problem wit svm_get_msr on kvm-kmod-2.6.31.6

problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Dietmar Maurer]

Hi all,

We are testing kvm-kmod-2.6.31.6, and several people reported problems with AMD cpus:

Nov 14 21:17:59 bigproxmox kernel: Pid: 3616, comm: kvm Not tainted 2.6.24-9-pve #1 ovz005
Nov 14 21:17:59 bigproxmox kernel: RIP: 0010:[<ffffffff88537906>]  [<ffffffff88537906>] :kvm_amd:svm_get_msr+0x146/0x300
...

see http://www.proxmox.com/forum/showthread.php?t=2591

Any ideas? kvm-kmod-2.6.31.5 worked without problems.

- Dietmar

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Avi Kivity]

On 11/16/2009 11:42 AM, Dietmar Maurer wrote:
> Hi all,
>
> We are testing kvm-kmod-2.6.31.6, and several people reported problems with AMD cpus:
>
> Nov 14 21:17:59 bigproxmox kernel: Pid: 3616, comm: kvm Not tainted 2.6.24-9-pve #1 ovz005
> Nov 14 21:17:59 bigproxmox kernel: RIP: 0010:[<ffffffff88537906>]  [<ffffffff88537906>] :kvm_amd:svm_get_msr+0x146/0x300
> ...
>
> see http://www.proxmox.com/forum/showthread.php?t=2591
>
> Any ideas? kvm-kmod-2.6.31.5 worked without problems.
>
>    

Nothing changed between these two versions to warrant this.

Can you post a disassembly of svm_get_msr() around the offending address?

Did you change qemu-kvm as well?

-- 
error compiling committee.c: too many arguments to function

RE: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Dietmar Maurer]

> Nothing changed between these two versions to warrant this.

Oh, sorry - the one which works is kvm-kmod-2.6.30.1

> Can you post a disassembly of svm_get_msr() around the offending
> address?

Please can you tell me how to do that?

> Did you change qemu-kvm as well?

no, same qemu-kvm version (0.11.0)

- Dietmar

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Avi Kivity]

On 11/16/2009 12:46 PM, Dietmar Maurer wrote:
>> Nothing changed between these two versions to warrant this.
>>      
> Oh, sorry - the one which works is kvm-kmod-2.6.30.1
>
>    
>> Can you post a disassembly of svm_get_msr() around the offending
>> address?
>>      
> Please can you tell me how to do that?
>
>    

objdump -Dr  .../kvm-amd.ko

Look at the start address of svm_get_msr (search for the name), add 
0x146 (from ":kvm_amd:svm_get_msr+0x146/0x300"), list ~30 lines above 
and below that.

-- 
error compiling committee.c: too many arguments to function

RE: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Dietmar Maurer]

00000000000037c0 <svm_get_msr>:
    ...

    387e:       66 90                   xchg   %ax,%ax
    3880:       0f 84 8a 00 00 00       je     3910 <svm_get_msr+0x150>
    3886:       66 90                   xchg   %ax,%ax
    3888:       0f 86 c2 01 00 00       jbe    3a50 <svm_get_msr+0x290>
    388e:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    3895:       48 8b 80 08 06 00 00    mov    0x608(%rax),%rax
    389c:       48 89 02                mov    %rax,(%rdx)
    389f:       90                      nop
    38a0:       31 c0                   xor    %eax,%eax
    38a2:       c3                      retq
    38a3:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
    38a8:       81 fe d9 01 00 00       cmp    $0x1d9,%esi
    38ae:       0f 84 7c 00 00 00       je     3930 <svm_get_msr+0x170>
    38b4:       0f 86 46 01 00 00       jbe    3a00 <svm_get_msr+0x240>
    38ba:       81 fe db 01 00 00       cmp    $0x1db,%esi
    38c0:       0f 84 ca 01 00 00       je     3a90 <svm_get_msr+0x2d0>
    38c6:       81 fe dc 01 00 00       cmp    $0x1dc,%esi
    38cc:       0f 1f 40 00             nopl   0x0(%rax)
    38d0:       75 98                   jne    386a <svm_get_msr+0xaa>
    38d2:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    38d9:       48 8b 80 80 06 00 00    mov    0x680(%rax),%rax
    38e0:       48 89 02                mov    %rax,(%rdx)
    38e3:       eb bb                   jmp    38a0 <svm_get_msr+0xe0>
    38e5:       0f 1f 00                nopl   (%rax)
    38e8:       48 83 bf 78 28 00 00    cmpq   $0x0,0x2878(%rdi)
    38ef:       00
    38f0:       0f 85 82 01 00 00       jne    3a78 <svm_get_msr+0x2b8>
    38f6:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    38fd:       48 8b 48 50             mov    0x50(%rax),%rcx
    3901:       0f 31                   rdtsc
    3903:       48 01 c8                add    %rcx,%rax

# this is svm_get_msr+0x146
    3906:       48 89 02                mov    %rax,(%rdx)
    3909:       eb 95                   jmp    38a0 <svm_get_msr+0xe0>
    390b:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
    3910:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    3917:       48 8b 80 00 06 00 00    mov    0x600(%rax),%rax
    391e:       48 89 02                mov    %rax,(%rdx)
    3921:       e9 7a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
    3926:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
    392d:       00 00 00
    3930:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    3937:       48 8b 80 70 06 00 00    mov    0x670(%rax),%rax
    393e:       48 89 02                mov    %rax,(%rdx)
    3941:       e9 5a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
    3946:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
    394d:       00 00 00
    3950:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    3957:       48 8b 80 28 06 00 00    mov    0x628(%rax),%rax
    395e:       48 89 02                mov    %rax,(%rdx)
    3961:       e9 3a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
    3966:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
    396d:       00 00 00
    3970:       48 c7 02 65 00 00 01    movq   $0x1000065,(%rdx)
    3977:       e9 24 ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
    397c:       0f 1f 40 00             nopl   0x0(%rax)
    3980:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
    3987:       48 8b 80 10 06 00 00    mov    0x610(%rax),%rax
    398e:       48 89 02                mov    %rax,(%rdx)
    3991:       e9 0a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
    3996:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
    399d:       00 00 00
    ...


We use the ubunto 2.6.24 kernel (http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=summary)

They have a few more patches applied:

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=history;f=include/asm-x86/msr.h;h=cfe169475b5b50a448326ef3c34f50100ac83faf;hb=HEAD

Maybe those last 2 patches can cause the problem?

> -----Original Message-----
> From: Avi Kivity [mailto:avi@redhat.com]
> Sent: Montag, 16. November 2009 11:52
> To: Dietmar Maurer
> Cc: kvm
> Subject: Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6
> 
> On 11/16/2009 12:46 PM, Dietmar Maurer wrote:
> >> Nothing changed between these two versions to warrant this.
> >>
> > Oh, sorry - the one which works is kvm-kmod-2.6.30.1
> >
> >
> >> Can you post a disassembly of svm_get_msr() around the offending
> >> address?
> >>
> > Please can you tell me how to do that?
> >
> >
> 
> objdump -Dr  .../kvm-amd.ko
> 
> Look at the start address of svm_get_msr (search for the name), add
> 0x146 (from ":kvm_amd:svm_get_msr+0x146/0x300"), list ~30 lines above
> and below that.
> 
> --
> error compiling committee.c: too many arguments to function
> 

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Avi Kivity]

On 11/16/2009 01:17 PM, Dietmar Maurer wrote:
>      38f0:       0f 85 82 01 00 00       jne    3a78<svm_get_msr+0x2b8>
>      38f6:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>      38fd:       48 8b 48 50             mov    0x50(%rax),%rcx
>      3901:       0f 31                   rdtsc
>      3903:       48 01 c8                add    %rcx,%rax
>
> # this is svm_get_msr+0x146
>      3906:       48 89 02                mov    %rax,(%rdx)
>    


Looks like a miscompile of native_read_tsc(), it needs to use %edx:%eax, 
not assume the result is in %rax.

Jan, looks like the culprit is

   static inline unsigned long long kvm_native_read_tsc(void)
   {
         unsigned long long val;
         asm volatile("rdtsc" : "=A" (val));
         return val;
   }

"=A" only works correctly on i386, need to use "=a" "=d" for portability.

-- 
error compiling committee.c: too many arguments to function

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Jan Kiszka]

Avi Kivity wrote:
> On 11/16/2009 01:17 PM, Dietmar Maurer wrote:
>>      38f0:       0f 85 82 01 00 00       jne    3a78<svm_get_msr+0x2b8>
>>      38f6:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>>      38fd:       48 8b 48 50             mov    0x50(%rax),%rcx
>>      3901:       0f 31                   rdtsc
>>      3903:       48 01 c8                add    %rcx,%rax
>>
>> # this is svm_get_msr+0x146
>>      3906:       48 89 02                mov    %rax,(%rdx)
>>    
> 
> 
> Looks like a miscompile of native_read_tsc(), it needs to use %edx:%eax, 
> not assume the result is in %rax.
> 
> Jan, looks like the culprit is
> 
>    static inline unsigned long long kvm_native_read_tsc(void)
>    {
>          unsigned long long val;
>          asm volatile("rdtsc" : "=A" (val));
>          return val;
>    }
> 
> "=A" only works correctly on i386, need to use "=a" "=d" for portability.
> 

Yes, already commit a fix, currently propagating it through all series.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Avi Kivity]

On 11/16/2009 02:03 PM, Jan Kiszka wrote:
> Yes, already commit a fix, currently propagating it through all series.
>    

Naming the fix will be interesting.  kvm-kmod-2.6.31.6.1?

-- 
error compiling committee.c: too many arguments to function

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Jan Kiszka]

Avi Kivity wrote:
> On 11/16/2009 02:03 PM, Jan Kiszka wrote:
>> Yes, already commit a fix, currently propagating it through all series.
>>    
> 
> Naming the fix will be interesting.  kvm-kmod-2.6.31.6.1?
> 

Yes, good question. I already thought about kvm-kmod-2.6.31.6b or
kvm-kmod-2.6.31.6-2 as well. Nothing convinced be yet, still open for
creative ideas.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Avi Kivity]

On 11/16/2009 02:08 PM, Jan Kiszka wrote:
> Avi Kivity wrote:
>    
>> On 11/16/2009 02:03 PM, Jan Kiszka wrote:
>>      
>>> Yes, already commit a fix, currently propagating it through all series.
>>>
>>>        
>> Naming the fix will be interesting.  kvm-kmod-2.6.31.6.1?
>>
>>      
> Yes, good question. I already thought about kvm-kmod-2.6.31.6b or
> kvm-kmod-2.6.31.6-2 as well. Nothing convinced be yet, still open for
> creative ideas.
>
>    

-2 may confuse rpm if someone packages it.  b or .1 ought to work.

-- 
error compiling committee.c: too many arguments to function

RE: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Dietmar Maurer]

Hi Jan,

The ubuntu code puts some barrier around the read.

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=commitdiff;h=198b348d96c9769153e72ca2461f8d841ddff1cc

You simply override this with your own code - without barrier. Do you think this is correct?

- Dietmar

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Jan Kiszka]

Dietmar Maurer wrote:
> Hi Jan,
> 
> The ubuntu code puts some barrier around the read.
> 
> http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=commitdiff;h=198b348d96c9769153e72ca2461f8d841ddff1cc
> 
> You simply override this with your own code - without barrier. Do you think this is correct?

Unless I messed it up again, I "overwrote" it with what is in latest
mainline regarding native_read_tsc. But I will check once more.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Jan Kiszka]

Jan Kiszka wrote:
> Dietmar Maurer wrote:
>> Hi Jan,
>>
>> The ubuntu code puts some barrier around the read.
>>
>> http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=commitdiff;h=198b348d96c9769153e72ca2461f8d841ddff1cc
>>
>> You simply override this with your own code - without barrier. Do you think this is correct?
> 
> Unless I messed it up again, I "overwrote" it with what is in latest
> mainline regarding native_read_tsc. But I will check once more.

The removal of those barriers came with
0d12cdd5f883f508d33b85c1bae98fa28987c8c7 (sched: improve sched_clock()
performance). So this is now an upstream question:

Do we bother about the precision of native_read_tsc in svm or not?

