From: Marcelo Tosatti <marcelo-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org>
To: Gerd Hoffmann <kraxel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Marcelo Tosatti <marcelo-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org>,
kvm-devel
<kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Subject: Re: [RFC] VMX CR3 cache
Date: Wed, 30 Jan 2008 11:25:07 -0200 [thread overview]
Message-ID: <20080130132507.GA21392@dmt> (raw)
In-Reply-To: <47A034CD.9010708-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Wed, Jan 30, 2008 at 09:26:53AM +0100, Gerd Hoffmann wrote:
> Marcelo Tosatti wrote:
> > And this is against a changed x86.git -mm tree (with pvops64 patches).
> > I'll send the PTE-write-via-hypercall patches soon and will rebase on
> > top of that (the CR3 cache needs more testing/tuning apparently).
>
> Oops for sale ;)
>
> Triggered by guests wrmsr, looks like some error checks are missing.
>
> I've passed in a physical address. The vmx_cr3_cache_msr() function has
> a gva_to_page() call which makes me suspect it expects a virtual
> address. First it should not Oops when a invalid virtual address is
> passed in, and second I think it better shouldn't expect a virtual
> address in the first place.
I'll switch to a physical address and make sure proper error handling
is in place.
> What is the reason to expect the cr3 cache being page aligned btw? It
> should be enougth to require the struct not cross a page border, right?
Right, page aligning it on the guest seems the easier way to avoid it
from crossing a page boundary.
>
> cheers,
> Gerd
> MSR_IA32_VMX_MISC: 00000000000403c0
> cr3 target values: 4
> device xenner0 entered promiscuous mode
> audit(1201680208.401:28): dev=xenner0 prom=256 old_prom=0 auid=4294967295
> br0: port 1(xenner0) entering learning state
> Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
> [<ffffffff8847a9ec>] :kvm_intel:vmx_cr3_cache_msr+0x76/0xef
> PGD 102d0067 PUD f816067 PMD 0
> Oops: 0000 [1] SMP
> CPU 1
> Modules linked in: i915 drm nls_utf8 ipt_LOG xt_TCPMSS xt_mark xt_MARK iptable_mangle kvm_intel(U) kvm(U) ipt_MASQUERADE iptable_nat nf_nat nfsd exportfs lockd nfs_acl auth_rpcgss autofs4 tun sunrpc bridge nf_conntrack_ipv4 ipt_REJECT iptable_filter ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6 xt_state nf_conntrack nfnetlink xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter ip6_tables x_tables ipv6 cpufreq_ondemand acpi_cpufreq loop dm_multipath sr_mod cdrom ata_generic snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss arc4 snd_mixer_oss ecb blkcipher snd_pcm iTCO_wdt iTCO_vendor_support video snd_timer snd_page_alloc output i2c_i801 i2c_core ata_piix iwl3945 snd_hwdep snd battery ac nsc_ircc mac80211 button cfg80211 sg e1000 pcspkr
irda soundcore thinkpad_acpi crc_ccitt hwmon joydev dm_snapshot dm_zero dm_mirror dm_mod ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd
> Pid: 7680, comm: xenner Not tainted 2.6.23.14-107.fc8 #1
> RIP: 0010:[<ffffffff8847a9ec>] [<ffffffff8847a9ec>] :kvm_intel:vmx_cr3_cache_msr+0x76/0xef
> RSP: 0018:ffff810011509ca8 EFLAGS: 00010296
> RAX: ffff810008e48770 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: ffffffffffffffff RSI: 0000000000000296 RDI: ffff810008e4876c
> RBP: ffff81001648a000 R08: 0000000087655678 R09: 0000000000000000
> R10: 0000000000000034 R11: ffffffff8847afcd R12: ffff81007cc99000
> R13: 0000000000000000 R14: 000000000000000a R15: 0000000000000000
> FS: 00002aaaaaad2b20(0000) GS:ffff810037c21300(0000) knlGS:0000000000000000
> CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
> CR2: 0000000000000000 CR3: 000000007ad72000 CR4: 00000000000026e0
> DR0: ffffffff8125b0e0 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff1 DR7: 0000000000000701
> Process xenner (pid: 7680, threadinfo ffff810011508000, task ffff81000a83b040)
> Stack: ffff81001648a000 ffff81001648a000 0000000000000000 ffffffff8847aff8
> ffff81001648a000 ffffffff88460c3f 000000008090ae81 ffff810011509e68
> ffff810011509ee8 ffff81001648a000 0000000000000000 000000000000ae80
> Call Trace:
> [<ffffffff8847aff8>] :kvm_intel:handle_wrmsr+0x2b/0x4f
> [<ffffffff88460c3f>] :kvm:kvm_arch_vcpu_ioctl_run+0x3a7/0x4fb
> [<ffffffff8845d3ff>] :kvm:kvm_vcpu_ioctl+0xda/0x2dd
> [<ffffffff81176325>] n_tty_receive_buf+0xd49/0xdc9
> [<ffffffff81074717>] generic_file_aio_write+0x6c/0xc1
> [<ffffffff810f4b72>] avc_has_perm+0x49/0x5b
> [<ffffffff880361ae>] :ext3:ext3_file_write+0x16/0x94
> [<ffffffff810f57b1>] inode_has_perm+0x65/0x72
> [<ffffffff8102f7d2>] __wake_up+0x38/0x4f
> [<ffffffff810f5852>] file_has_perm+0x94/0xa3
> [<ffffffff810a7625>] do_ioctl+0x21/0x6b
> [<ffffffff810a78b2>] vfs_ioctl+0x243/0x25c
> [<ffffffff810a7924>] sys_ioctl+0x59/0x79
> [<ffffffff8100bbce>] system_call+0x7e/0x83
>
>
> Code: 48 8b 13 31 c9 48 c1 ea 33 48 89 d0 48 c1 e8 09 48 8b 04 c5
> RIP [<ffffffff8847a9ec>] :kvm_intel:vmx_cr3_cache_msr+0x76/0xef
> RSP <ffff810011509ca8>
> CR2: 0000000000000000
> xenner0: no IPv6 routers present
> br0: topology change detected, propagating
> br0: port 1(xenner0) entering forwarding state
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
prev parent reply other threads:[~2008-01-30 13:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 16:04 [RFC] VMX CR3 cache Marcelo Tosatti
2008-01-28 17:17 ` Ingo Molnar
[not found] ` <20080128171734.GA19705-X9Un+BFzKDI@public.gmane.org>
2008-01-28 17:35 ` Marcelo Tosatti
2008-01-28 17:37 ` Ingo Molnar
[not found] ` <20080128173707.GB22487-X9Un+BFzKDI@public.gmane.org>
2008-01-28 18:17 ` Marcelo Tosatti
2008-01-28 17:23 ` Avi Kivity
2008-01-29 8:54 ` Gerd Hoffmann
[not found] ` <479EE9C3.8000007-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-01-29 10:28 ` Gerd Hoffmann
[not found] ` <479EFFB0.1000700-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-01-29 10:32 ` Gerd Hoffmann
2008-01-29 12:33 ` Marcelo Tosatti
2008-01-30 8:26 ` Gerd Hoffmann
[not found] ` <47A034CD.9010708-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-01-30 9:18 ` Gerd Hoffmann
[not found] ` <47A040E3.7000207-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-01-30 10:10 ` Avi Kivity
[not found] ` <47A04D1C.4090505-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-01-30 12:05 ` Gerd Hoffmann
2008-01-30 13:25 ` Marcelo Tosatti [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080130132507.GA21392@dmt \
--to=marcelo-bw31mazkks3ytjvyw6ydsg@public.gmane.org \
--cc=avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org \
--cc=kraxel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.