Package: linux-image-2.6.26-1-xen-686 Severity: important Version: 2.6.26-12
The current versions of Xen-enabled Linux kernels in Debian make mmap () on MMIO regions fail with EINVAL. The problem is only apparent to the Xen-enabled kernels (both i386 and amd64.) I've prepared a Debian Lenny image for Qemu with both Xen and non-Xen versions of the kernel which allows the problem to be easily reproduced. I could put it on the Web if necessary. So far, I've reproduced this problem with the following kernel packages and versions: linux-image-2.6.26-1-xen-686 2.6.26-12 linux-image-2.6.26-bpo.1-xen-amd64 2.6.26-11~bpo40+1 linux-image-2.6.26-bpo.1-xen-686 2.6.26-10~bpo40+1 (Along with the respective linux-modules- packages.) And with the following Xen hypervisor versions: xen-hypervisor-3.2-1-i386 3.2.1-2 xen-hypervisor-3.2-1-amd64 3.2.0-3~bpo4+2 xen-hypervisor-3.2-1-i386 3.2.0-3~bpo4+2 Note that this problem in particular renders X.Org X server unusable, since it obviously requires access to the MMIO region (or regions) of the video adapter to work. Consider, e. g.: $ tail -n16 /var/log/Xorg.1.log (II) LoadModule: "int10" (II) Reloading /usr/lib/xorg/modules/libint10.so (II) VESA(0): initializing int10 (II) VESA(0): Primary V_BIOS segment is: 0xc000 (II) VESA(0): VESA BIOS detected (II) VESA(0): VESA VBE Version 3.0 (II) VESA(0): VESA VBE Total Mem: 16384 kB (II) VESA(0): VESA VBE OEM: ATI ATOMBIOS (II) VESA(0): VESA VBE OEM Software Rev: 10.54 (II) VESA(0): VESA VBE OEM Vendor: (C) 1988-2005, ATI Technologies Inc. (II) VESA(0): VESA VBE OEM Product: RV610 (II) VESA(0): VESA VBE OEM Product Rev: 01.00 Fatal server error: xf86MapVidMem: Could not mmap framebuffer (0xe0000000,0x1000000) (Invalid argument) $ And then the following appears in the kernel messages buffer: $ dmesg ... [76187.443823] CPA: called for zero pte. vaddr = ffff880075ea4000 cpa->vaddr = ffff880075ea4000 [76187.444428] ------------[ cut here ]------------ [76187.444669] WARNING: at arch/x86/mm/pageattr-xen.c:571 __change_page_attr_set_clr+0x84/0xad5() [76187.444989] Modules linked in: tcp_diag inet_diag it87 hwmon_vid eeprom i2c_dev bridge nfsd auth_rpcgss exportfs ac battery ipv6 nfs lockd nfs_acl sunrpc loop parport_pc parport floppy k8temp pcspkr snd_hda_intel usblp snd_pcm snd_timer snd soundcore snd_page_alloc button i2c_nforce2 i2c_core evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ide_generic ide_disk ide_cd_mod cdrom usb_storage sd_mod usbhid hid ff_memless amd74xx ide_core ata_generic ahci libata scsi_mod dock r8169 ehci_hcd via_rhine mii ohci_hcd thermal processor fan thermal_sys [76187.455489] Pid: 28950, comm: Xorg Tainted: G W 2.6.26-bpo.1-xen-amd64 #1 [76187.455776] [76187.455836] Call Trace: [76187.456146] [<ffffffff8022cda7>] warn_on_slowpath+0x51/0x7b [76187.456621] [<ffffffff8022d8cd>] printk+0x4e/0x56 [76187.457790] [<ffffffff8029bc57>] __d_lookup+0xb7/0x131 [76187.458239] [<ffffffff8021962f>] __change_page_attr_set_clr+0x84/0xad5 [76187.458672] [<ffffffff8021a95c>] phys_mem_access_prot_allowed+0xdb/0x247 [76187.459021] [<ffffffff8023db4e>] search_exception_tables+0x1d/0x2f [76187.459401] [<ffffffff80218fdb>] fixup_exception+0x10/0x29 [76187.460250] [<ffffffff8021a142>] change_page_attr_set_clr+0xc2/0x1d6 [76187.461099] [<ffffffff8021a9af>] phys_mem_access_prot_allowed+0x12e/0x247 [76187.461988] [<ffffffff80386320>] xen_mmap_mem+0x2f/0x6b [76187.462376] [<ffffffff8027a1ba>] mmap_region+0x218/0x425 [76187.463344] [<ffffffff8027a9e4>] do_mmap_pgoff+0x2e8/0x34d [76187.464036] [<ffffffff8020fb39>] sys_mmap+0x8b/0x110 [76187.464548] [<ffffffff8020b714>] tracesys+0xab/0xb0 [76187.465192] [76187.465309] ---[ end trace 19b4f9892ac648e5 ]--- [76187.465766] Xorg:28950 /dev/mem ioremap_change_attr failed write-back for e0000000-e1000000 ... $ The problem could easily be traced down to the failing mmap () call, e. g.: $ lspci -v | grep -A 7 -F VGA 04:00.0 VGA compatible controller: ATI Technologies Inc Unknown device 94c3 (prog-if 00 [VGA]) Subsystem: PC Partner Limited Unknown device e400 Flags: bus master, fast devsel, latency 0, IRQ 5 Memory at e0000000 (64-bit, prefetchable) [size=256M] Memory at f3000000 (64-bit, non-prefetchable) [size=64K] I/O ports at b000 [size=256] [virtual] Expansion ROM at f2000000 [disabled] [size=128K] Capabilities: <access denied> $ cat mmap-mem.c /*** mmap-mem.c --- mmap () on /dev/mem -*- C -*- */ /*** Code: */ #include <fcntl.h> /* for O_RDWR */ #include <stdio.h> #include <sys/mman.h> #define DEVMEM "/dev/mem" int main (int argc, char *argv[]) { long s, l; int fd; void *map; /* parse command line */ { char *t; if (argc != 2 + 1 || (s = strtol (argv[1], &t, 0), t == argv[1] || *t != '\0') || (l = strtol (argv[2], &t, 0), t == argv[2] || *t != '\0')) { fputs ("Usage: mmap-mem START LENGTH\n", stderr); /* . */ return 1; } } /* try to open /dev/mem */ if ((fd = open (DEVMEM, O_RDWR)) < 0) { perror ("Failed to open () " DEVMEM); /* . */ return 1; } /* invoke mmap () */ if ((map = mmap (0, (size_t)l, PROT_READ | PROT_WRITE, MAP_SHARED, fd, (off_t)s)) == (void *)-1) { perror ("Failed to mmap () " DEVMEM); /* . */ return 1; } /* . */ return 0; } /*** mmap-mem.c ends here */ $ make mmap-mem cc mmap-mem.c -o mmap-mem $ # .../mmap-mem 0xe0000000 4096 Failed to mmap () /dev/mem: Invalid argument # The above produces the following in the kernel messages buffer: $ dmesg ... [65309.880818] CPA: called for zero pte. vaddr = ffff88003a9e4000 cpa->vaddr = ffff88003a9e4000 [65309.880818] ------------[ cut here ]------------ [65309.880818] WARNING: at arch/x86/mm/pageattr-xen.c:571 __change_page_attr_set_clr+0x84/0xad5() [65309.880818] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables it87 hwmon_vid eeprom bridge nfsd auth_rpcgss exportfs ac battery ipv6 nfs lockd nfs_acl sunrpc loop parport_pc parport floppy pcspkr k8temp snd_hda_intel snd_pcm snd_timer snd soundcore snd_page_alloc usblp button i2c_nforce2 i2c_core evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ide_generic ide_disk ide_cd_mod cdrom usbhid hid ff_memless sd_mod usb_storage amd74xx ide_core ata_generic ahci libata scsi_mod dock r8169 via_rhine mii ohci_hcd ehci_hcd thermal processor fan thermal_sys [65309.880818] Pid: 12110, comm: mmap-mem Tainted: G W 2.6.26-bpo.1-xen-amd64 #1 [65309.880818] [65309.880818] Call Trace: [65309.880818] [<ffffffff8022cda7>] warn_on_slowpath+0x51/0x7b [65309.880818] [<ffffffff8022d8c9>] printk+0x4e/0x56 [65309.880818] [<ffffffffa0160bb4>] :jbd:journal_dirty_metadata+0xd5/0x106 [65309.880818] [<ffffffff80223a8d>] __wake_up+0x38/0x4f [65309.880818] [<ffffffff8029bc53>] __d_lookup+0xb7/0x131 [65309.880818] [<ffffffff8021962f>] __change_page_attr_set_clr+0x84/0xad5 [65309.880818] [<ffffffff802920e0>] do_lookup+0x63/0x1c1 [65309.880818] [<ffffffff8029b24c>] dput+0x21/0x13e [65309.880818] [<ffffffff802947fa>] __link_path_walk+0xcd5/0xe13 [65309.880818] [<ffffffff8021a142>] change_page_attr_set_clr+0xc2/0x1d6 [65309.880818] [<ffffffff80264d8b>] find_lock_page+0x1f/0xc3 [65309.880818] [<ffffffff8021a9af>] phys_mem_access_prot_allowed+0x12e/0x247 [65309.880818] [<ffffffff80386328>] xen_mmap_mem+0x2f/0x6b [65309.880818] [<ffffffff8027a1b6>] mmap_region+0x218/0x425 [65309.880818] [<ffffffff8027a9e0>] do_mmap_pgoff+0x2e8/0x34d [65309.880818] [<ffffffff8020fb39>] sys_mmap+0x8b/0x110 [65309.880818] [<ffffffff8020b528>] system_call+0x68/0x6d [65309.880818] [<ffffffff8020b4c0>] system_call+0x0/0x6d [65309.880818] [65309.880818] ---[ end trace 70cf43b2f5bb038e ]--- [65309.880818] mmap-mem:12110 /dev/mem ioremap_change_attr failed write-back for ffffffffe0000000-ffffffffe0001000 ... $ Note, however, that mapping either ``real'' RAM or ROM regions doesn't fail: # .../mmap-mem 0x000f0000 4096 # -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org