From: Avi Kivity <avi@redhat.com>
To: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
LKML <linux-kernel@vger.kernel.org>, KVM <kvm@vger.kernel.org>
Subject: Re: [PATCH 2/3] KVM: fix release error page
Date: Mon, 10 Sep 2012 11:35:03 +0300 [thread overview]
Message-ID: <504DA637.4060307@redhat.com> (raw)
In-Reply-To: <504990BC.3010703@linux.vnet.ibm.com>
On 09/07/2012 09:14 AM, Xiao Guangrong wrote:
> This bug was triggered:
> [ 4220.198458] BUG: unable to handle kernel paging request at fffffffffffffffe
> [ 4220.203907] IP: [<ffffffff81104d85>] put_page+0xf/0x34
> ......
> [ 4220.237326] Call Trace:
> [ 4220.237361] [<ffffffffa03830d0>] kvm_arch_destroy_vm+0xf9/0x101 [kvm]
> [ 4220.237382] [<ffffffffa036fe53>] kvm_put_kvm+0xcc/0x127 [kvm]
> [ 4220.237401] [<ffffffffa03702bc>] kvm_vcpu_release+0x18/0x1c [kvm]
> [ 4220.237407] [<ffffffff81145425>] __fput+0x111/0x1ed
> [ 4220.237411] [<ffffffff8114550f>] ____fput+0xe/0x10
> [ 4220.237418] [<ffffffff81063511>] task_work_run+0x5d/0x88
> [ 4220.237424] [<ffffffff8104c3f7>] do_exit+0x2bf/0x7ca
>
> The test case:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <pthread.h>
> #include <fcntl.h>
> #include <unistd.h>
>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <sys/ioctl.h>
> #include <sys/mman.h>
>
> #include <linux/kvm.h>
>
> #define die(fmt, args...) do { \
> printf(fmt, ##args); \
> exit(-1);} while (0)
>
> static int create_vm(void)
> {
> int sys_fd, vm_fd;
>
> sys_fd = open("/dev/kvm", O_RDWR);
> if (sys_fd < 0)
> die("open /dev/kvm fail.\n");
>
> vm_fd = ioctl(sys_fd, KVM_CREATE_VM, 0);
> if (vm_fd < 0)
> die("KVM_CREATE_VM fail.\n");
>
> return vm_fd;
> }
>
> static int create_vcpu(int vm_fd)
> {
> int vcpu_fd;
>
> vcpu_fd = ioctl(vm_fd, KVM_CREATE_VCPU, 0);
> if (vcpu_fd < 0)
> die("KVM_CREATE_VCPU ioctl.\n");
> printf("Create vcpu.\n");
> return vcpu_fd;
> }
>
> static void *vcpu_thread(void *arg)
> {
> int vm_fd = (int)(long)arg;
>
> create_vcpu(vm_fd);
> return NULL;
> }
>
> int main(int argc, char *argv[])
> {
> pthread_t thread;
> int vm_fd;
>
> (void)argc;
> (void)argv;
>
> vm_fd = create_vm();
> pthread_create(&thread, NULL, vcpu_thread, (void *)(long)vm_fd);
> printf("Exit.\n");
> return 0;
> }
>
> It caused by release kvm->arch.ept_identity_map_addr which is the
> error page.
>
> The parent thread can send KILL signal to the vcpu thread when it was
> exiting which stops faulting pages and potentially allocating memory.
> So gfn_to_pfn/gfn_to_page may fail at this time
>
> Fixed by checking the page before it is used
>
Thanks, applied to master for 3.6.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2012-09-10 8:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-07 6:13 [PATCH 1/3] KVM: MMU: release noslot pfn on the fail path properly Xiao Guangrong
2012-09-07 6:14 ` [PATCH 2/3] KVM: fix release error page Xiao Guangrong
2012-09-10 8:35 ` Avi Kivity [this message]
2012-09-07 6:15 ` [PATCH 3/3] KVM: MMU: remove unnecessary check Xiao Guangrong
2012-09-10 8:26 ` Avi Kivity
2012-09-10 8:22 ` [PATCH 1/3] KVM: MMU: release noslot pfn on the fail path properly Avi Kivity
2012-09-10 8:37 ` Xiao Guangrong
2012-09-10 9:02 ` Avi Kivity
2012-09-10 9:10 ` Xiao Guangrong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=504DA637.4060307@redhat.com \
--to=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=xiaoguangrong@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox