From: Stefan Bader <stefan.bader@canonical.com>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 13/20] KVM: x86 emulator: fix memory access during x86 emulation
Date: Tue, 09 Mar 2010 16:49:27 +0100 [thread overview]
Message-ID: <4B966E07.20900@canonical.com> (raw)
In-Reply-To: <4B956283.10706@canonical.com>
Stefan Bader wrote:
> Avi Kivity wrote:
>> On 03/08/2010 04:10 PM, Stefan Bader wrote:
>>> Avi Kivity wrote:
>>>
>>>> On 03/06/2010 03:53 PM, Stefan Bader wrote:
>>>>
>>>>> i Avi,
>>>>>
>>>>> we currently try to integrate this patch for an update into a 2.6.32
>>>>> based
>>>>> system (amongst other kvm updates). But as soon as this patch gets
>>>>> added kvm
>>>>> will die on startup in kvm_leave_lazy_mmu. This has been documented
>>>>> here:
>>>>>
>>>>> https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/531823
>>>>>
>>>>> I have placed the backports of your patches, which are currently in
>>>>> linux-next
>>>>> and marked for stable here:
>>>>>
>>>>> git://kernel.ubuntu.com/smb/linux-2.6.32.y kvm
>>>>>
>>>>> I have tested the failure with a version that got only the following
>>>>> patches in:
>>>>> KVM: x86 emulator: Add Virtual-8086 mode of emulation
>>>>> KVM: x86 emulator: fix memory access during x86 emulation
>>>>> KVM: x86 emulator: Check IOPL level during io instruction emulation
>>>>> KVM: x86 emulator: Fix popf emulation
>>>>> KVM: x86 emulator: Check CPL level during privilege instruction
>>>>> emulation
>>>>>
>>>>> and also with a version that takes all stable patches up to the bad
>>>>> one:
>>>>> KVM: VMX: Trap and invalid MWAIT/MONITOR instruction
>>>>> KVM: x86 emulator: Add group8 instruction decoding
>>>>> KVM: x86 emulator: Add group9 instruction decoding
>>>>> KVM: x86 emulator: Add Virtual-8086 mode of emulation
>>>>> KVM: x86 emulator: fix memory access during x86 emulation
>>>>>
>>>>> But as soon as the fix for memory access gets added, the bug will
>>>>> occur. Would
>>>>> you have an idea what might be causing this?
>>>>>
>>>>>
>>>> Does the same guest, using the same qemu-kvm, work on kvm.git or
>>>> upstream?
>>>>
>>>>
>>> The test was done with a kvm user-space package based on 0.12.3 (which
>>> seems to
>>> be the current upstream version). I try to do a test on the git version.
>>>
>> I meant keep the same userspace without change, and try it on a Linus
>> kernel or kvm.git master
>> (http://git.kernel.org/?p=virt/kvm/kvm.git;a=summary).
>>
> HEAD of kvm.git tree works (with same client and userspace)
> Stable 2.6.32.y tree plus all patches marked cc: stable fails.
I did some more experiments:
- Reverting the kvm git tree back to "KVM: x86 emulator: fix memory
access during x86 emulation" will also produce a working kernel.
- I tried to add changes to arch/x86/kvm between the last change to
2.6.32.y and the memory access fix but still get the failure. (some
are left out as they depend on larger/earlier changes)
54532a54d07cafb22076ef24346bd8b9f3b31008 KVM: Introduce kvm_host_page_size
79619a0b8ae87a1049cf6c2936205e2d2bb26ce8 KVM: Activate fpu on clts
d7008a4bec7ca24144eff555254ed1ec26fe330b KVM: fix load_guest_segment_descriptor(
8d067487fab8f00d9eb46beb1b54c0080824cd01 KVM: fix kvm_fix_hypercall() to return
a7c469e9abb33e63e098d4ea72d0291fd74bbc9b KVM: VMX: Wire up .fpu_activate() callb
bd148f5b1cf8e787264b7d8a09a9cc2a328eb987 KVM: VMX: Remove redundant test in vmx_
457132cfe7942ea9c0be8a37e9c822263eb67286 KVM: VMX: emulate accessed bit for EPT
9fe8302b20efa50423fd84efcc4a39b516980c90 KVM: Remove redundant reading of rax on
71c586b8a531000dad1b3a655dbcda1496a9bb8f KVM: Fix cr4 possible guest owned bits
d568ed45eac26170acfbd0f3eb71e53a9909b52b KVM: MMU: Add tracepoint for guest page
d041987339e09f0cf3e0d2ad76ba2190dd82f047 KVM: VMX: Rename VMX_EPT_IGMT_BIT to VM
482b8e268261f8e21f2bec74c7297ab91bba6d17 KVM: PIT: unregister kvm irq notifier i
But all is just stabbing in the dark at the moment. Is there a way I can get
more debug information?
