[Xen-devel] The segmentfault when using xl create domU

Message ID	534DAD89.1040604@samsung.com
State	New
Headers	show Return-Path: <patchwork-forward+bncBDL4J3MN6MDRBBO5W2NAKGQETR2APBA@linaro.org> Received-SPF: neutral (google.com: 209.85.128.181 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.181; Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xen.org designates 50.57.142.19 as permitted sender) client-ip=50.57.142.19; Message-id: <534DAD89.1040604@samsung.com> Date: Tue, 15 Apr 2014 17:07:05 -0500 From: Wei Huang <w1.huang@samsung.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-version: 1.0 To: Julien Grall <julien.grall@linaro.org>, duqi <duqi_2009@163.com> References: <25f20e60.4a87.145633bba97.Coremail.duqi_2009@163.com> <1397552021.24638.13.camel@kazak.uk.xensource.com> <78496d24.5d.14564c71cc0.Coremail.duqi_2009@163.com> <534D3E54.9060008@linaro.org> In-reply-to: <534D3E54.9060008@linaro.org> Cc: Ian Campbell <Ian.Campbell@citrix.com>, "Stefano Stabellini \(Xen mainlister\)" <stefano.stabellini@eu.citrix.com>, =?UTF-8?B?5a6r5pmT5Yip?= <nkgongxl@163.com>, hdegoede <hdegoede@redhat.com>, "bjzhang@suse.com" <bjzhang@suse.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org> Subject: Re: [Xen-devel] The segmentfault when using xl create domU Precedence: list Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"

Message ID

534DAD89.1040604@samsung.com

State

New

Headers

Received-SPF: neutral (google.com: 209.85.128.181 is neither permitted nor
	denied by best guess record for domain of
	patch+caf_=patchwork-forward=linaro.org@linaro.org)
	client-ip=209.85.128.181; 
Received-SPF: pass (google.com: best guess record for domain of
	xen-devel-bounces@lists.xen.org designates 50.57.142.19 as
	permitted sender) client-ip=50.57.142.19; 
Message-id: <534DAD89.1040604@samsung.com>
Date: Tue, 15 Apr 2014 17:07:05 -0500
From: Wei Huang <w1.huang@samsung.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101
	Thunderbird/24.4.0
MIME-version: 1.0
To: Julien Grall <julien.grall@linaro.org>, duqi <duqi_2009@163.com>
References: <25f20e60.4a87.145633bba97.Coremail.duqi_2009@163.com>
	<1397552021.24638.13.camel@kazak.uk.xensource.com>
	<78496d24.5d.14564c71cc0.Coremail.duqi_2009@163.com>
	<534D3E54.9060008@linaro.org>
In-reply-to: <534D3E54.9060008@linaro.org>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
	"Stefano Stabellini \(Xen mainlister\)"
	<stefano.stabellini@eu.citrix.com>, 
	=?UTF-8?B?5a6r5pmT5Yip?= <nkgongxl@163.com>,
	hdegoede <hdegoede@redhat.com>, "bjzhang@suse.com" <bjzhang@suse.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [Xen-devel] The segmentfault when using xl create domU
Precedence: list
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
Mailing-list: list patchwork-forward@linaro.org;
	contact patchwork-forward+owners@linaro.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"

