From: Dave Hansen <dave@linux.vnet.ibm.com>
To: Avi Kivity <avi@qumranet.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
kvm-devel <kvm@vger.kernel.org>,
"Anthony N. Liguori [imap]" <aliguori@us.ibm.com>
Subject: KVM overflows the stack
Date: Wed, 16 Jul 2008 15:48:47 -0700 [thread overview]
Message-ID: <1216248527.11664.9.camel@nimitz> (raw)
In-Reply-To: <1216244660.8711.6.camel@nimitz>
On Wed, 2008-07-16 at 14:44 -0700, Dave Hansen wrote:
> On a suggestion of Anthony's, I tried a defconfig kernel.
>
> It is now bombing out on an assertion in the lapic code:
>
> http://sr71.net/~dave/linux/2.6.26-oops1.txt
I think I found it!!!
$ (objdump -d kvm.ko ; objdump -d kvm-intel.ko ) | egrep 'sub.*0x...,.*esp|>:' | egrep sub -B1
00001a90 <kvm_vcpu_ioctl>:
1a9a: 81 ec 60 06 00 00 sub $0x660,%esp
--
00004e90 <kvm_arch_vcpu_ioctl>:
4e9d: 81 ec 6c 08 00 00 sub $0x86c,%esp
--
00005900 <kvm_arch_vm_ioctl>:
5903: 81 ec 34 05 00 00 sub $0x534,%esp
--
0000d4f0 <paging64_prefetch_page>:
d4f8: 81 ec 1c 01 00 00 sub $0x11c,%esp
--
0000dfd0 <paging32_prefetch_page>:
dfd8: 81 ec 1c 01 00 00 sub $0x11c,%esp
--
0000f390 <kvm_pv_mmu_op>:
f3a1: 81 ec 28 02 00 00 sub $0x228,%esp
We're simply overflowing the stack. I changed all of the large on-stack
allocations to 'static', and it actually boots now. I know 'static'
isn't safe, but it was good for a quick test.
A 'make stackcheck' confirms this:
dave@nimitz:~/kernels/linux-2.6.git$ make checkstack
objdump -d vmlinux $(find . -name '*.ko') | \
perl /home/dave/kernels/linux-2.6.git-t61/scripts/checkstack.pl i386
0x000042d3 kvm_arch_vcpu_ioctl [kvm]: 2148
0x000012e3 kvm_vcpu_ioctl [kvm]: 1620
0x00004a83 kvm_arch_vm_ioctl [kvm]: 1332
0x00009a26 airo_get_aplist [airo]: 1140
0x00009b76 airo_get_aplist [airo]: 1140
0x00009c82 airo_get_aplist [airo]: 1140
...
In other words, kvm has the top 3 stack users in my kernel. As you can
see from my trace above, these things also get called with super-long
stacks already. Man. That sucked to find.
Avi, how would you like this fixed? I'd be happy to prepare some
patches. Do you have a particular approach that you think we should
use? Just make the big objects dynamically allocated?
-- Dave
next prev parent reply other threads:[~2008-07-16 22:49 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-25 21:12 kvm causing memory corruption? ~2.6.25-rc6 Dave Hansen
2008-03-25 21:12 ` Dave Hansen
2008-03-26 9:50 ` [kvm-devel] " Avi Kivity
2008-03-26 16:52 ` Dave Hansen
2008-03-26 16:58 ` Avi Kivity
2008-03-26 16:58 ` Avi Kivity
2008-03-26 17:16 ` [kvm-devel] " Dave Hansen
2008-03-26 17:16 ` Dave Hansen
2008-03-27 9:36 ` [kvm-devel] " Avi Kivity
2008-03-27 9:36 ` Avi Kivity
2008-03-27 10:10 ` [kvm-devel] " Avi Kivity
2008-03-27 14:55 ` Dave Hansen
2008-03-27 14:59 ` Avi Kivity
2008-03-27 14:59 ` Avi Kivity
2008-03-27 16:30 ` [kvm-devel] " Dave Hansen
2008-06-02 22:30 ` kvm causing memory corruption? now 2.6.26-rc4 Dave Hansen
2008-06-03 0:59 ` Dave Hansen
2008-06-04 13:42 ` Avi Kivity
2008-06-06 7:41 ` Dave Hansen
2008-06-12 13:10 ` Avi Kivity
2008-06-16 18:07 ` Dave Hansen
2008-07-15 18:57 ` kvm causing memory corruption? now 2.6.26-rc8 Dave Hansen
2008-07-16 21:44 ` kvm causing memory corruption? now 2.6.26 Dave Hansen
2008-07-16 22:48 ` Dave Hansen [this message]
2008-07-17 5:52 ` KVM overflows the stack Avi Kivity
2008-07-17 6:08 ` Roland Dreier
2008-07-17 14:06 ` Dave Hansen
2008-07-17 14:15 ` Avi Kivity
2008-07-17 6:14 ` Dave Hansen
2008-07-17 6:42 ` Avi Kivity
2008-07-17 6:45 ` [PATCH] update kvm's anon_inodes.c for r/o bind mounts Dave Hansen
2008-07-19 7:33 ` Avi Kivity
2008-07-17 6:27 ` KVM overflows the stack Dave Hansen
2008-07-17 5:38 ` kvm causing memory corruption? now 2.6.26 Avi Kivity
2008-03-27 15:50 ` [kvm-devel] kvm causing memory corruption? ~2.6.25-rc6 Dave Hansen
2008-03-27 15:50 ` Dave Hansen
2008-03-27 15:53 ` [kvm-devel] " Avi Kivity
2008-03-27 15:53 ` Avi Kivity
2008-03-27 16:30 ` [kvm-devel] " Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1216248527.11664.9.camel@nimitz \
--to=dave@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=avi@qumranet.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.