From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: NULL pointer dereference in kernel code, ignored parameters in libkvm Date: Sun, 24 May 2009 14:59:23 +0300 Message-ID: <4A19369B.8020003@redhat.com> References: <4A1876BE.80103@eecs.umich.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, nathan binkert , Steve Reinhardt To: Gabe Black Return-path: Received: from mx2.redhat.com ([66.187.237.31]:53039 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751772AbZEXL7m (ORCPT ); Sun, 24 May 2009 07:59:42 -0400 In-Reply-To: <4A1876BE.80103@eecs.umich.edu> Sender: kvm-owner@vger.kernel.org List-ID: Gabe Black wrote: > Hi. I'm a developer on the M5 simulator (m5sim.org) working on a CPU > model which uses kvm as its execution engine. Neat stuff. You're using kvm to run non-x86 code on x86? > I ran into a kernel "BUG" > where a NULL pointer is being dereferenced in gfn_to_rmap. > > What's happening on the kernel side is that gfn_to_rmap is calling > gfn_to_memslot. That function looks for the gfn in the memory slots, > fails to find it, and returns a NULL pointer. gfn_to_rmap then tries to > dereference it, and the kernel kills itself. I believe the original > source of the call to gfn_to_memslot was mmu_alloc_roots (in 2.6.28.9, > it may have moved) which tries to get the page pointed to by CR3 using > kvm_mmu_get_page. That part may not be correct, so here's the log output > from the kernel. > This was fixed by 89da4ff17 ("KVM: x86: check for cr3 validity in mmu_alloc_roots"). Did the code base you were testing contain that?7 > The second problem was the fact that CR3 didn't point to any memory even > though it had a valid value (0x7000). This was because our code relied > on kvm_create to set up physical memory, and while it takes parameters > for it and passes them around, it never actually seems to do anything > with them. This also seems to be the case in your most recent code. > > You should set up the memory independently using the memory slot APIs, then load CR3. kvm_create() has bitrotted a bit. > I am a full time employee of VMware, and while I work on M5 on my own > time, that places certain limits on what I can do to help fix these > bugs. While I probably can't implement anything, I should be able to > provide more information about what we're doing with M5 or about the > crash if that would help. > I appreciate the reports. Please test latest kvm.git and let us know if the problems persist. It would also be interesting to hear how you use kvm. -- error compiling committee.c: too many arguments to function