From: Stefan Bader <stefan.bader@canonical.com>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 13/20] KVM: x86 emulator: fix memory access during x86 emulation
Date: Tue, 09 Mar 2010 16:49:27 +0100 [thread overview]
Message-ID: <4B966E07.20900@canonical.com> (raw)
In-Reply-To: <4B956283.10706@canonical.com>
Stefan Bader wrote:
> Avi Kivity wrote:
>> On 03/08/2010 04:10 PM, Stefan Bader wrote:
>>> Avi Kivity wrote:
>>>
>>>> On 03/06/2010 03:53 PM, Stefan Bader wrote:
>>>>
>>>>> i Avi,
>>>>>
>>>>> we currently try to integrate this patch for an update into a 2.6.32
>>>>> based
>>>>> system (amongst other kvm updates). But as soon as this patch gets
>>>>> added kvm
>>>>> will die on startup in kvm_leave_lazy_mmu. This has been documented
>>>>> here:
>>>>>
>>>>> https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/531823
>>>>>
>>>>> I have placed the backports of your patches, which are currently in
>>>>> linux-next
>>>>> and marked for stable here:
>>>>>
>>>>> git://kernel.ubuntu.com/smb/linux-2.6.32.y kvm
>>>>>
>>>>> I have tested the failure with a version that got only the following
>>>>> patches in:
>>>>> KVM: x86 emulator: Add Virtual-8086 mode of emulation
>>>>> KVM: x86 emulator: fix memory access during x86 emulation
>>>>> KVM: x86 emulator: Check IOPL level during io instruction emulation
>>>>> KVM: x86 emulator: Fix popf emulation
>>>>> KVM: x86 emulator: Check CPL level during privilege instruction
>>>>> emulation
>>>>>
>>>>> and also with a version that takes all stable patches up to the bad
>>>>> one:
>>>>> KVM: VMX: Trap and invalid MWAIT/MONITOR instruction
>>>>> KVM: x86 emulator: Add group8 instruction decoding
>>>>> KVM: x86 emulator: Add group9 instruction decoding
>>>>> KVM: x86 emulator: Add Virtual-8086 mode of emulation
>>>>> KVM: x86 emulator: fix memory access during x86 emulation
>>>>>
>>>>> But as soon as the fix for memory access gets added, the bug will
>>>>> occur. Would
>>>>> you have an idea what might be causing this?
>>>>>
>>>>>
>>>> Does the same guest, using the same qemu-kvm, work on kvm.git or
>>>> upstream?
>>>>
>>>>
>>> The test was done with a kvm user-space package based on 0.12.3 (which
>>> seems to
>>> be the current upstream version). I try to do a test on the git version.
>>>
>> I meant keep the same userspace without change, and try it on a Linus
>> kernel or kvm.git master
>> (http://git.kernel.org/?p=virt/kvm/kvm.git;a=summary).
>>
> HEAD of kvm.git tree works (with same client and userspace)
> Stable 2.6.32.y tree plus all patches marked cc: stable fails.
I did some more experiments:
- Reverting the kvm git tree back to "KVM: x86 emulator: fix memory
access during x86 emulation" will also produce a working kernel.
- I tried to add changes to arch/x86/kvm between the last change to
2.6.32.y and the memory access fix but still get the failure. (some
are left out as they depend on larger/earlier changes)
54532a54d07cafb22076ef24346bd8b9f3b31008 KVM: Introduce kvm_host_page_size
79619a0b8ae87a1049cf6c2936205e2d2bb26ce8 KVM: Activate fpu on clts
d7008a4bec7ca24144eff555254ed1ec26fe330b KVM: fix load_guest_segment_descriptor(
8d067487fab8f00d9eb46beb1b54c0080824cd01 KVM: fix kvm_fix_hypercall() to return
a7c469e9abb33e63e098d4ea72d0291fd74bbc9b KVM: VMX: Wire up .fpu_activate() callb
bd148f5b1cf8e787264b7d8a09a9cc2a328eb987 KVM: VMX: Remove redundant test in vmx_
457132cfe7942ea9c0be8a37e9c822263eb67286 KVM: VMX: emulate accessed bit for EPT
9fe8302b20efa50423fd84efcc4a39b516980c90 KVM: Remove redundant reading of rax on
71c586b8a531000dad1b3a655dbcda1496a9bb8f KVM: Fix cr4 possible guest owned bits
d568ed45eac26170acfbd0f3eb71e53a9909b52b KVM: MMU: Add tracepoint for guest page
d041987339e09f0cf3e0d2ad76ba2190dd82f047 KVM: VMX: Rename VMX_EPT_IGMT_BIT to VM
482b8e268261f8e21f2bec74c7297ab91bba6d17 KVM: PIT: unregister kvm irq notifier i
But all is just stabbing in the dark at the moment. Is there a way I can get
more debug information?
