Xen 32bit HVM guest crashes with "Bad pagetable: 000c"

Bug #1023365 reported by Stefan Bader on 2012-07-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xen (Ubuntu)
Stefan Bader

Bug Description

SRU Justification:

Impact: When running PXE installations of 32bit HVM Xen guest there is a high chance of the installation crashing with one or more messages about bad page table entries (the error code states that reserved page table flags were detected as being set). This affects Precise. Testing with Quantal (after merging 4.1.3) has not shown this issue.

<1>[ 563.253594] frontend: Corrupted page table at address 91ead10
<4>[ 563.253611] *pdpt = 00000000377e1001 *pde = 000000003db5b067
<0>[ 563.253624] Bad pagetable: 000c [#1] SMP
<4>[ 563.253634] Modules linked in: xfs reiserfs jfs btrfs zlib_deflate libcrc32c ntfs vfat fat ext2 usb_storage vga16fb vgastate floppy
<4>[ 563.253849]
<4>[ 563.253858] Pid: 9699, comm: frontend Not tainted 3.2.0-23-generic-pae #36-Ubuntu Xen HVM domU
<4>[ 563.253871] EIP: 0073:[<b75ceb65>] EFLAGS: 00010246 CPU: 0
<4>[ 563.253880] EIP is at 0xb75ceb65
<4>[ 563.253887] EAX: 0931d737 EBX: 090070f8 ECX: 0000000a EDX: 091ead10
<4>[ 563.253894] ESI: 00000000 EDI: 0931d738 EBP: 0923f4f0 ESP: bf930208
<4>[ 563.253901] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
<0>[ 563.253909] Process frontend (pid: 9699, ti=ed3a0000 task=ed2d0ca0 task.ti=ed3a0000)
<4>[ 563.253914]
<0>[ 563.253918] EIP: [<b75ceb65>] 0xb75ceb65 SS:ESP 007b:bf930208
<4>[ 563.253976] ---[ end trace e78469a17274d536 ]---

Fix: There is a patch in the upstream Xen repositories which came between Xen version 4.1.2 and 4.1.3. That change modifies the lookup of guest pages so it will not check for reserved flags when the page is not set to be present.

Testcase: Installing a Xen HVM 32bit guest (2 VCPUs, 1MB memory) only rarely succeeded without the patch. Testing with the modified Xen hypervisor source succeeded 3 times in a row.

Stefan Bader (smb) wrote :
Stefan Bader (smb) wrote :

This would be the proposed changes to the Xen source package. Though I am not completely sure whether the numbering should continue in the ubuntu2.2 format or may go back to ubuntu3 as Quantal now has no longer the same package version.

Changed in xen (Ubuntu Precise):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → High
status: New → In Progress
Stefan Bader (smb) wrote :

For Quantal this has been fixed when moving to Xen 4.1.3~rc1+xxx.

Changed in xen (Ubuntu):
assignee: Stefan Bader (stefan-bader-canonical) → nobody
status: Triaged → Fix Released
description: updated
Tim Gardner (timg-tpi) on 2012-07-18
Changed in xen (Ubuntu Precise):
status: In Progress → Fix Committed

Hello Stefan, or anyone else affected,

Accepted xen into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xen/4.1.2-2ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Stefan Bader (smb) wrote :

Hey Adam, of course, as soon as I made it home... oh well, Monday is soon enough. :)

Stefan Bader (smb) wrote :

Re-tested an i386 install with the official hypervisor package. Works.

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.2-2ubuntu2.2

xen (4.1.2-2ubuntu2.2) precise-proposed; urgency=low

  * upstream-24883:adcd6ab160fa
    x86/mm: Don't check for invalid bits in non-present PTEs.
    Cherry-pick from xen-4.1 unstable to fix corrupted page table issues
    observed on 32 bit guests (LP: #1023365).
 -- Stefan Bader <email address hidden> Tue, 10 Jul 2012 19:48:15 +0200

Changed in xen (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers