Kernel BUG in paravirt_enter_lazy_mmu when running as a Xen PV guest

Xen PV guests may crash during boot in paravirt_enter_lazy_mmu() while expanding the grant table (usually when requested by blkfront, when booting). See an example trace below.

This is caused by calling functions that are unsafe in atomic context.

The fix (which has been submitted to 3.16) is available here (also attached):

https://git.kernel.org/cgit/linux/kernel/git/xen/tip.git/commit/?h=stable/for-linus-3.16&id=b7dd0e350e0bd4c0fddcc9b8958342700b00b168

The fix is applicable to all kernel since 2.6.39 but only appears to trigger with the 3.13 kernel in 14.04.

[ 2.577876] ------------[ cut here ]------------
[ 2.577896] kernel BUG at /build/buildd/linux-3.13.0/arch/x86/kernel/paravirt.c:239!
[ 2.577910] invalid opcode: 0000 [#1] SMP
[ 2.577922] Modules linked in:
[ 2.577933] CPU: 0 PID: 1 Comm: init Not tainted 3.13.0-24-generic #46-Ubuntu
[ 2.577946] task: ec058000 ti: ec090000 task.ti: ec090000
[ 2.577955] EIP: 0061:[<c1645ebc>] EFLAGS: 00010002 CPU: 0
[ 2.577973] EIP is at enter_lazy.part.1+0x3/0x5
[ 2.577982] EAX: 00000001 EBX: ec0cc000 ECX: 00581980 EDX: 00000000
[ 2.577992] ESI: edc00000 EDI: edc00000 EBP: ec091a50 ESP: ec091a50
[ 2.578001] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0069
[ 2.578014] CR0: 8005003b CR2: bfca2fa4 CR3: 2c392000 CR4: 00002660
[ 2.578027] Stack:
[ 2.578032] ec091a58 c1046564 ec091ab4 c1146fd3 fa83b2da edc00fff edc01000 c1a93018
[ 2.578052] 00000000 edc00fff 00000000 c193ce80 edc01000 00000000 00000000 00000000
[ 2.578076] ed3ef588 ed3ef588 00000000 c1b87b70 ec091ad0 edc01000 c1b65310 00001000
[ 2.578096] Call Trace:
[ 2.578111] [<c1046564>] paravirt_enter_lazy_mmu+0x24/0x30
[ 2.578127] [<c1146fd3>] apply_to_page_range+0x1a3/0x310
[ 2.578141] [<c1008eb8>] arch_gnttab_map_status+0x38/0x60
[ 2.578152] [<c1008d70>] ? map_pte_fn+0x70/0x70
[ 2.578166] [<c13ab020>] gnttab_map_frames_v2+0xb0/0x100
[ 2.578182] [<c13ab205>] gnttab_map+0x95/0x120
[ 2.578198] [<c12c7ff0>] ? blk_update_request+0x190/0x340
[ 2.578209] [<c13ab363>] get_free_entries+0xd3/0x280
[ 2.578221] [<c13ab5d3>] gnttab_alloc_grant_references+0x13/0x30
[ 2.578238] [<c1424be5>] do_blkif_request+0x535/0x6f0
[ 2.578253] [<c16523dc>] ? _raw_spin_unlock_irqrestore+0x1c/0x40
[ 2.578269] [<c12c57ee>] __blk_run_queue+0x2e/0x40
[ 2.578280] [<c12c5825>] blk_start_queue+0x25/0x40
[ 2.578291] [<c1424dbe>] kick_pending_request_queues+0x1e/0x30
[ 2.578304] [<c142546f>] blkif_interrupt+0x69f/0x740
[ 2.578318] [<c100654f>] ? xen_set_pte_at+0xbf/0xf0
[ 2.578335] [<c10a5ba5>] handle_irq_event_percpu+0x35/0x1a0
[ 2.578351] [<c12f136a>] ? radix_tree_lookup+0xa/0x10
[ 2.578364] [<c10a5d41>] handle_irq_event+0x31/0x50
[ 2.578376] [<c10a8036>] handle_edge_irq+0x66/0x110
[ 2.578389] [<c13ac246>] __xen_evtchn_do_upcall+0x1c6/0x2c0
[ 2.578402] [<c13ae100>] xen_evtchn_do_upcall+0x20/0x40
[ 2.578415] [<c165a087>] xen_do_upcall+0x7/0xc
[ 2.578427] [<c1001227>] ? xen_hypercall_xen_version+0x7/0x20
[ 2.578441] [<c10083cf>] ? xen_force_evtchn_callback+0xf/0x20
[ 2.578454] [<c1008c50>] check_events+0x8/0xc
[ 2.578464] [<c1008c47>] ? xen_restore_fl_direct_reloc+0x4/0x4
[ 2.578480] [<c1006373>] ? xen_batched_set_pte+0xb3/0x160
[ 2.578493] [<c10064b8>] xen_set_pte_at+0x28/0xf0
[ 2.578505] [<c10048e6>] ? __raw_callee_save_xen_pte_val+0x6/0x8
[ 2.578521] [<c11447a8>] copy_pte_range+0x258/0x4c0
[ 2.578534] [<c1146d27>] copy_page_range+0x1d7/0x2e0
[ 2.578549] [<c105462e>] dup_mm+0x28e/0x4f0
[ 2.578561] [<c1055866>] copy_process.part.33+0xfa6/0x10d0
[ 2.578574] [<c1055b41>] do_fork+0xc1/0x2c0
[ 2.578591] [<c1067996>] ? SyS_rt_sigprocmask+0x76/0xa0
[ 2.578604] [<c1055e05>] SyS_clone+0x25/0x30
[ 2.578615] [<c1659b4d>] sysenter_do_call+0x12/0x28
[ 2.578626] Code: c4 1c 5b 5e 5f 5d c3 55 89 e5 f3 0f b8 c0 90 5d c3 55 ba a0 2c aa c1 89 e5 b9 25 00 00 00 57 31 c0 89 d7 f3 ab 5f 5d c3 55 89 e5 <0f> 0b 55 89 e5 66 66 66 66 90 0f 0b 8b 15 28 d9 91 c1 55 89 e5
[ 2.578745] EIP: [<c1645ebc>] enter_lazy.part.1+0x3/0x5 SS:ESP 0069:ec091a50
[ 2.578765] ---[ end trace ab5b5344be71ca3d ]---
[ 2.578775] Kernel panic - not syncing: Fatal exception in interrupt