> (32bit host/guest)
> Host dmesg:
> kvm: emulating exchange as write
>
> Guest dmesg:
> ...
> [ 3.053503] Freeing initrd memory: 8843k freed
> [ 3.059863] Freeing unused kernel memory: 660k freed
> [ 3.076657] Write protecting the kernel text: 4780k
> [ 3.082863] Write protecting the kernel read-only data: 1912k
> [ 3.086666] BUG: unable to handle kernel paging request at c01292e3
> [ 3.088025] IP: [<c01292e3>] kvm_leave_lazy_mmu+0x43/0x70
> [ 3.088025] *pde = 00910067 *pte = 00129161
> [ 3.088025] Oops: 0003 [#1] SMP
> [ 3.088025] last sysfs file:
> [ 3.088025] Modules linked in:
> [ 3.088025]
> [ 3.088025] Pid: 1, comm: init Not tainted (2.6.32-15-generic #22-Ubuntu) Bochs
> [ 3.088025] EIP: 0060:[<c01292e3>] EFLAGS: 00010246 CPU: 0
> [ 3.088025] EIP is at kvm_leave_lazy_mmu+0x43/0x70
> [ 3.088025] EAX: 00000002 EBX: 00000018 ECX: 01802c20 EDX: 00000000
> [ 3.088025] ESI: c1802c20 EDI: c1802c20 EBP: df071cb4 ESP: df071ca8
> [ 3.088025] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [ 3.088025] Process init (pid: 1, ti=df070000 task=df068000 task.ti=df070000)
> [ 3.088025] Stack:
> [ 3.088025] c0000000 dce2b000 dce2a844 df071cf0 c01e8b6d 00000000 00000001
> bffff000
> [ 3.088025] <0> 00000000 db7ed000 c139d54c c139d54c df133000 db7ed000
> 1ffef067 bffff000
> [ 3.088025] <0> bfe10000 db44bbfc df071d2c c01e8ce0 c0000000 df133000
> db44bbfc bfe10000
> [ 3.088025] Call Trace:
> [ 3.088025] [<c01e8b6d>] ? move_ptes+0x1ad/0x270
> [ 3.088025] [<c01e8ce0>] ? move_page_tables+0xb0/0x130
> [ 3.088025] [<c020b614>] ? shift_arg_pages+0x94/0x180
> [ 3.088025] [<c020b885>] ? setup_arg_pages+0x185/0x1b0
> [ 3.088025] [<c0241243>] ? load_elf_binary+0x3c3/0xac0
> [ 3.088025] [<c02f1654>] ? security_file_permission+0x14/0x20
> [ 3.088025] [<c02052f4>] ? rw_verify_area+0x64/0xe0
> [ 3.088025] [<c0240e80>] ? load_elf_binary+0x0/0xac0
> [ 3.088025] [<c020bd9f>] ? search_binary_handler+0xef/0x2f0
> [ 3.088025] [<c020b465>] ? kernel_read+0x35/0x50
> [ 3.088025] [<c023f7b2>] ? load_script+0x1e2/0x270
> [ 3.088025] [<c01e4160>] ? get_user_pages+0x50/0x60
> [ 3.088025] [<c020a662>] ? get_arg_page+0x52/0xb0
> [ 3.088025] [<c023f5d0>] ? load_script+0x0/0x270
> [ 3.088025] [<c020bd9f>] ? search_binary_handler+0xef/0x2f0
> [ 3.088025] [<c020a834>] ? copy_strings+0x174/0x190
> [ 3.088025] [<c020c2c7>] ? do_execve+0x1f7/0x2c0
> [ 3.088025] [<c034ed6a>] ? strncpy_from_user+0x3a/0x70
> [ 3.088025] [<c0101a1d>] ? sys_execve+0x2d/0x60
> [ 3.088025] [<c01033ec>] ? syscall_call+0x7/0xb
> [ 3.088025] [<c01070a4>] ? kernel_execve+0x24/0x30
> [ 3.088025] [<c01012ac>] ? run_init_process+0x1c/0x20
> [ 3.088025] [<c0101396>] ? init_post+0xe6/0x100
> [ 3.088025] [<c07d83d0>] ? kernel_init+0xb8/0xbf
> [ 3.088025] [<c07d8318>] ? kernel_init+0x0/0xbf
> [ 3.088025] [<c0104087>] ? kernel_thread_helper+0x7/0x10
> [ 3.088025] Code: 6c 87 c0 64 a1 40 6a 87 c0 03 3c 85 80 4a 7d c0 8b 9f 00 04
> 00 00 85 db 74 24 89 fe 31 d2 66 90 8d 8e 00 00 00 40 b8 02 00 00 00 <0f> 01 c1
> 01 c6 29 c3 75 ec c7 87 00 04 00 00 00 00 00 00 e8 e5
> [ 3.088025] EIP: [<c01292e3>] kvm_leave_lazy_mmu+0x43/0x70 SS:ESP 0068:df071ca8
> [ 3.088025] CR2: 00000000c01292e3
> [ 3.088025] ---[ end trace 85e247d11bf9c7e0 ]---
> [ 3.088025] note: init[1] exited with preempt_count 2
> [ 3.141968] BUG: scheduling while atomic: init/1/0x00000002
> [ 3.143101] Modules linked in:
> [ 3.143723] Pid: 1, comm: init Tainted: G D 2.6.32-15-generic #22-Ubuntu
> [ 3.145183] Call Trace:
> [ 3.145674] [<c013d562>] __schedule_bug+0x62/0x70
> [ 3.146646] [<c05a37d4>] schedule+0x614/0x840
> [ 3.147497] [<c05a9bcc>] ? smp_apic_timer_interrupt+0x5c/0x8b
> [ 3.148636] [<c0103df1>] ? apic_timer_interrupt+0x31/0x40
> [ 3.149690] [<c05a53b5>] rwsem_down_failed_common+0x75/0x1a0
> [ 3.150977] [<c05a552d>] rwsem_down_read_failed+0x1d/0x30
> [ 3.152040] [<c05a5587>] call_rwsem_down_read_failed+0x7/0x10
> [ 3.153149] [<c05a4aec>] ? down_read+0x1c/0x20
> [ 3.154017] [<c01878ef>] acct_collect+0x3f/0x170
> [ 3.154976] [<c014ec12>] do_exit+0x262/0x310
> [ 3.155808] [<c05a6595>] oops_end+0x95/0xd0
> [ 3.156642] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.157660] [<c012b2cc>] no_context+0xbc/0xe0
> [ 3.158545] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.159553] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.160627] [<c012b32c>] __bad_area_nosemaphore+0x3c/0x160
> [ 3.161838] [<c01c89ba>] ? T.903+0x3da/0x480
> [ 3.162741] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.163772] [<c012b467>] bad_area_nosemaphore+0x17/0x20
> [ 3.164809] [<c05a7d56>] do_page_fault+0x2f6/0x380
> [ 3.165744] [<c05a7a60>] ? do_page_fault+0x0/0x380
> [ 3.166737] [<c05a5a63>] error_code+0x73/0x80
> [ 3.167595] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.168629] [<c01e8b6d>] move_ptes+0x1ad/0x270
> [ 3.169495] [<c01e8ce0>] move_page_tables+0xb0/0x130
> [ 3.170525] [<c020b614>] shift_arg_pages+0x94/0x180
> [ 3.171476] [<c020b885>] setup_arg_pages+0x185/0x1b0
> [ 3.172461] [<c0241243>] load_elf_binary+0x3c3/0xac0
> [ 3.173429] [<c02f1654>] ? security_file_permission+0x14/0x20
> [ 3.174609] [<c02052f4>] ? rw_verify_area+0x64/0xe0
> [ 3.175555] [<c0240e80>] ? load_elf_binary+0x0/0xac0
> [ 3.176533] [<c020bd9f>] search_binary_handler+0xef/0x2f0
> [ 3.177588] [<c020b465>] ? kernel_read+0x35/0x50
> [ 3.178551] [<c023f7b2>] load_script+0x1e2/0x270
> [ 3.179465] [<c01e4160>] ? get_user_pages+0x50/0x60
> [ 3.180430] [<c020a662>] ? get_arg_page+0x52/0xb0
> [ 3.181346] [<c023f5d0>] ? load_script+0x0/0x270
> [ 3.182244] [<c020bd9f>] search_binary_handler+0xef/0x2f0
> [ 3.183371] [<c020a834>] ? copy_strings+0x174/0x190
> [ 3.184341] [<c020c2c7>] do_execve+0x1f7/0x2c0
> [ 3.185210] [<c034ed6a>] ? strncpy_from_user+0x3a/0x70
> [ 3.186203] [<c0101a1d>] sys_execve+0x2d/0x60
> [ 3.187101] [<c01033ec>] syscall_call+0x7/0xb
> [ 3.187945] [<c01070a4>] ? kernel_execve+0x24/0x30
> [ 3.188890] [<c01012ac>] ? run_init_process+0x1c/0x20
> [ 3.189874] [<c0101396>] ? init_post+0xe6/0x100