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Avi Kivity]

On 11/17/2009 11:59 AM, Jan Kiszka wrote:
> Jan Kiszka wrote:
>    
>> Dietmar Maurer wrote:
>>      
>>> Hi Jan,
>>>
>>> The ubuntu code puts some barrier around the read.
>>>
>>> http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=commitdiff;h=198b348d96c9769153e72ca2461f8d841ddff1cc
>>>
>>> You simply override this with your own code - without barrier. Do you think this is correct?
>>>        
>> Unless I messed it up again, I "overwrote" it with what is in latest
>> mainline regarding native_read_tsc. But I will check once more.
>>      
> The removal of those barriers came with
> 0d12cdd5f883f508d33b85c1bae98fa28987c8c7 (sched: improve sched_clock()
> performance). So this is now an upstream question:
>
> Do we bother about the precision of native_read_tsc in svm or not?
>
>    

I doubt it matters.  rdtsc will be followed by a return to the guest or 
userspace, either of which is expensive enough to swamp any speculation.

-- 
error compiling committee.c: too many arguments to function

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Jan Kiszka]

Avi Kivity wrote:
> On 11/17/2009 11:59 AM, Jan Kiszka wrote:
>> Jan Kiszka wrote:
>>    
>>> Dietmar Maurer wrote:
>>>      
>>>> Hi Jan,
>>>>
>>>> The ubuntu code puts some barrier around the read.
>>>>
>>>> http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=commitdiff;h=198b348d96c9769153e72ca2461f8d841ddff1cc
>>>>
>>>> You simply override this with your own code - without barrier. Do you think this is correct?
>>>>        
>>> Unless I messed it up again, I "overwrote" it with what is in latest
>>> mainline regarding native_read_tsc. But I will check once more.
>>>      
>> The removal of those barriers came with
>> 0d12cdd5f883f508d33b85c1bae98fa28987c8c7 (sched: improve sched_clock()
>> performance). So this is now an upstream question:
>>
>> Do we bother about the precision of native_read_tsc in svm or not?
>>
>>    
> 
> I doubt it matters.  rdtsc will be followed by a return to the guest or 
> userspace, either of which is expensive enough to swamp any speculation.
> 

Right. So the kvm-kmod replacement is also fine.

Dietmar, if you could confirm that your issue is fixed, I would roll out
a kvm-kmod-2.6.31.6b, likely the last version of this series. The .32
series will be updated on 2.6.32-final or the next KVM-affecting -rc
release.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

RE: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Dietmar Maurer]

> Right. So the kvm-kmod replacement is also fine.
> 
> Dietmar, if you could confirm that your issue is fixed, 

Yes, it is fixed.

RE: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Dietmar Maurer]

> > The ubuntu code puts some barrier around the read.
> >
> > http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-
> hardy.git;a=commitdiff;h=198b348d96c9769153e72ca2461f8d841ddff1cc
> >
> > You simply override this with your own code - without barrier. Do you
> think this is correct?
> 
> Unless I messed it up again, I "overwrote" it with what is in latest
> mainline regarding native_read_tsc. But I will check once more.

Sure, but obviously ubuntu use something different - you can't simply overwrite ubuntu specific code? But I don't really know why they need that code.

- Dietmar

Re: problem wit svm_get_msr on kvm-kmod-2.6.31.6

[Jan Kiszka]

