On Fri, 2 Oct 2020, Alex Bennée wrote:
Hi Julian,
Another data point, this time on real HW:
Xen 4.15-unstable (c/s Wed Sep 30 12:25:05 2020 +0100 git:e680dde6fd) EFI loader
Xen 4.15-unstable (XEN) Xen version 4.15-unstable (alex@lan) (gcc (Debian 8.3.0-6) 8.3.0) debug=y Fri Oct 2 16:18:39 BST 2020 (XEN) Latest ChangeSet: Wed Sep 30 12:25:05 2020 +0100 git:e680dde6fd (XEN) build-id: 05ec585524e05f933d11662012b43576ab57eb63 (XEN) Processor: 410fd081: "ARM Limited", variant: 0x0, part 0xd08, rev 0x1 (XEN) 64-bit Execution: (XEN) Processor Features: 0000000000002222 0000000000000000 (XEN) Exception Levels: EL3:64+32 EL2:64+32 EL1:64+32 EL0:64+32 (XEN) Extensions: FloatingPoint AdvancedSIMD (XEN) Debug Features: 0000000010305106 0000000000000000 (XEN) Auxiliary Features: 0000000000000000 0000000000000000 (XEN) Memory Model Features: 0000000000001124 0000000000000000 (XEN) ISA Features: 0000000000011120 0000000000000000 (XEN) 32-bit Execution: (XEN) Processor Features: 00000131:00011011 (XEN) Instruction Sets: AArch32 A32 Thumb Thumb-2 Jazelle (XEN) Extensions: GenericTimer Security (XEN) Debug Features: 03010066 (XEN) Auxiliary Features: 00000000 (XEN) Memory Model Features: 10201105 40000000 01260000 02102211 (XEN) ISA Features: 02101110 13112111 21232042 01112131 00011142 00011121 (XEN) Using SMC Calling Convention v1.1 (XEN) Using PSCI v1.1 (XEN) SMP: Allowing 4 CPUs (XEN) enabled workaround for: ARM erratum 1319537 (XEN) Generic Timer IRQ: phys=30 hyp=26 virt=27 Freq: 25000 KHz (XEN) GICv2: DT overriding v2m hardware setting (base:160, num:32) (XEN) GICv2m extension register frame: (XEN) gic_v2m_addr=00000000f0280000 (XEN) gic_v2m_size=0000000000001000 (XEN) gic_v2m_spi_base=160 (XEN) gic_v2m_num_spis=32 (XEN) GICv2: DT overriding v2m hardware setting (base:192, num:32) (XEN) GICv2m extension register frame: (XEN) gic_v2m_addr=00000000f0290000 (XEN) gic_v2m_size=0000000000001000 (XEN) gic_v2m_spi_base=192 (XEN) gic_v2m_num_spis=32 (XEN) GICv2: DT overriding v2m hardware setting (base:224, num:32) (XEN) GICv2m extension register frame: (XEN) gic_v2m_addr=00000000f02a0000 (XEN) gic_v2m_size=0000000000001000 (XEN) gic_v2m_spi_base=224 (XEN) gic_v2m_num_spis=32 (XEN) GICv2: DT overriding v2m hardware setting (base:256, num:32) (XEN) GICv2m extension register frame: (XEN) gic_v2m_addr=00000000f02b0000 (XEN) gic_v2m_size=0000000000001000 (XEN) gic_v2m_spi_base=256 (XEN) gic_v2m_num_spis=32 (XEN) GICv2 initialization: (XEN) gic_dist_addr=00000000f0210000 (XEN) gic_cpu_addr=00000000f0220000 (XEN) gic_hyp_addr=00000000f0240000 (XEN) gic_vcpu_addr=00000000f0260000 (XEN) gic_maintenance_irq=25 (XEN) GICv2: Adjusting CPU interface base to 0xf022f000 (XEN) GICv2: 352 lines, 4 cpus, secure (IID 0200143b). (XEN) XSM Framework v1.0.0 initialized (XEN) Initialising XSM SILO mode (XEN) Using scheduler: SMP Credit Scheduler rev2 (credit2) (XEN) Initializing Credit2 scheduler (XEN) load_precision_shift: 18 (XEN) load_window_shift: 30 (XEN) underload_balance_tolerance: 0 (XEN) overload_balance_tolerance: -3 (XEN) runqueues arrangement: socket (XEN) cap enforcement granularity: 10ms (XEN) load tracking window length 1073741824 ns (XEN) Allocated console ring of 32 KiB. (XEN) CPU0: Guest atomics will try 12 times before pausing the domain (XEN) Bringing up CPU1 (XEN) CPU1: Guest atomics will try 11 times before pausing the domain (XEN) CPU 1 booted. (XEN) Bringing up CPU2 (XEN) CPU2: Guest atomics will try 10 times before pausing the domain (XEN) CPU 2 booted. (XEN) Bringing up CPU3 (XEN) CPU3: Guest atomics will try 10 times before pausing the domain (XEN) Brought up 4 CPUs (XEN) CPU 3 booted. (XEN) Data Abort Trap. Syndrome=0x5 (XEN) Walking