> (32bit host/guest)
> Host dmesg:
> kvm: emulating exchange as write
>
> Guest dmesg:
> ...
> [ 3.053503] Freeing initrd memory: 8843k freed
> [ 3.059863] Freeing unused kernel memory: 660k freed
> [ 3.076657] Write protecting the kernel text: 4780k
> [ 3.082863] Write protecting the kernel read-only data: 1912k
> [ 3.086666] BUG: unable to handle kernel paging request at c01292e3
> [ 3.088025] IP: [<c01292e3>] kvm_leave_lazy_mmu+0x43/0x70
> [ 3.088025] *pde = 00910067 *pte = 00129161
> [ 3.088025] Oops: 0003 [#1] SMP
> [ 3.088025] last sysfs file:
> [ 3.088025] Modules linked in:
> [ 3.088025]
> [ 3.088025] Pid: 1, comm: init Not tainted (2.6.32-15-generic #22-Ubuntu) Bochs
> [ 3.088025] EIP: 0060:[<c01292e3>] EFLAGS: 00010246 CPU: 0
> [ 3.088025] EIP is at kvm_leave_lazy_mmu+0x43/0x70
> [ 3.088025] EAX: 00000002 EBX: 00000018 ECX: 01802c20 EDX: 00000000
> [ 3.088025] ESI: c1802c20 EDI: c1802c20 EBP: df071cb4 ESP: df071ca8
> [ 3.088025] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [ 3.088025] Process init (pid: 1, ti=df070000 task=df068000 task.ti=df070000)
> [ 3.088025] Stack:
> [ 3.088025] c0000000 dce2b000 dce2a844 df071cf0 c01e8b6d 00000000 00000001
> bffff000
> [ 3.088025] <0> 00000000 db7ed000 c139d54c c139d54c df133000 db7ed000
> 1ffef067 bffff000
> [ 3.088025] <0> bfe10000 db44bbfc df071d2c c01e8ce0 c0000000 df133000
> db44bbfc bfe10000
> [ 3.088025] Call Trace:
> [ 3.088025] [<c01e8b6d>] ? move_ptes+0x1ad/0x270
> [ 3.088025] [<c01e8ce0>] ? move_page_tables+0xb0/0x130
> [ 3.088025] [<c020b614>] ? shift_arg_pages+0x94/0x180
> [ 3.088025] [<c020b885>] ? setup_arg_pages+0x185/0x1b0
> [ 3.088025] [<c0241243>] ? load_elf_binary+0x3c3/0xac0
> [ 3.088025] [<c02f1654>] ? security_file_permission+0x14/0x20
> [ 3.088025] [<c02052f4>] ? rw_verify_area+0x64/0xe0
> [ 3.088025] [<c0240e80>] ? load_elf_binary+0x0/0xac0
> [ 3.088025] [<c020bd9f>] ? search_binary_handler+0xef/0x2f0
> [ 3.088025] [<c020b465>] ? kernel_read+0x35/0x50
> [ 3.088025] [<c023f7b2>] ? load_script+0x1e2/0x270
> [ 3.088025] [<c01e4160>] ? get_user_pages+0x50/0x60
> [ 3.088025] [<c020a662>] ? get_arg_page+0x52/0xb0
> [ 3.088025] [<c023f5d0>] ? load_script+0x0/0x270
> [ 3.088025] [<c020bd9f>] ? search_binary_handler+0xef/0x2f0
> [ 3.088025] [<c020a834>] ? copy_strings+0x174/0x190
> [ 3.088025] [<c020c2c7>] ? do_execve+0x1f7/0x2c0
> [ 3.088025] [<c034ed6a>] ? strncpy_from_user+0x3a/0x70
> [ 3.088025] [<c0101a1d>] ? sys_execve+0x2d/0x60
> [ 3.088025] [<c01033ec>] ? syscall_call+0x7/0xb
> [ 3.088025] [<c01070a4>] ? kernel_execve+0x24/0x30
> [ 3.088025] [<c01012ac>] ? run_init_process+0x1c/0x20
> [ 3.088025] [<c0101396>] ? init_post+0xe6/0x100
> [ 3.088025] [<c07d83d0>] ? kernel_init+0xb8/0xbf
> [ 3.088025] [<c07d8318>] ? kernel_init+0x0/0xbf
> [ 3.088025] [<c0104087>] ? kernel_thread_helper+0x7/0x10
> [ 3.088025] Code: 6c 87 c0 64 a1 40 6a 87 c0 03 3c 85 80 4a 7d c0 8b 9f 00 04
> 00 00 85 db 74 24 89 fe 31 d2 66 90 8d 8e 00 00 00 40 b8 02 00 00 00 <0f> 01 c1
