[Qemu-devel] virtio: qemu crashes in virtqueue_map

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] virtio: qemu crashes in virtqueue_map_sg()
@ 2015-08-05  8:57 Igor Mammedov
  0 siblings, 0 replies; only message in thread
From: Igor Mammedov @ 2015-08-05  8:57 UTC (permalink / raw)
  To: qemu-devel; +Cc: mst

Since I'm going to disappear for vacation and not sure how to fix it right away,
I'm reporting issue here for those who knows virtio internals.

QEMU aborts during guest reboot with following backtrace:

Breakpoint 1, virtqueue_map_sg (sg=0x555557cbc6c0, addr=0x555557cb86c0, num_sg=0x12, is_write=0x1) at hw/virtio/virtio.c:453
453	            error_report("virtio: error trying to map MMIO memory");
(gdb) bt
#0  virtqueue_map_sg (sg=0x555557cbc6c0, addr=0x555557cb86c0, num_sg=0x12, is_write=0x1) at hw/virtio/virtio.c:453
#1  0x000055555569b3ef in virtqueue_pop (vq=0x555558a3fab0, elem=0x555557cb86b0) at hw/virtio/virtio.c:520
#2  0x0000555555666611 in virtio_blk_get_request (s=0x5555588c7a00) at hw/block/virtio-blk.c:194
#3  0x00005555556676ec in virtio_blk_handle_output (vdev=0x5555588c7a00, vq=0x555558a3fab0) at hw/block/virtio-blk.c:603
#4  0x000055555569c5c8 in virtio_queue_notify_vq (vq=0x555558a3fab0) at hw/virtio/virtio.c:921
#5  0x000055555569e009 in virtio_queue_host_notifier_read (n=0x555558a3faf8) at hw/virtio/virtio.c:1480
#6  0x000055555591b062 in qemu_iohandler_poll (pollfds=0x555556363800, ret=0x1) at iohandler.c:126
#7  0x000055555591ad33 in main_loop_wait (nonblocking=0x0) at main-loop.c:503
#8  0x00005555557466b5 in main_loop () at vl.c:1902
#9  0x000055555574e69b in main (argc=0x4d, argv=0x7fffffffda18, envp=0x7fffffffdc88) at vl.c:4653

could be reproduced with following options:

-enable-kvm  -m 1G,slots=250,maxmem=32G  -drive if=virtio,file=rhel72 -netdev tap,id=foo,ifname=tap0,script=./qemu-ifup -device virtio-net-pci,id=n1,netdev=foo `for i in $(seq 0 15); do echo -n "-object memory-backend-ram,id=m$i,size=10M -device pc-dimm,id=dimm$i,memdev=m$i "; done` -snapshot -monitor unix:/tmp/m,server,nowait

boot and login to guest shell and execute 'reboot' command
on the reboot when guest kernel boots, QEMU will abort in virtio.
Reproducible in about 80% cases. If QEMU doesn't crash on reboot
then try again whit freshly started QEMU.


Reason for crashing is that guest allocates buffer that crosses
boundary between 2 different memory regions and as result
cpu_physical_memory_map() maps GPA to HVA for only head of buffer
that belongs to the first region which makes conditon
 len != sg[i].iov_len
true since declared buffer size (sg[i].iov_len) isn't what
cpu_physical_memory_map() has been able to map (len),
which leads to abort:

virtqueue_map_sg() {
  ...
  sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write);
  if (sg[i].iov_base == NULL || len != sg[i].iov_len) {
       abort()

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-08-05  8:57 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-05  8:57 [Qemu-devel] virtio: qemu crashes in virtqueue_map_sg() Igor Mammedov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).