From: Avi Kivity <avi@qumranet.com>
To: Dave Hansen <dave@linux.vnet.ibm.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
kvm-devel <kvm@vger.kernel.org>,
"Anthony N. Liguori [imap]" <aliguori@us.ibm.com>
Subject: Re: KVM overflows the stack
Date: Thu, 17 Jul 2008 08:52:38 +0300 [thread overview]
Message-ID: <487EDE26.8040201@qumranet.com> (raw)
In-Reply-To: <1216248527.11664.9.camel@nimitz>
Dave Hansen wrote:
> On Wed, 2008-07-16 at 14:44 -0700, Dave Hansen wrote:
>
>> On a suggestion of Anthony's, I tried a defconfig kernel.
>>
>> It is now bombing out on an assertion in the lapic code:
>>
>> http://sr71.net/~dave/linux/2.6.26-oops1.txt
>>
>
> I think I found it!!!
>
> $ (objdump -d kvm.ko ; objdump -d kvm-intel.ko ) | egrep 'sub.*0x...,.*esp|>:' | egrep sub -B1
> 00001a90 <kvm_vcpu_ioctl>:
> 1a9a: 81 ec 60 06 00 00 sub $0x660,%esp
> --
> 00004e90 <kvm_arch_vcpu_ioctl>:
> 4e9d: 81 ec 6c 08 00 00 sub $0x86c,%esp
> --
> 00005900 <kvm_arch_vm_ioctl>:
> 5903: 81 ec 34 05 00 00 sub $0x534,%esp
> --
> 0000d4f0 <paging64_prefetch_page>:
> d4f8: 81 ec 1c 01 00 00 sub $0x11c,%esp
> --
> 0000dfd0 <paging32_prefetch_page>:
> dfd8: 81 ec 1c 01 00 00 sub $0x11c,%esp
> --
> 0000f390 <kvm_pv_mmu_op>:
> f3a1: 81 ec 28 02 00 00 sub $0x228,%esp
>
> We're simply overflowing the stack. I changed all of the large on-stack
> allocations to 'static', and it actually boots now. I know 'static'
> isn't safe, but it was good for a quick test.
>
>
Yes! It's obvious, once you know it...
> A 'make stackcheck' confirms this:
>
> dave@nimitz:~/kernels/linux-2.6.git$ make checkstack
> objdump -d vmlinux $(find . -name '*.ko') | \
> perl /home/dave/kernels/linux-2.6.git-t61/scripts/checkstack.pl i386
> 0x000042d3 kvm_arch_vcpu_ioctl [kvm]: 2148
> 0x000012e3 kvm_vcpu_ioctl [kvm]: 1620
> 0x00004a83 kvm_arch_vm_ioctl [kvm]: 1332
> 0x00009a26 airo_get_aplist [airo]: 1140
> 0x00009b76 airo_get_aplist [airo]: 1140
> 0x00009c82 airo_get_aplist [airo]: 1140
> ...
>
> In other words, kvm has the top 3 stack users in my kernel. As you can
> see from my trace above, these things also get called with super-long
> stacks already. Man. That sucked to find.
>
> Avi, how would you like this fixed? I'd be happy to prepare some
> patches. Do you have a particular approach that you think we should
> use? Just make the big objects dynamically allocated?
>
Yes, things like kvm_lapic_state are way too big to be on the stack.
There's an additional problem here, that apparently your gcc (which
version?) doesn't fold objects in a switch statement into the same stack
slot:
switch (...) {
case x: {
struct medium a;
...
}
case y:
struct medium b;
...
}
};
These could be solved either by stack allocation, or by moving into
functions marked noinline. Whichever is easier.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
next prev parent reply other threads:[~2008-07-17 5:52 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-25 21:12 kvm causing memory corruption? ~2.6.25-rc6 Dave Hansen
2008-03-25 21:12 ` Dave Hansen
2008-03-26 9:50 ` [kvm-devel] " Avi Kivity
2008-03-26 16:52 ` Dave Hansen
2008-03-26 16:58 ` Avi Kivity
2008-03-26 16:58 ` Avi Kivity
2008-03-26 17:16 ` [kvm-devel] " Dave Hansen
2008-03-26 17:16 ` Dave Hansen
2008-03-27 9:36 ` [kvm-devel] " Avi Kivity
2008-03-27 9:36 ` Avi Kivity
2008-03-27 10:10 ` [kvm-devel] " Avi Kivity
2008-03-27 14:55 ` Dave Hansen
2008-03-27 14:59 ` Avi Kivity
2008-03-27 14:59 ` Avi Kivity
2008-03-27 16:30 ` [kvm-devel] " Dave Hansen
2008-06-02 22:30 ` kvm causing memory corruption? now 2.6.26-rc4 Dave Hansen
2008-06-03 0:59 ` Dave Hansen
2008-06-04 13:42 ` Avi Kivity
2008-06-06 7:41 ` Dave Hansen
2008-06-12 13:10 ` Avi Kivity
2008-06-16 18:07 ` Dave Hansen
2008-07-15 18:57 ` kvm causing memory corruption? now 2.6.26-rc8 Dave Hansen
2008-07-16 21:44 ` kvm causing memory corruption? now 2.6.26 Dave Hansen
2008-07-16 22:48 ` KVM overflows the stack Dave Hansen
2008-07-17 5:52 ` Avi Kivity [this message]
2008-07-17 6:08 ` Roland Dreier
2008-07-17 14:06 ` Dave Hansen
2008-07-17 14:15 ` Avi Kivity
2008-07-17 6:14 ` Dave Hansen
2008-07-17 6:42 ` Avi Kivity
2008-07-17 6:45 ` [PATCH] update kvm's anon_inodes.c for r/o bind mounts Dave Hansen
2008-07-19 7:33 ` Avi Kivity
2008-07-17 6:27 ` KVM overflows the stack Dave Hansen
2008-07-17 5:38 ` kvm causing memory corruption? now 2.6.26 Avi Kivity
2008-03-27 15:50 ` [kvm-devel] kvm causing memory corruption? ~2.6.25-rc6 Dave Hansen
2008-03-27 15:50 ` Dave Hansen
2008-03-27 15:53 ` [kvm-devel] " Avi Kivity
2008-03-27 15:53 ` Avi Kivity
2008-03-27 16:30 ` [kvm-devel] " Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=487EDE26.8040201@qumranet.com \
--to=avi@qumranet.com \
--cc=aliguori@us.ibm.com \
--cc=dave@linux.vnet.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.