Commit Message

Wei Huang April 15, 2014, 10:07 p.m. UTC

On 04/15/2014 09:12 AM, Julien Grall wrote:
> Hello,
>
> On 04/15/2014 10:45 AM, duqi wrote:
>> At 2014-04-15 04:53:41, "Ian Campbell" <Ian.Campbell@citrix.com> wrote:
>>> On Tue, 2014-04-15 at 10:33 +0800, duqi wrote:
>>>>   Hi there,
>>>> We tried to create domU with command "xl -vvv create -d domU_01" and
>>>> met the below fault:
>>>>
>>>> root@linaro-alip:~/domU# xl -vvv create -d domU_01
>>>
>>> Does this happen if you drop the "-d"?
>>>
>>> please could you run under gdb and grab a backtrace. Someth8ing like:
>>> 	# gdb --args xl -vvv create -d domU_01
>>> 	(gdb) run
>>> 	....
>>> 	crash!
>>> 	(gdb) bt
>>>
>>
>> Hi, here is the gdb output:
>> Program received signal SIGSEGV, Segmentation fault.
>> 0xb6f6bc30 in memcpy (__len=16, __src=0xbefe6e0c, __dest=0x39488)
>>      at /usr/lib/gcc-cross/arm-linux-gnueabihf/4.7/../../../../arm-linux-gnueabihf/include/bits/string3.h:51
>> 51      /usr/lib/gcc-cross/arm-linux-gnueabihf/4.7/../../../../arm-linux-gnueabihf/include/bits/string3.h: No such file or direc.
>> (gdb) bt
>> #0  0xb6f6bc30 in memcpy (__len=16, __src=0xbefe6e0c, __dest=0x39488)
>>      at /usr/lib/gcc-cross/arm-linux-gnueabihf/4.7/../../../../arm-linux-gnueabihf/include/bits/string3.h:51
>> #1  libxl_list_vm (ctx=ctx@entry=0x33030,
>>      nb_vm_out=nb_vm_out@entry=0xbeffee30) at libxl.c:689
>> #2  0xb6f7b934 in libxl__domain_make (gc=gc@entry=0x393d0,
>>      info=info@entry=0xbefff040, domid=domid@entry=0xbeffeec0)
>>      at libxl_create.c:613
>> #3  0xb6f7cadc in initiate_domain_create (dcs=0x398a8, egc=0xbeffeec4)
>>      at libxl_create.c:791
>> #4  do_domain_create (ctx=ctx@entry=0x33030,
>>      d_config=d_config@entry=0xbefff040, domid=domid@entry=0xbeffef80,
>>      restore_fd=restore_fd@entry=-1,
>>      checkpointed_stream=checkpointed_stream@entry=0, ao_how=ao_how@entry=0x0,
>>      aop_console_how=aop_console_how@entry=0x0) at libxl_create.c:1424
>> #5  0xb6f7d428 in libxl_domain_create_new (ctx=0x33030,
>>      d_config=d_config@entry=0xbefff040, domid=domid@entry=0xbeffef80,
>>      ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x0)
>>      at libxl_create.c:1449
>> #6  0x00017040 in create_domain (dom_info=0xbeffefdc) at xl_cmdimpl.c:2283
>> #7  main_create (argc=<optimized out>, argv=<optimized out>)
>>      at xl_cmdimpl.c:4469
>> #8  0x0000db84 in main (argc=3, argv=0xbefff82c) at xl.c:362
>> (gdb)
>
> It's a compiler bug. For some reasons gcc doesn't generate the right assembly
> when -O1 is specified on the command line. Which version of gcc do you use(4.7.*?)?
> Which distribution are you using?
> Can you also call disas the crash and copy the output?
>
> Gcc 4.8 doesn't seem to be affected.
>
> FYI, I got this output from 4.7 with Linaro Ubuntu raring (gcc 4.7.3).
>
>     0x76f71bd0 <+224>:   mov     r5, #0
>     0x76f71bd4 <+228>:   mov     r4, r5
>     0x76f71bd8 <+232>:   mov     r7, r5                                                <= r7 = r5 = 0
>     0x76f71bdc <+236>:   sub     r6, r11, #98304 ; 0x18000
>     0x76f71be0 <+240>:   sub     r6, r6, #36     ; 0x24
>     0x76f71be4 <+244>:   mov     r9, r5
>     0x76f71be8 <+248>:   str     r8, [r12, #-68] ; 0x44
>     0x76f71bec <+252>:   sub     r3, r11, #98304 ; 0x18000
>     0x76f71bf0 <+256>:   ldr     r0, [r3, #-68]  ; 0x44
>     0x76f71bf4 <+260>:   ldrh    r1, [r6, r5]
>     0x76f71bf8 <+264>:   mov     r2, r9
>     0x76f71bfc <+268>:   bl      0x76f6d6ac
>     0x76f71c00 <+272>:   cmp     r0, #0
>     0x76f71c04 <+276>:   bne     0x76f71c50 <libxl_list_vm+352>
>     0x76f71c08 <+280>:   add     r8, r7, r7, lsl #2                                     <= Last time we set r8 = r7 << 2 = 0
>     0x76f71c0c <+284>:   sub     r12, r11, #98304        ; 0x18000
>     0x76f71c10 <+288>:   str     r8, [r12, #-56] ; 0x38
>     0x76f71c14 <+292>:   ldr     r3, [r12, #-60] ; 0x3c
>     0x76f71c18 <+296>:   add     lr, r3, r8, lsl #2
>     0x76f71c1c <+300>:   add     r12, r4, r4, lsl #1
>     0x76f71c20 <+304>:   add     r12, r6, r12, lsl #5
>     0x76f71c24 <+308>:   add     r12, r12, #76   ; 0x4c
>     0x76f71c28 <+312>:   ldm     r12!, {r0, r1, r2, r3}
>     0x76f71c2c <+316>:   mov     r12, r8
> => 0x76f71c30 <+320>:   ldr     r8, [r8, #-60]  ; 0x3c                                 <= r8 (=0) is dereferenced
>
I saw the same thing on my system and ack'ed that this is compiler 
related. My compiler is 4.7.3. I was able to fix it with the following hack:

      ret = xc_domain_getinfolist(ctx->xch, 1, ARRAY_SIZE(info), info);

>
> Regards,
>
>

Comments

Ian Campbell April 16, 2014, 9:21 a.m. UTC | #1

On Tue, 2014-04-15 at 17:07 -0500, Wei Huang wrote:
> > It's a compiler bug. For some reasons gcc doesn't generate the right assembly
> > when -O1 is specified on the command line. Which version of gcc do you use(4.7.*?)?
> > Which distribution are you using?
> > Can you also call disas the crash and copy the output?
> >
> > Gcc 4.8 doesn't seem to be affected.
> >
> > FYI, I got this output from 4.7 with Linaro Ubuntu raring (gcc 4.7.3).
> >[...]
> I saw the same thing on my system and ack'ed that this is compiler 
> related. My compiler is 4.7.3. I was able to fix it with the following hack:

Are you also using the Linaro compiler by any chance?

I've added warnings to
http://wiki.xen.org/wiki/Xen_ARM_with_Virtualization_Extensions/CrossCompiling
and
http://wiki.xen.org/wiki/Xen_ARM_with_Virtualization_Extensions#Building_Xen_on_ARM

Wei Huang April 16, 2014, 3:50 p.m. UTC | #2

On 04/16/2014 04:21 AM, Ian Campbell wrote:
> On Tue, 2014-04-15 at 17:07 -0500, Wei Huang wrote:
>>> It's a compiler bug. For some reasons gcc doesn't generate the right assembly
>>> when -O1 is specified on the command line. Which version of gcc do you use(4.7.*?)?
>>> Which distribution are you using?
>>> Can you also call disas the crash and copy the output?
>>>
>>> Gcc 4.8 doesn't seem to be affected.
>>>
>>> FYI, I got this output from 4.7 with Linaro Ubuntu raring (gcc 4.7.3).
>>> [...]
>> I saw the same thing on my system and ack'ed that this is compiler
>> related. My compiler is 4.7.3. I was able to fix it with the following hack:
>
> Are you also using the Linaro compiler by any chance?
I think so. Here is the GCC --version info:
arm-linux-gnueabihf-gcc (Ubuntu/Linaro 4.7.3-1ubuntu1) 4.7.3

>
> I've added warnings to
> http://wiki.xen.org/wiki/Xen_ARM_with_Virtualization_Extensions/CrossCompiling
> and
> http://wiki.xen.org/wiki/Xen_ARM_with_Virtualization_Extensions#Building_Xen_on_ARM
>
>

Julien Grall April 16, 2014, 3:56 p.m. UTC | #3

On 04/16/2014 04:50 PM, Wei Huang wrote:
> On 04/16/2014 04:21 AM, Ian Campbell wrote:
>> On Tue, 2014-04-15 at 17:07 -0500, Wei Huang wrote:
>>>> It's a compiler bug. For some reasons gcc doesn't generate the right
>>>> assembly
>>>> when -O1 is specified on the command line. Which version of gcc do
>>>> you use(4.7.*?)?
>>>> Which distribution are you using?
>>>> Can you also call disas the crash and copy the output?
>>>>
>>>> Gcc 4.8 doesn't seem to be affected.
>>>>
>>>> FYI, I got this output from 4.7 with Linaro Ubuntu raring (gcc 4.7.3).
>>>> [...]
>>> I saw the same thing on my system and ack'ed that this is compiler
>>> related. My compiler is 4.7.3. I was able to fix it with the
>>> following hack:
>>
>> Are you also using the Linaro compiler by any chance?
> I think so. Here is the GCC --version info:
> arm-linux-gnueabihf-gcc (Ubuntu/Linaro 4.7.3-1ubuntu1) 4.7.3

Linaro as shipped a new version of GCC 4.7 (based on 4.7.4) a couple of
days ago.

They don't plan to release another version of 4.7. So I don't think it's
useful to report the bug. Unless it's also happen with upstream GCC.

Regards,

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 730f6e1..14eac6b 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -667,7 +667,8 @@  libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int 
*nb_vm_out)
  {
      GC_INIT(ctx);
      libxl_vminfo *ptr = NULL;
-    int idx, i, ret;
+    volatile int idx, i;
+    int ret;
      xc_domaininfo_t info[1024];

[Xen-devel] The segmentfault when using xl create domU

Commit Message

Comments

Patch