Dietmar Maurer wrote:
> 00000000000037c0 <svm_get_msr>:
>     ...
> 
>     387e:       66 90                   xchg   %ax,%ax
>     3880:       0f 84 8a 00 00 00       je     3910 <svm_get_msr+0x150>
>     3886:       66 90                   xchg   %ax,%ax
>     3888:       0f 86 c2 01 00 00       jbe    3a50 <svm_get_msr+0x290>
>     388e:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     3895:       48 8b 80 08 06 00 00    mov    0x608(%rax),%rax
>     389c:       48 89 02                mov    %rax,(%rdx)
>     389f:       90                      nop
>     38a0:       31 c0                   xor    %eax,%eax
>     38a2:       c3                      retq
>     38a3:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
>     38a8:       81 fe d9 01 00 00       cmp    $0x1d9,%esi
>     38ae:       0f 84 7c 00 00 00       je     3930 <svm_get_msr+0x170>
>     38b4:       0f 86 46 01 00 00       jbe    3a00 <svm_get_msr+0x240>
>     38ba:       81 fe db 01 00 00       cmp    $0x1db,%esi
>     38c0:       0f 84 ca 01 00 00       je     3a90 <svm_get_msr+0x2d0>
>     38c6:       81 fe dc 01 00 00       cmp    $0x1dc,%esi
>     38cc:       0f 1f 40 00             nopl   0x0(%rax)
>     38d0:       75 98                   jne    386a <svm_get_msr+0xaa>
>     38d2:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     38d9:       48 8b 80 80 06 00 00    mov    0x680(%rax),%rax
>     38e0:       48 89 02                mov    %rax,(%rdx)
>     38e3:       eb bb                   jmp    38a0 <svm_get_msr+0xe0>
>     38e5:       0f 1f 00                nopl   (%rax)
>     38e8:       48 83 bf 78 28 00 00    cmpq   $0x0,0x2878(%rdi)
>     38ef:       00
>     38f0:       0f 85 82 01 00 00       jne    3a78 <svm_get_msr+0x2b8>
>     38f6:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     38fd:       48 8b 48 50             mov    0x50(%rax),%rcx
>     3901:       0f 31                   rdtsc
>     3903:       48 01 c8                add    %rcx,%rax
> 
> # this is svm_get_msr+0x146
>     3906:       48 89 02                mov    %rax,(%rdx)
>     3909:       eb 95                   jmp    38a0 <svm_get_msr+0xe0>
>     390b:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
>     3910:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     3917:       48 8b 80 00 06 00 00    mov    0x600(%rax),%rax
>     391e:       48 89 02                mov    %rax,(%rdx)
>     3921:       e9 7a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
>     3926:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
>     392d:       00 00 00
>     3930:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     3937:       48 8b 80 70 06 00 00    mov    0x670(%rax),%rax
>     393e:       48 89 02                mov    %rax,(%rdx)
>     3941:       e9 5a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
>     3946:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
>     394d:       00 00 00
>     3950:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     3957:       48 8b 80 28 06 00 00    mov    0x628(%rax),%rax
>     395e:       48 89 02                mov    %rax,(%rdx)
>     3961:       e9 3a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
>     3966:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
>     396d:       00 00 00
>     3970:       48 c7 02 65 00 00 01    movq   $0x1000065,(%rdx)
>     3977:       e9 24 ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
>     397c:       0f 1f 40 00             nopl   0x0(%rax)
>     3980:       48 8b 87 e0 27 00 00    mov    0x27e0(%rdi),%rax
>     3987:       48 8b 80 10 06 00 00    mov    0x610(%rax),%rax
>     398e:       48 89 02                mov    %rax,(%rdx)
>     3991:       e9 0a ff ff ff          jmpq   38a0 <svm_get_msr+0xe0>
>     3996:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
>     399d:       00 00 00
>     ...
> 
> 
> We use the ubunto 2.6.24 kernel (http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=summary)
> 
> They have a few more patches applied:
> 
> http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=history;f=include/asm-x86/msr.h;h=cfe169475b5b50a448326ef3c34f50100ac83faf;hb=HEAD
> 
> Maybe those last 2 patches can cause the problem?

Nope, it was most probably a kvm-kmod bug. Patch below should fix it.

Jan

----->

Fix native_read_tsc wrapping for x86-64

Use register constraint macros so that the return values of rdtsc are
properly picked up and no local variable is overwritten.

This is supposed to fix an oops on x86-64 with a 2.6.24 host kernel.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 x86/external-module-compat.h |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/x86/external-module-compat.h b/x86/external-module-compat.h
index b0b9f21..b0de024 100644
--- a/x86/external-module-compat.h
+++ b/x86/external-module-compat.h
@@ -94,9 +94,10 @@ static inline unsigned long long native_read_msr_safe(unsigned int msr,
 
 static inline unsigned long long kvm_native_read_tsc(void)
 {
-	unsigned long long val;
-	asm volatile("rdtsc" : "=A" (val));
-	return val;
+	DECLARE_ARGS(val, low, high);
+
+	asm volatile("rdtsc" : EAX_EDX_RET(val, low, high));
+	return EAX_EDX_VAL(val, low, high);
 }
 
 #else /* >= 2.6.25 */
-- 
1.6.0.2