From mboxrd@z Thu Jan 1 00:00:00 1970 From: MaoXiaoyun Subject: RE: Kernel BUG at arch/x86/mm/tlb.c:61 Date: Fri, 15 Apr 2011 20:23:55 +0800 Message-ID: References: , , , , , , , <4DA3438A.6070503@goop.org>, , , <20110412100000.GA15647@dumpdata.com>, , , , Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1406585959==" Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: giamteckchoon@gmail.com Cc: jeremy@goop.org, xen devel , konrad.wilk@oracle.com List-Id: xen-devel@lists.xenproject.org --===============1406585959== Content-Type: multipart/alternative; boundary="_f022eacc-e797-467d-81e3-316272c942eb_" --_f022eacc-e797-467d-81e3-316272c942eb_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hi=A3=BA Could the crash related to this patch ?=20 http://git.kernel.org/?p=3Dlinux/kernel/git/jeremy/xen.git;a=3Dcommitdiff= ;h=3D45bfd7bfc6cf32f8e60bb91b32349f0b5090eea3 Since now TLB state change to TLBSTATE_OK(mmu_context.h:40) is before cp= umask_clear_cpu(line 49). Could it possible that right after execute line 40 of mmu_context.h, CPU= revice IPI from other CPU to=20 flush the mm, and when in interrupt, find the TLB state happened to be TL= BSTATE_OK. Which conflicts. Thanks. arch/x86/include/asm/mmu_context.h =20 33 static inline void switch_mm(struct mm_struct *prev, struct mm_struct = *next, 34 <+++<+++<+++ struct task_struct *tsk) 35 { 36 <+++unsigned cpu =3D smp_processor_id(); 37=20 38 <+++if (likely(prev !=3D next)) { 39 #ifdef CONFIG_SMP 40 <+++<+++percpu_write(cpu_tlbstate.state, TLBSTATE_OK); 41 <+++<+++percpu_write(cpu_tlbstate.active_mm, next); 42 #endif 43 <+++<+++cpumask_set_cpu(cpu, mm_cpumask(next)); 44=20 45 <+++<+++/* Re-load page tables */ 46 <+++<+++load_cr3(next->pgd); 47=20 48 <+++<+++/* stop flush ipis for the previous mm */ 49 <+++<+++cpumask_clear_cpu(cpu, mm_cpumask(prev)); =20 =20 --_f022eacc-e797-467d-81e3-316272c942eb_ Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hi=A3=BA

Could the crash related to this patch ?
http://git.kerne= l.org/?p=3Dlinux/kernel/git/jeremy/xen.git;a=3Dcommitdiff;h=3D45bfd7bfc6c= f32f8e60bb91b32349f0b5090eea3

Since now TLB state change to TLBSTATE_OK(mmu_context.h:40) is bef= ore cpumask_clear_cpu(line 49).
Could it possible that right after exe= cute line 40 of mmu_context.h,  CPU revice IPI from other = CPU to
flu= sh the mm, and when in interrupt, find the TLB state happened= to be TLBSTATE_OK. Which conflicts.

Tha= nks.

arch/x86/include/asm/mmu_context.h

33 static inline voi= d switch_mm(struct mm_struct *prev, struct mm_struct *next,
34 &= lt;+++<+++<+++     struct task_struct *tsk)
= 35 {
36 <+++unsigned cpu =3D smp_processor_id();
&nb= sp;37
38 <+++if (likely(prev !=3D next)) {
39 #ifde= f CONFIG_SMP
40 <+++<+++percpu_write(cpu_tlbstate.state, T= LBSTATE_OK);
41 <+++<+++percpu_write(cpu_tlbstate.active_m= m, next);
42 #endif
43 <+++<+++cpumask_set_cpu(cp= u, mm_cpumask(next));
&nb sp;44
45 <+++<+++/* Re-load page tables */
46 &= lt;+++<+++load_cr3(next->pgd);
47
48 <+++<= +++/* stop flush ipis for the previous mm */
49 <+++<+++cp= umask_clear_cpu(cpu, mm_cpumask(prev));

= --_f022eacc-e797-467d-81e3-316272c942eb_-- --===============1406585959== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --===============1406585959==--