From: bugzilla-daemon@bugzilla.kernel.org
To: kvm@vger.kernel.org
Subject: [Bug 206579] KVM with passthrough generates "BUG: kernel NULL pointer dereference" and crashes
Date: Tue, 03 Mar 2020 05:04:22 +0000 [thread overview]
Message-ID: <bug-206579-28872-0jsFHG7KPr@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-206579-28872@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=206579
--- Comment #45 from muncrief (rmuncrief@humanavance.com) ---
Well, I spent some time today trying to figure out why the
AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK is sometimes set when executing
"avic_vcpu_load". I thought it might be a concurrency issue with
"avic_physical_id_cache" so I put spinlocks around all access code but that
didn't change anything, and tried some other things but I regret to say I
failed.
First of all, I don't even know how "avic_vcpu_load" ends up being executed
without being called by any of the functions in "svm_x86_ops"
(svm_vcpu_blocking, svm_vcpu_unblocking, svm_vcpu_load). I did my best to
figure out how swait worked, but I must really be missing something, and not
understanding the call stack trace correctly.
In any case, the basic issue is that occasionally "avic_vcpu_load" is executed
when the AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK bit is 1, and it always expects
it to be 0. And this always seems to happen after a cpu is placed on the swait
wait queue in the "kvm_vcpu_block" function. It seems like somehow when it
resumes it's executing"avic_vcpu_load", and the
AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK bit is 1 instead of 0.
I'm sure this is just mass misunderstanding on my part. And by the way I'm
going through all of this because it's a good way for me to learn how real time
concurrent kernel code operates. I know it seems like a backwards way to learn,
but that's the only way I can.
However, despite my ignorance, the header in "swait.h" is concerning, and makes
me wonder if there's something wrong with swait itself. It even titles itself
"BROKEN wait-queues." Here's an excerpt from the header:
```
/*
* BROKEN wait-queues.
*
* These "simple" wait-queues are broken garbage, and should never be
* used. The comments below claim that they are "similar" to regular
* wait-queues, but the semantics are actually completely different, and
* every single user we have ever had has been buggy (or pointless).
* ...
```
--
You are receiving this mail because:
You are watching the assignee of the bug.
next prev parent reply other threads:[~2020-03-03 5:04 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-17 18:17 [Bug 206579] New: KVM with passthrough generates "BUG: kernel NULL pointer dereference" and crashes bugzilla-daemon
2020-02-18 6:45 ` [Bug 206579] " bugzilla-daemon
2020-02-18 18:54 ` bugzilla-daemon
2020-02-18 19:55 ` bugzilla-daemon
2020-02-21 14:56 ` bugzilla-daemon
2020-02-21 19:15 ` bugzilla-daemon
2020-02-21 21:27 ` bugzilla-daemon
2020-02-22 0:21 ` bugzilla-daemon
2020-02-24 13:52 ` bugzilla-daemon
2020-02-24 14:24 ` bugzilla-daemon
2020-02-24 14:44 ` bugzilla-daemon
2020-02-24 16:50 ` bugzilla-daemon
2020-02-24 17:57 ` bugzilla-daemon
2020-02-24 20:36 ` bugzilla-daemon
2020-02-24 20:38 ` bugzilla-daemon
2020-02-24 21:43 ` bugzilla-daemon
2020-02-24 21:47 ` bugzilla-daemon
2020-02-24 22:09 ` bugzilla-daemon
2020-02-24 22:53 ` bugzilla-daemon
2020-02-24 23:08 ` bugzilla-daemon
2020-02-25 7:50 ` bugzilla-daemon
2020-02-25 8:53 ` bugzilla-daemon
2020-02-25 20:34 ` bugzilla-daemon
2020-02-25 20:42 ` bugzilla-daemon
2020-02-26 2:25 ` bugzilla-daemon
2020-02-26 20:34 ` bugzilla-daemon
2020-02-27 14:49 ` bugzilla-daemon
2020-02-27 20:50 ` bugzilla-daemon
2020-02-27 23:00 ` bugzilla-daemon
2020-02-28 0:12 ` bugzilla-daemon
2020-02-28 0:20 ` bugzilla-daemon
2020-02-28 3:38 ` bugzilla-daemon
2020-02-28 3:44 ` bugzilla-daemon
2020-02-28 7:25 ` bugzilla-daemon
2020-02-28 7:26 ` bugzilla-daemon
2020-02-28 7:55 ` bugzilla-daemon
2020-02-28 16:06 ` bugzilla-daemon
2020-02-28 20:14 ` bugzilla-daemon
2020-02-28 21:49 ` bugzilla-daemon
2020-02-29 7:02 ` bugzilla-daemon
2020-02-29 17:40 ` bugzilla-daemon
2020-02-29 19:43 ` bugzilla-daemon
2020-03-01 6:27 ` bugzilla-daemon
2020-03-01 18:21 ` bugzilla-daemon
2020-03-02 7:01 ` bugzilla-daemon
2020-03-03 5:04 ` bugzilla-daemon [this message]
2020-03-22 13:43 ` bugzilla-daemon
2020-03-22 18:58 ` bugzilla-daemon
2020-04-03 13:55 ` bugzilla-daemon
2020-04-04 12:57 ` bugzilla-daemon
2020-04-04 13:02 ` bugzilla-daemon
2020-04-04 19:24 ` bugzilla-daemon
2020-04-05 16:52 ` bugzilla-daemon
2020-04-06 2:50 ` bugzilla-daemon
2020-04-06 10:27 ` bugzilla-daemon
2020-04-10 19:28 ` bugzilla-daemon
2020-04-11 0:20 ` bugzilla-daemon
2020-04-13 16:51 ` bugzilla-daemon
2020-04-13 17:20 ` bugzilla-daemon
2020-04-18 22:28 ` bugzilla-daemon
2020-04-18 23:19 ` bugzilla-daemon
2020-04-22 21:49 ` bugzilla-daemon
2020-04-27 19:11 ` bugzilla-daemon
2020-05-03 19:58 ` bugzilla-daemon
2020-08-24 17:03 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-206579-28872-0jsFHG7KPr@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).