Hypervisor VA 0x800440000000 on CPU0 via TTBR 0x00000000aac72000 (XEN) 0TH[0x100] = 0x00400000aac70f7f (XEN) 1ST[0x11] = 0x0000000000000000 (XEN) CPU0: Unexpected Trap: Data Abort (XEN) ----[ Xen-4.15-unstable arm64 debug=y Not tainted ]---- (XEN) CPU: 0 (XEN) PC: 000000000025ed4c strlen+0x10/0x84 (XEN) LR: 00000000002030f8 (XEN) SP: 00000000002ffcf0 (XEN) CPSR: 60000249 MODE:64-bit EL2h (Hypervisor, handler) (XEN) X0: 000080043ee00000 X1: 0000800440000000 X2: ffffffffffffffff (XEN) X3: ffffffffffffffff X4: 0000000000000001 X5: 0000000000000000 (XEN) X6: 0000000000000000 X7: fefefefefefefefe X8: ffffffffffffffff (XEN) X9: fefefefefefefefe X10: ffffffffffffffff X11: 0101010101010101 (XEN) X12: 0000000000000038 X13: 00000000002883b8 X14: 00000000002ffb48 (XEN) X15: 0000000000000020 X16: 0000000000000000 X17: 00000000002b1000 (XEN) X18: 00000000002b2000 X19: 000080043ee00000 X20: 000000000029cb40 (XEN) X21: 000080042ffde5d0 X22: 0000000000000001 X23: 0000000000000000 (XEN) X24: 00000000002a23d0 X25: 0000000440000000 X26: 000000000000002d (XEN) X27: 00000000002e0910 X28: 00000000003fe440 FP: 00000000002ffcf0 (XEN) (XEN) VTCR_EL2: 80000000 (XEN) VTTBR_EL2: 0000000000000000 (XEN) (XEN) SCTLR_EL2: 30cd183d (XEN) HCR_EL2: 0000000000000038 (XEN) TTBR0_EL2: 00000000aac72000 (XEN) (XEN) ESR_EL2: 96000005 (XEN) HPFAR_EL2: 0000000000000000 (XEN) FAR_EL2: 0000800440000000 (XEN) (XEN) Xen stack trace from sp=00000000002ffcf0: (XEN) 00000000002ffd20 000000000020404c 00000000002a5448 0000000000000001 (XEN) 00000000002ffd40 f11e576000204150 00000000002ffd50 00000000002c417c (XEN) 00000000002b25c0 0000000000000001 00000000002b2620 000080042ffde5d0 (XEN) 00000000002ffd90 00000000002bdbe0 000080042ffde5d0 0000000000000001 (XEN) 00000000002ddc68 0000000000000000 0000000000000004 00000000ffffffc8 (XEN) 00000000002ffdd0 00000000002bf09c 0000000000000004 0000000000000004 (XEN) 00000000002b0580 000000000033e430 0101010101010101 0000000000000000 (XEN) 00000000002ffdf0 00000000002cbaec 0000000000000004 0000000000000004 (XEN) 000000003f8790a0 00000000002001b8 00000000aab35000 00000000aa935000 (XEN) 00000000b2273000 0000000000000000 0000000000400000 00000000b22ad018 (XEN) 00000000aabe7138 0000000000000001 0000000000000001 8000000000000002 (XEN) 0000000000000000 00000000002e1948 00000000b2273000 0000000000009000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000300000000 (XEN) 0000000000000000 00000040ffffffff 00000000ffffffff 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 (XEN) Xen call trace: (XEN) [<000000000025ed4c>] strlen+0x10/0x84 (PC) (XEN) [<00000000002030f8>] dt_device_is_compatible+0x48/0x84 (LR) (XEN) [<000000000020404c>] dt_match_node+0x70/0x10c (XEN) [<00000000002c417c>] device_init+0x90/0xdc (XEN) [<00000000002bdbe0>] iommu_hardware_setup+0x5c/0x188 (XEN) [<00000000002bf09c>] iommu_setup+0x30/0x188 (XEN) [<00000000002cbaec>] start_xen+0xac4/0xc88 (XEN) [<00000000002001b8>] arm64/head.o#primary_switched+0x10/0x30
This seems to be the same bug in GRUB noticed by Masami, where GRUB is adding strings to device tree at runtime without '\0' at the end. Julien posted a potential (untested) fix for GRUB:
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c index 22cc25eccd9d..c9f017525465 100644 --- a/grub-core/loader/arm64/xen_boot.c +++ b/grub-core/loader/arm64/xen_boot.c @@ -211,7 +211,7 @@ finalize_params_xen_boot (void) additional_size += FDT_NODE_NAME_MAX_SIZE + xen_hypervisor->cmdline_size; FOR_LIST_ELEMENTS (module, module_head) { - additional_size += 6 * FDT_NODE_NAME_MAX_SIZE + sizeof(MODULE_CUSTOM_COMPATIBLE) - 1 + additional_size += 6 * FDT_NODE_NAME_MAX_SIZE + sizeof(MODULE_CUSTOM_COMPATIBLE) + module->cmdline_size; }