Re: KVM Guest mmap.c bug - Andrea Arcangeli

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Andrea Arcangeli <aarcange@redhat.com>
To: Avi Kivity <avi@redhat.com>
Cc: BRUNO CESAR RIBAS <ribas@c3sl.ufpr.br>, kvm@vger.kernel.org
Subject: Re: KVM Guest mmap.c bug
Date: Mon, 8 Mar 2010 15:49:01 +0100	[thread overview]
Message-ID: <20100308144900.GM18837@random.random> (raw)
In-Reply-To: <4B94FC63.4060108@redhat.com>

On Mon, Mar 08, 2010 at 03:32:19PM +0200, Avi Kivity wrote:
> It looks unrelated to kvm, though of course random memory corruption 
> cannot be ruled out.
> 
> Is npt enabled on the host (cat /sys/module/kvm_amd/parameters/npt)?
> 
> Andrea, any idea?

Basically find_vma(vma->vm_mm, vma->vm_start) doesn't return "vma"
despite "vma" is the one with the smaller vm_end where the comparison
"vma->vm_start < vma->vm_end" is true (the next vma is null and the
prev will have vma->vm_start == prev->vm_end, not <).

The bug check looks right, it doesn't seem false positive and this
bugcheck indicates that the vma rbtree is memory-corrupted somehow.

so yes fiddling with npt on and off sounds a good start, if it's a bug
in shadow paging it's unlikely the exact same bug materializes with
both npt and without. If the crash happens with npt on and off, then
maybe it's not hypervisor related. Could also be bad RAM if it only
happens on a single host and all other hosts are fine with same binary
guest/host kernels (rbtree walk might stress the memory bus more than
other operations). Said that vm_next being null (and if it's null,
likely vm_next pointer has no ram bitflip) is a bit weird and not
common scenario and this page fault seems triggered with procfs
copy_user call which is non standard, so maybe this is a guest bug. It
would be interesting to know what is the vm_start address, at the end
there are stack, vdso and vsyscall areas.

next prev parent reply	other threads:[~2010-03-08 14:49 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-03-02 20:25 KVM Guest mmap.c bug BRUNO CESAR RIBAS
2010-03-08 13:32 ` Avi Kivity
2010-03-08 14:49   ` Andrea Arcangeli [this message]
2010-03-09 18:46     ` Bruno Cesar Ribas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100308144900.GM18837@random.random \
    --to=aarcange@redhat.com \
    --cc=avi@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=ribas@c3sl.ufpr.br \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox