Re: KVM crash on Jetson TK1

kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Marc Zyngier <marc.zyngier@arm.com>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: kvm <kvm@vger.kernel.org>, kvmarm <kvmarm@lists.cs.columbia.edu>,
	Christoffer Dall <christoffer.dall@linaro.org>
Subject: Re: KVM crash on Jetson TK1
Date: Sat, 7 Feb 2015 20:26:48 +0000	[thread overview]
Message-ID: <20150207202648.53857923@arm.com> (raw)
In-Reply-To: <54D670EA.2090504@web.de>

On Sat, 7 Feb 2015 20:09:14 +0000
Jan Kiszka <jan.kiszka@web.de> wrote:

Hi Jan,

> Hi,
> 
> using Ian Campbell's PSCI patches for U-Boot (ported to master, see
> [1]), I managed to enable KVM on the Jetson TK1 board. Unfortunately,
> I'm getting a crash on the host when starting QEMU:
> 
> [   59.164674] kernel BUG at ../arch/arm/include/asm/kvm_mmu.h:189!
> [   59.173139] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
> [   59.181442] Modules linked in:
> [   59.186960] CPU: 0 PID: 820 Comm: qemu-system-arm Not tainted
> 3.19.0-rc7-00050-gdf75905-dirty #6 [   59.198353] Hardware name:
> NVIDIA Tegra SoC (Flattened Device Tree) [   59.207249] task:
> ed33b340 ti: ed15e000 task.ti: ed15e000 [   59.215288] PC is at
> kvm_handle_guest_abort+0x2c0/0x320 [   59.223161] LR is at
> kvm_handle_guest_abort+0x2c0/0x320 [   59.230996] pc :
> [<c00175c4>]    lr : [<c00175c4>]    psr: 600f0013 [   59.230996]
> sp : ed15fe70  ip : 00000000  fp : 00000000 [   59.247782] r10:
> 00000000  r9 : 00000000  r8 : 000aafa6 [   59.255678] r7 : ed117000
> r6 : 0000016f  r5 : 00080000  r4 : ed2e5630 [   59.264912] r3 :
> 00000010  r2 : 0008027c  r1 : eed564c0  r0 : 00000000 [   59.274146]
> Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
> [   59.284044] Control: 30c5387d  Table: ad9d0ac0  DAC: fffffffd
> [   59.292558] Process qemu-system-arm (pid: 820, stack limit =
> 0xed15e238) [   59.302114] Stack: (0xed15fe70 to 0xed160000)
> [   59.309340] fe60:                                     00000000
> ed15fe87 00000000 73800000 [   59.320462] fe80: 0000000f 01010000
> 00000504 ed2e5630 c0917450 00000007 00010000 00000001 [   59.331630]
> fea0: edac4000 c0960164 c0917450 c0014710 00000000 00010000 ed91a580
> 7ffbfeff [   59.342833] fec0: fffffffe fffffffb 00000001 00000000
> 0000ae80 ed2e5630 ed114040 00000000 [   59.354049] fee0: 00000000
> ed114040 ed2e5630 00000000 ed15e000 00000000 737fed4c c001063c
> [   59.365272] ff00: 737fea4c c0042688 00000240 00000000 00000000
> 00000000 0000000a 00000000 [   59.376493] ff20: edc0de78 00000000
> ed114040 0000000b 00000000 c0109678 00000001 b749ba00 [   59.387737]
> ff40: 000000f0 00000000 00000001 00000081 b7032dc0 c009627c 00000002
> 00000000 [   59.399006] ff60: ffffffff 00000000 00000000 737feb4c
> ed114040 ed114041 0000000b ed114040 [   59.410271] ff80: 0000ae80
> 00000000 ed15e000 c01098a0 b6a62eb0 00004254 b749ba00 00000036
> [   59.421558] ffa0: c001e2e4 c001e160 b6a62eb0 00004254 0000000b
> 0000ae80 00000000 cc628500 [   59.432884] ffc0: b6a62eb0 00004254
> b749ba00 00000036 b76baba8 bebc9da8 00000000 737fed4c [   59.444244]
> ffe0: b6fc33f8 737feb74 b6b3afcc b57f3abc 600f0010 0000000b 00000000
> 00000000 [   59.455661] [<c00175c4>] (kvm_handle_guest_abort) from
> [<c0014710>] (kvm_arch_vcpu_ioctl_run+0x160/0x400) [   59.468552]
> [<c0014710>] (kvm_arch_vcpu_ioctl_run) from [<c001063c>]
> (kvm_vcpu_ioctl+0x2e4/0x6ec) [   59.480803] [<c001063c>]
> (kvm_vcpu_ioctl) from [<c0109678>] (do_vfs_ioctl+0x40c/0x600)
> [   59.492142] [<c0109678>] (do_vfs_ioctl) from [<c01098a0>]
> (SyS_ioctl+0x34/0x5c) [   59.502909] [<c01098a0>] (SyS_ioctl) from
> [<c001e160>] (ret_fast_syscall+0x0/0x34) [   59.513944] Code:
> 0a000002 e1a00008 e1a01009 ebffe2c7 (e7f001f2) 
> 
> Host kernel is from Linus tree. I can try a different one if there are
> pending fixes somewhere.
> 
> Any ideas? Anything I should look at in particular?

That crash doesn't make much sense. If you look at the BUG_ON you're
hitting, we check that the size to flush is a multiple of PAGE_SIZE.

The only two call sites do pass  either PMD_SIZE or PAGE_SIZE, so it is
hard to imagine how this can trigger.

What compiler are you using? Can you force the compiler not to inline
this function and see if that makes a difference? I'd be very
interested in seeing the assembly code generated for this particular
function.

Thanks,

	M.
-- 
Jazz is not dead. It just smells funny.

next prev parent reply	other threads:[~2015-02-07 20:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-07 20:09 KVM crash on Jetson TK1 Jan Kiszka
2015-02-07 20:26 ` Marc Zyngier [this message]
2015-02-07 20:43   ` Jan Kiszka
2015-02-07 21:21     ` [PATCH] ARM: KVM: Fix size check in __coherent_cache_guest_page Jan Kiszka
2015-02-13  4:57       ` Christoffer Dall
2015-02-13 22:07         ` Paolo Bonzini
2015-02-15 20:22           ` Christoffer Dall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150207202648.53857923@arm.com \
    --to=marc.zyngier@arm.com \
    --cc=christoffer.dall@linaro.org \
    --cc=jan.kiszka@web.de \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.cs.columbia.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).