All of lore.kernel.org
 help / color / mirror / Atom feed
From: bugzilla-daemon@bugzilla.kernel.org
To: kvm@vger.kernel.org
Subject: [Bug 206579] KVM with passthrough generates "BUG: kernel NULL pointer dereference" and crashes
Date: Tue, 03 Mar 2020 05:04:22 +0000	[thread overview]
Message-ID: <bug-206579-28872-0jsFHG7KPr@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-206579-28872@https.bugzilla.kernel.org/>

https://bugzilla.kernel.org/show_bug.cgi?id=206579

--- Comment #45 from muncrief (rmuncrief@humanavance.com) ---
Well, I spent some time today trying to figure out why the
AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK is sometimes set when executing
"avic_vcpu_load". I thought it might be a concurrency issue with
"avic_physical_id_cache" so I put spinlocks around all access code but that
didn't change anything, and tried some other things but I regret to say I
failed.

First of all, I don't even know how "avic_vcpu_load" ends up being executed
without being called by any of the functions in "svm_x86_ops"
(svm_vcpu_blocking, svm_vcpu_unblocking, svm_vcpu_load). I did my best to
figure out how swait worked, but I must really be missing something, and not
understanding the call stack trace correctly.

In any case, the basic issue is that occasionally "avic_vcpu_load" is executed
when the AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK bit is 1, and it always expects
it to be 0. And this always seems to happen after a cpu is placed on the swait
wait queue in the "kvm_vcpu_block" function. It seems like somehow when it
resumes it's executing"avic_vcpu_load", and the
AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK bit is 1 instead of 0.

I'm sure this is just mass misunderstanding on my part. And by the way I'm
going through all of this because it's a good way for me to learn how real time
concurrent kernel code operates. I know it seems like a backwards way to learn,
but that's the only way I can.

However, despite my ignorance, the header in "swait.h" is concerning, and makes
me wonder if there's something wrong with swait itself. It even titles itself
"BROKEN wait-queues." Here's an excerpt from the header:

```
/*
 * BROKEN wait-queues.
 *
 * These "simple" wait-queues are broken garbage, and should never be
 * used. The comments below claim that they are "similar" to regular
 * wait-queues, but the semantics are actually completely different, and
 * every single user we have ever had has been buggy (or pointless).
 * ...
```

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

  parent reply	other threads:[~2020-03-03  5:04 UTC|newest]

Thread overview: 65+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-17 18:17 [Bug 206579] New: KVM with passthrough generates "BUG: kernel NULL pointer dereference" and crashes bugzilla-daemon
2020-02-18  6:45 ` [Bug 206579] " bugzilla-daemon
2020-02-18 18:54 ` bugzilla-daemon
2020-02-18 19:55 ` bugzilla-daemon
2020-02-21 14:56 ` bugzilla-daemon
2020-02-21 19:15 ` bugzilla-daemon
2020-02-21 21:27 ` bugzilla-daemon
2020-02-22  0:21 ` bugzilla-daemon
2020-02-24 13:52 ` bugzilla-daemon
2020-02-24 14:24 ` bugzilla-daemon
2020-02-24 14:44 ` bugzilla-daemon
2020-02-24 16:50 ` bugzilla-daemon
2020-02-24 17:57 ` bugzilla-daemon
2020-02-24 20:36 ` bugzilla-daemon
2020-02-24 20:38 ` bugzilla-daemon
2020-02-24 21:43 ` bugzilla-daemon
2020-02-24 21:47 ` bugzilla-daemon
2020-02-24 22:09 ` bugzilla-daemon
2020-02-24 22:53 ` bugzilla-daemon
2020-02-24 23:08 ` bugzilla-daemon
2020-02-25  7:50 ` bugzilla-daemon
2020-02-25  8:53 ` bugzilla-daemon
2020-02-25 20:34 ` bugzilla-daemon
2020-02-25 20:42 ` bugzilla-daemon
2020-02-26  2:25 ` bugzilla-daemon
2020-02-26 20:34 ` bugzilla-daemon
2020-02-27 14:49 ` bugzilla-daemon
2020-02-27 20:50 ` bugzilla-daemon
2020-02-27 23:00 ` bugzilla-daemon
2020-02-28  0:12 ` bugzilla-daemon
2020-02-28  0:20 ` bugzilla-daemon
2020-02-28  3:38 ` bugzilla-daemon
2020-02-28  3:44 ` bugzilla-daemon
2020-02-28  7:25 ` bugzilla-daemon
2020-02-28  7:26 ` bugzilla-daemon
2020-02-28  7:55 ` bugzilla-daemon
2020-02-28 16:06 ` bugzilla-daemon
2020-02-28 20:14 ` bugzilla-daemon
2020-02-28 21:49 ` bugzilla-daemon
2020-02-29  7:02 ` bugzilla-daemon
2020-02-29 17:40 ` bugzilla-daemon
2020-02-29 19:43 ` bugzilla-daemon
2020-03-01  6:27 ` bugzilla-daemon
2020-03-01 18:21 ` bugzilla-daemon
2020-03-02  7:01 ` bugzilla-daemon
2020-03-03  5:04 ` bugzilla-daemon [this message]
2020-03-22 13:43 ` bugzilla-daemon
2020-03-22 18:58 ` bugzilla-daemon
2020-04-03 13:55 ` bugzilla-daemon
2020-04-04 12:57 ` bugzilla-daemon
2020-04-04 13:02 ` bugzilla-daemon
2020-04-04 19:24 ` bugzilla-daemon
2020-04-05 16:52 ` bugzilla-daemon
2020-04-06  2:50 ` bugzilla-daemon
2020-04-06 10:27 ` bugzilla-daemon
2020-04-10 19:28 ` bugzilla-daemon
2020-04-11  0:20 ` bugzilla-daemon
2020-04-13 16:51 ` bugzilla-daemon
2020-04-13 17:20 ` bugzilla-daemon
2020-04-18 22:28 ` bugzilla-daemon
2020-04-18 23:19 ` bugzilla-daemon
2020-04-22 21:49 ` bugzilla-daemon
2020-04-27 19:11 ` bugzilla-daemon
2020-05-03 19:58 ` bugzilla-daemon
2020-08-24 17:03 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-206579-28872-0jsFHG7KPr@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@bugzilla.kernel.org \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.