From owner-freebsd-xen@freebsd.org  Sun Aug 19 20:47:41 2018
Return-Path: <owner-freebsd-xen@freebsd.org>
Delivered-To: freebsd-xen@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7D001077554
 for <freebsd-xen@mailman.ysv.freebsd.org>;
 Sun, 19 Aug 2018 20:47:41 +0000 (UTC) (envelope-from zec@fer.hr)
Received: from mail.fer.hr (mail.fer.hr [161.53.72.233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.fer.hr", Issuer "TERENA SSL CA 3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 226728A1CC
 for <freebsd-xen@freebsd.org>; Sun, 19 Aug 2018 20:47:40 +0000 (UTC)
 (envelope-from zec@fer.hr)
Received: from x23 (31.147.45.91) by MAIL.fer.hr (161.53.72.233) with
 Microsoft SMTP Server (TLS) id 14.3.399.0; Sun, 19 Aug 2018 22:47:27 +0200
Date: Sun, 19 Aug 2018 22:48:52 +0200
From: Marko Zec <zec@fer.hr>
To: Nathan Friess <nathan.friess@gmail.com>
CC: <freebsd-xen@freebsd.org>
Subject: Re: xen+vimage kernel panic
Message-ID: <20180819224852.40754d2a@x23>
In-Reply-To: <1f010180-30c3-3a28-a2ca-b9f6279aee9c@gmail.com>
References: <1f010180-30c3-3a28-a2ca-b9f6279aee9c@gmail.com>
X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; amd64-portbld-freebsd11.1)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MP_/5WN0LEJF/eawDrcVx6qa0bP"
X-Originating-IP: [31.147.45.91]
X-BeenThere: freebsd-xen@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of the freebsd port to xen - implementation and usage
 <freebsd-xen.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-xen>,
 <mailto:freebsd-xen-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-xen/>
List-Post: <mailto:freebsd-xen@freebsd.org>
List-Help: <mailto:freebsd-xen-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-xen>,
 <mailto:freebsd-xen-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2018 20:47:41 -0000

--MP_/5WN0LEJF/eawDrcVx6qa0bP
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Sun, 19 Aug 2018 12:50:55 -0600
Nathan Friess <nathan.friess@gmail.com> wrote:

> Hi,
> 
> While testing out the new PVH support in a domU (which is running 
> great!), I discovered a kernel panic related to xen and vimage
> support when trying to add an xn interface into a bridge.
> 
> I'm running r337024 from svn.  Removing vimage (which seems to be
> turned on in 12-CURRENT now) allows using the bridge with no panics.
> As part of attempting to debug this I enabled vimage in my 11.2 domU
> and that also panics in the same code.
> 
> I'm not sure if the problem is a xen issue or a vimage issue so I 
> haven't submitted a PR yet.  The kernel output is listed below.
> 
> It looks like netfront_backend_changed() calls
> netfront_send_fake_arp(), which calls arp_ifinit() on the interface.
> The first line of the call stack with arprequest+0x454 corresponds to
> a call to ARPSTAT_INC(txrequests) at the end of arprequest, which
> expands to VNET_PCPUSTAT_ADD().  I tried to debug further and I got a
> little lost, but that's where I figured out that vimage is involved
> somehow.
> 
> Are there any thoughts on why the xn interface would cause a panic
> there?

The xn driver calls arp_ifinit() without setting the vnet context
first.  Perhaps the attached patch could help (not even compile
tested...)

Marko


> 
> Thanks,
> 
> Nathan
> 
> 
> 
> 
> =======
> 
> Steps to reproduce:
> 
> # ifconfig bridge create
> bridge0
> # ifconfig bridge0 addm xn0
> (panic...)
> 
> 
> ======
> 
> Kernel output:
> 
> xn0: performing interface reset due to feature change
> (... lock reversal)
> xn0: backend features: feature-sg feature-gso-tcp4
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 02
> fault virtual address	= 0x28
> fault code		= supervisor read data, page not present
> instruction pointer	= 0x20:0xffffffff80d15db4
> stack pointer	        = 0x0:0xfffffe0000483840
> frame pointer	        = 0x0:0xfffffe0000483940
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 14 (xenwatch)
> [ thread pid 14 tid 100033 ]
> Stopped at      arprequest+0x454:       movq    ll+0x7(%rax),%rax
> 
> db> bt  
> Tracing pid 14 tid 100033 td 0xfffff800032f5000
> arprequest() at arprequest+0x454/frame 0xfffffe0000483940
> arp_ifinit() at arp_ifinit+0x58/frame 0xfffffe0000483980
> netfront_backend_changed() at netfront_backend_changed+0x144/frame 
> 0xfffffe0000483a40
> xenwatch_thread() at xenwatch_thread+0x182/frame 0xfffffe0000483a70
> fork_exit() at fork_exit+0x84/frame 0xfffffe0000483ab0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000483ab0
> 
> ======
> 
> _______________________________________________
> freebsd-xen@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-xen
> To unsubscribe, send any mail to "freebsd-xen-unsubscribe@freebsd.org"


--MP_/5WN0LEJF/eawDrcVx6qa0bP
Content-Type: text/x-patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="xn_vnet.diff"

Index: sys/dev/xen/netfront/netfront.c
===================================================================
--- sys/dev/xen/netfront/netfront.c	(revision 335557)
+++ sys/dev/xen/netfront/netfront.c	(working copy)
@@ -942,11 +942,13 @@
 	struct ifaddr *ifa;
 
 	ifp = info->xn_ifp;
+	CURVNET_SET(ifp->if_vnet);
 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
 		if (ifa->ifa_addr->sa_family == AF_INET) {
 			arp_ifinit(ifp, ifa);
 		}
 	}
+	CURVNET_RESTORE();
 }
 #endif
 

--MP_/5WN0LEJF/eawDrcVx6qa0bP--