %rbx,%rdi
0xffffffff8275db6a <xen_load_gdt_boot+272>: callq *0xffffffff82185fd8
0xffffffff8275db71 <xen_load_gdt_boot+279>: xor %edx,%edx
0xffffffff8275db73 <xen_load_gdt_boot+281>: mov %rax,%rsi
0xffffffff8275db76 <xen_load_gdt_boot+284>: mov %r12,%rdi
0xffffffff8275db79 <xen_load_gdt_boot+287>:
callq 0xffffffff810011c0 <xen_hypercall_update_va_mapping>
0xffffffff8275db7e <xen_load_gdt_boot+292>: test %eax,%eax
0xffffffff8275db80 <xen_load_gdt_boot+294>:
je 0xffffffff8275db84 <xen_load_gdt_boot+298>
0xffffffff8275db82 <xen_load_gdt_boot+296>: ud2
0xffffffff8275db84 <xen_load_gdt_boot+298>: shr $0x3,%ebp
0xffffffff8275db87 <xen_load_gdt_boot+301>: mov %rsp,%rdi
0xffffffff8275db8a <xen_load_gdt_boot+304>: mov %ebp,%esi
0xffffffff8275db8c <xen_load_gdt_boot+306>:
callq 0xffffffff81001040 <xen_hypercall_set_gdt>
0xffffffff8275db91 <xen_load_gdt_boot+311>: test %eax,%eax
0xffffffff8275db93 <xen_load_gdt_boot+313>:
je 0xffffffff8275db97 <xen_load_gdt_boot+317>
0xffffffff8275db95 <xen_load_gdt_boot+315>: ud2
0xffffffff8275db97 <xen_load_gdt_boot+317>: pop %rax
0xffffffff8275db98 <xen_load_gdt_boot+318>: pop %rbx
0xffffffff8275db99 <xen_load_gdt_boot+319>: pop %rbp
0xffffffff8275db9a <xen_load_gdt_boot+320>: pop %r12
0xffffffff8275db9c <xen_load_gdt_boot+322>: pop %r13
0xffffffff8275db9e <xen_load_gdt_boot+324>: retq
I think the crash is triggered by the code
static inline pgprotval_t check_pgprot(pgprot_t pgprot)
{
pgprotval_t massaged_val = massage_pgprot(pgprot);
/* mmdebug.h can not be included here because of dependencies */
#ifdef CONFIG_DEBUG_VM
WARN_ONCE(pgprot_val(pgprot) != massaged_val,
"attempted to set unsupported pgprot: %016llx "
"bits: %016llx supported: %016llx\n",
(u64)pgprot_val(pgprot),
(u64)pgprot_val(pgprot) ^ massaged_val,
(u64)__supported_pte_mask);
#endif
return massaged_val;
}
static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
{
return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) |
check_pgprot(pgprot));
}
in arch/x86/include/asm/pgtable.h which is inlined into xen_load_gdt_boot
by via pfn_pte
In 4.16 the equivalent code was
static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
{
return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) |
massage_pgprot(pgprot));
}
Michael Young
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