> [ 3.190828] [<c07d83d0>] ? kernel_init+0xb8/0xbf
> [ 3.191873] [<c07d8318>] ? kernel_init+0x0/0xbf
> [ 3.192777] [<c0104087>] ? kernel_thread_helper+0x7/0x10
> [ 3.524180] Clocksource tsc unstable (delta = -140394173 ns)
>
next prev parent reply other threads:[~2010-03-09 15:49 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-17 13:45 [PATCH 00/20] KVM updates for the 2.6.34 merge window (batch 4/4) Avi Kivity
2010-02-17 13:45 ` [PATCH 01/20] KVM: Fix Codestyle in virt/kvm/coalesced_mmio.c Avi Kivity
2010-02-17 13:45 ` [PATCH 02/20] KVM: MMU: Add tracepoint for guest page aging Avi Kivity
2010-02-17 13:45 ` [PATCH 03/20] KVM: VMX: Rename VMX_EPT_IGMT_BIT to VMX_EPT_IPAT_BIT Avi Kivity
2010-02-17 13:45 ` [PATCH 04/20] KVM: PIT: unregister kvm irq notifier if fail to create pit Avi Kivity
2010-02-17 13:45 ` [PATCH 05/20] KVM: kvm->arch.vioapic should be NULL if kvm_ioapic_init() failure Avi Kivity
2010-02-17 13:45 ` [PATCH 06/20] KVM: cleanup the failure path of KVM_CREATE_IRQCHIP ioctrl Avi Kivity
2010-02-17 13:45 ` [PATCH 07/20] KVM: ia64: destroy ioapic device if fail to setup default irq routing Avi Kivity
2010-02-17 13:45 ` [PATCH 08/20] KVM: ppc/booke: Set ESR and DEAR when inject interrupt to guest Avi Kivity
2010-02-17 13:45 ` [PATCH 09/20] KVM: do not store wqh in irqfd Avi Kivity
2010-02-17 13:45 ` [PATCH 10/20] KVM: x86 emulator: Add group8 instruction decoding Avi Kivity
2010-02-17 13:45 ` [PATCH 11/20] KVM: x86 emulator: Add group9 " Avi Kivity
2010-02-17 13:45 ` [PATCH 12/20] KVM: x86 emulator: Add Virtual-8086 mode of emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 13/20] KVM: x86 emulator: fix memory access during x86 emulation Avi Kivity
2010-03-06 13:53 ` Stefan Bader
2010-03-07 10:07 ` Avi Kivity
2010-03-08 14:10 ` Stefan Bader
2010-03-08 14:12 ` Avi Kivity
2010-03-08 14:17 ` Stefan Bader
2010-03-08 20:48 ` Stefan Bader
2010-03-09 15:49 ` Stefan Bader [this message]
2010-03-11 21:16 ` KVM: x86: ignore access permissions for hypercall patching Marcelo Tosatti
2010-03-11 21:22 ` Stefan Bader
2010-03-12 5:56 ` Gleb Natapov
2010-03-12 6:07 ` Gleb Natapov
2010-02-17 13:45 ` [PATCH 14/20] KVM: x86 emulator: Check IOPL level during io instruction emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 15/20] KVM: x86 emulator: Fix popf emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 16/20] KVM: x86 emulator: Check CPL level during privilege instruction emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 17/20] KVM: x86 emulator: Add LOCK prefix validity checking Avi Kivity
2010-02-17 13:45 ` [PATCH 18/20] KVM: Plan obsolescence of kernel allocated slots, paravirt mmu Avi Kivity
2010-02-17 13:45 ` [PATCH 19/20] KVM: x86 emulator: code style cleanup Avi Kivity
2010-02-17 13:45 ` [PATCH 20/20] KVM: x86 emulator: disallow opcode 82 in 64-bit mode Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B966E07.20900@canonical.com \
--to=stefan.bader@canonical.com \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.