Re: [Xen-devel] printk from softirq on xen: hard lockup

[Jason A. Donenfeld]

Hi folks,

I have written an extremely simple reproducer. Xen 4.5.1. Linux 4.1.3.
Config attached. Reproducer attached. Makefile attached.

It results in the COMPLETE lockup of the system when it receives a
network packet over the Xen PV network interface.

The lockup is 100% reliable. As in the messages above, it puts this --
"while (native_apic_mem_read(APIC_ICR) & APIC_ICR_BUSY)" into a busy
loop that never exits.

It is triggered by a simple printk in softirq.

Thanks,
Jason

Attachment: Makefile
Description: Binary data

#include <linux/init.h>
#include <linux/module.h>
#include <linux/net.h>
#include <linux/if.h>
#include <net/udp_tunnel.h>

static struct socket *s = NULL;

static int receive(struct sock *sk, struct sk_buff *skb)
{
	net_info_ratelimited("The printing of this message will crash a Xen PV guest.\n");
	dev_kfree_skb(skb);
	return 0;
}

static int __init mod_init(void)
{
	int ret;
	struct udp_port_cfg port = {
		.family = AF_INET,
		.local_ip = { htonl(INADDR_ANY) },
		.local_udp_port = htons(32812),
		.use_udp_checksums = 1
	};
	struct udp_tunnel_sock_cfg tunnel = {
		.encap_type = 1,
		.encap_rcv = receive
	};
	ret = udp_sock_create4(&init_net, &port, &s);
	if (ret)
		return ret;
	setup_udp_tunnel_sock(&init_net, s, &tunnel);
	return ret;
}

static void __exit mod_exit(void)
{
	if (s)
		udp_tunnel_sock_release(s);
}

module_init(mod_init);
module_exit(mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Send a UDP packet to port 32812");
MODULE_AUTHOR("Jason A. Donenfeld <Jason@xxxxxxxxx>");

Attachment: 4.1.3-domU-config
Description: Binary data