> 01 c6 29 c3 75 ec c7 87 00 04 00 00 00 00 00 00 e8 e5
> [ 3.088025] EIP: [<c01292e3>] kvm_leave_lazy_mmu+0x43/0x70 SS:ESP 0068:df071ca8
> [ 3.088025] CR2: 00000000c01292e3
> [ 3.088025] ---[ end trace 85e247d11bf9c7e0 ]---
> [ 3.088025] note: init[1] exited with preempt_count 2
> [ 3.141968] BUG: scheduling while atomic: init/1/0x00000002
> [ 3.143101] Modules linked in:
> [ 3.143723] Pid: 1, comm: init Tainted: G D 2.6.32-15-generic #22-Ubuntu
> [ 3.145183] Call Trace:
> [ 3.145674] [<c013d562>] __schedule_bug+0x62/0x70
> [ 3.146646] [<c05a37d4>] schedule+0x614/0x840
> [ 3.147497] [<c05a9bcc>] ? smp_apic_timer_interrupt+0x5c/0x8b
> [ 3.148636] [<c0103df1>] ? apic_timer_interrupt+0x31/0x40
> [ 3.149690] [<c05a53b5>] rwsem_down_failed_common+0x75/0x1a0
> [ 3.150977] [<c05a552d>] rwsem_down_read_failed+0x1d/0x30
> [ 3.152040] [<c05a5587>] call_rwsem_down_read_failed+0x7/0x10
> [ 3.153149] [<c05a4aec>] ? down_read+0x1c/0x20
> [ 3.154017] [<c01878ef>] acct_collect+0x3f/0x170
> [ 3.154976] [<c014ec12>] do_exit+0x262/0x310
> [ 3.155808] [<c05a6595>] oops_end+0x95/0xd0
> [ 3.156642] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.157660] [<c012b2cc>] no_context+0xbc/0xe0
> [ 3.158545] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.159553] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.160627] [<c012b32c>] __bad_area_nosemaphore+0x3c/0x160
> [ 3.161838] [<c01c89ba>] ? T.903+0x3da/0x480
> [ 3.162741] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.163772] [<c012b467>] bad_area_nosemaphore+0x17/0x20
> [ 3.164809] [<c05a7d56>] do_page_fault+0x2f6/0x380
> [ 3.165744] [<c05a7a60>] ? do_page_fault+0x0/0x380
> [ 3.166737] [<c05a5a63>] error_code+0x73/0x80
> [ 3.167595] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
> [ 3.168629] [<c01e8b6d>] move_ptes+0x1ad/0x270
> [ 3.169495] [<c01e8ce0>] move_page_tables+0xb0/0x130
> [ 3.170525] [<c020b614>] shift_arg_pages+0x94/0x180
> [ 3.171476] [<c020b885>] setup_arg_pages+0x185/0x1b0
> [ 3.172461] [<c0241243>] load_elf_binary+0x3c3/0xac0
> [ 3.173429] [<c02f1654>] ? security_file_permission+0x14/0x20
> [ 3.174609] [<c02052f4>] ? rw_verify_area+0x64/0xe0
> [ 3.175555] [<c0240e80>] ? load_elf_binary+0x0/0xac0
> [ 3.176533] [<c020bd9f>] search_binary_handler+0xef/0x2f0
> [ 3.177588] [<c020b465>] ? kernel_read+0x35/0x50
> [ 3.178551] [<c023f7b2>] load_script+0x1e2/0x270
> [ 3.179465] [<c01e4160>] ? get_user_pages+0x50/0x60
> [ 3.180430] [<c020a662>] ? get_arg_page+0x52/0xb0
> [ 3.181346] [<c023f5d0>] ? load_script+0x0/0x270
> [ 3.182244] [<c020bd9f>] search_binary_handler+0xef/0x2f0
> [ 3.183371] [<c020a834>] ? copy_strings+0x174/0x190
> [ 3.184341] [<c020c2c7>] do_execve+0x1f7/0x2c0
> [ 3.185210] [<c034ed6a>] ? strncpy_from_user+0x3a/0x70
> [ 3.186203] [<c0101a1d>] sys_execve+0x2d/0x60
> [ 3.187101] [<c01033ec>] syscall_call+0x7/0xb
> [ 3.187945] [<c01070a4>] ? kernel_execve+0x24/0x30
> [ 3.188890] [<c01012ac>] ? run_init_process+0x1c/0x20
> [ 3.189874] [<c0101396>] ? init_post+0xe6/0x100
