From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pekka Enberg <penberg@iki.fi>
Subject: Re: lkvm: virtio-net-rx general protection error
Date: Mon, 21 Oct 2013 14:18:43 +0200
Message-ID: <52651BA3.8030501@iki.fi>
References: <20131021113528.GA657@ntm.wq.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
To: Milan Kocian <milon@wq.cz>, kvm@vger.kernel.org,
	Asias He <asias@redhat.com>,
	Sasha Levin <sasha.levin@oracle.com>,
	Cyrill Gorcunov <gorcunov@openvz.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:33399 "EHLO
	out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1753209Ab3JUMSr (ORCPT
	<rfc822;kvm@vger.kernel.org>); Mon, 21 Oct 2013 08:18:47 -0400
In-Reply-To: <20131021113528.GA657@ntm.wq.cz>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 10/21/13 1:35 PM, Milan Kocian wrote:
> hi,
>
> sorry for writing it directly to you but I didn't find better recipient.
> Does exist some mailing-list about lkvm?
>
> I found the crash in virtio-net-rx thread (I can reproduce it every time
> by 'aptitude update' in VM):
>
> traps: virtio-net-rx[28933] general protection ip:7f00dda3d107 sp:7f00c58f4de8 error:0 in libc-2.17.so[7f00dd90f000+1a2000]
>
> gdb backtrace:
>
> (gdb) bt
> #0  0x00007fb6a548e107 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #1  0x000000000041259c in memcpy_toiovecend (iov=0x7fb68d346ea0, iov@entry=0x7fb68d345e90,
>      kdata=<optimized out>, kdata@entry=0x7fb68d346e90 "", offset=<optimized out>, len=<optimized out>)
>      at util/iovec.c:70
> #2  0x000000000040c66d in virtio_net_rx_thread (p=0x23688a0) at virtio/net.c:117
> #3  0x00007fb6a5b2ee0e in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
> #4  0x00007fb6a54489ed in clone () from /lib/x86_64-linux-gnu/libc.so.6
>
>
> I tried to add some printf to diagnose it but it isn't clear to me:
>
> virtio_net_rx_thread: before memcpy_toiovecend; copied: 0, len: 18890, iovsize: 4096, realiovsize: 4096
> memcpy_toiovecend: offset: 0, len: 4096
> memcpy_toiovecend: iov_len: 4096, len: 4096
> virtio_net_rx_thread: before memcpy_toiovecend; copied: 4096, len: 18890, iovsize: 4096, realiovsize: 4096
> memcpy_toiovecend: offset: 4096, len: 4096
> memcpy_toiovecend: iov_len: 4096, len: 4096
> memcpy_toiovecend: iov_len: 0, len: 4096
> memcpy_toiovecend: iov_len: 0, len: 4096
> .
> N x memcpy_toiovecend: iov_len: 0, len: 4096
> .
> memcpy_toiovecend: iov_len: 0, len: 4096
> memcpy_toiovecend: iov_len: 0, len: 4096
> memcpy_toiovecend: iov_len: 1519143547641528320, len: 4096
> memcpy_toiovecend: iov_len: 193827583623176, len: 4096
> ./runlkvm.sh: line 2: 16090 Segmentation fault
>
>
> IMHO problem come when received len size is bigger than maximum
> of the dst iovec (realiovsize). Only iovec size is copied and in the next
> run isn't place to copy the rest of len size.
>
> So solution may be increase dst iovec size or send data in dst iovec
> to user (but i don't know how, I am not virtio expert :-)).

I'm CC'ing Asias, Sasha and others.

                 Pekka