> [ 3.190828] [<c07d83d0>] ? kernel_init+0xb8/0xbf
> [ 3.191873] [<c07d8318>] ? kernel_init+0x0/0xbf
> [ 3.192777] [<c0104087>] ? kernel_thread_helper+0x7/0x10
> [ 3.524180] Clocksource tsc unstable (delta = -140394173 ns)
>
next prev parent reply other threads:[~2010-03-09 15:49 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-17 13:45 [PATCH 00/20] KVM updates for the 2.6.34 merge window (batch 4/4) Avi Kivity
2010-02-17 13:45 ` [PATCH 01/20] KVM: Fix Codestyle in virt/kvm/coalesced_mmio.c Avi Kivity
2010-02-17 13:45 ` [PATCH 02/20] KVM: MMU: Add tracepoint for guest page aging Avi Kivity
2010-02-17 13:45 ` [PATCH 03/20] KVM: VMX: Rename VMX_EPT_IGMT_BIT to VMX_EPT_IPAT_BIT Avi Kivity
2010-02-17 13:45 ` [PATCH 04/20] KVM: PIT: unregister kvm irq notifier if fail to create pit Avi Kivity
2010-02-17 13:45 ` [PATCH 05/20] KVM: kvm->arch.vioapic should be NULL if kvm_ioapic_init() failure Avi Kivity
2010-02-17 13:45 ` [PATCH 06/20] KVM: cleanup the failure path of KVM_CREATE_IRQCHIP ioctrl Avi Kivity
2010-02-17 13:45 ` [PATCH 07/20] KVM: ia64: destroy ioapic device if fail to setup default irq routing Avi Kivity
2010-02-17 13:45 ` [PATCH 08/20] KVM: ppc/booke: Set ESR and DEAR when inject interrupt to guest Avi Kivity
2010-02-17 13:45 ` [PATCH 09/20] KVM: do not store wqh in irqfd Avi Kivity
2010-02-17 13:45 ` [PATCH 10/20] KVM: x86 emulator: Add group8 instruction decoding Avi Kivity
2010-02-17 13:45 ` [PATCH 11/20] KVM: x86 emulator: Add group9 " Avi Kivity
2010-02-17 13:45 ` [PATCH 12/20] KVM: x86 emulator: Add Virtual-8086 mode of emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 13/20] KVM: x86 emulator: fix memory access during x86 emulation Avi Kivity
[not found] ` <4B925E66.5@canonical.com>
2010-03-07 10:07 ` Avi Kivity
2010-03-08 14:10 ` Stefan Bader
2010-03-08 14:12 ` Avi Kivity
2010-03-08 14:17 ` Stefan Bader
2010-03-08 20:48 ` Stefan Bader
2010-03-09 15:49 ` Stefan Bader [this message]
2010-03-11 21:16 ` KVM: x86: ignore access permissions for hypercall patching Marcelo Tosatti
2010-03-11 21:22 ` Stefan Bader
2010-03-12 5:56 ` Gleb Natapov
2010-03-12 6:07 ` Gleb Natapov
2010-02-17 13:45 ` [PATCH 14/20] KVM: x86 emulator: Check IOPL level during io instruction emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 15/20] KVM: x86 emulator: Fix popf emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 16/20] KVM: x86 emulator: Check CPL level during privilege instruction emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 17/20] KVM: x86 emulator: Add LOCK prefix validity checking Avi Kivity
2010-02-17 13:45 ` [PATCH 18/20] KVM: Plan obsolescence of kernel allocated slots, paravirt mmu Avi Kivity
2010-02-17 13:45 ` [PATCH 19/20] KVM: x86 emulator: code style cleanup Avi Kivity
2010-02-17 13:45 ` [PATCH 20/20] KVM: x86 emulator: disallow opcode 82 in 64-bit mode Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B966E07.20900@canonical.com \
--to=stefan.bader@canonical.com \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox