* [Bug 204401] New: After a VMexit, the guest is re-entring with a wrong vcpu PC address which is causing the guest to crash.
@ 2019-08-01 12:04 bugzilla-daemon
0 siblings, 0 replies; only message in thread
From: bugzilla-daemon @ 2019-08-01 12:04 UTC (permalink / raw)
To: kvm
https://bugzilla.kernel.org/show_bug.cgi?id=204401
Bug ID: 204401
Summary: After a VMexit, the guest is re-entring with a wrong
vcpu PC address which is causing the guest to crash.
Product: Virtualization
Version: unspecified
Kernel Version: 4.19.26
Hardware: ARM
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: kvm
Assignee: virtualization_kvm@kernel-bugs.osdl.org
Reporter: denis_roux_@hotmail.com
Regression: No
Created attachment 284069
--> https://bugzilla.kernel.org/attachment.cgi?id=284069&action=edit
Fix applied to linux
guest crash:
ESF PC : 0x7004b528 ( (0x7004b4a4) + 0x84)
Exception Vec : 1 (Undefined Instruction)
CPSR : 0x20000093
PE Mode : Supervisor
Instruction : A32
FIQ : Not Masked
IRQ : Masked
Async data abort : Not Masked
Endianness : little-endian
GE flag : 0x0
Status flags : nzCvq
SCTLR : 0x20C5183D
MMU : Enabled
Alignment Check : Disabled
Cache : Enabled
CP15 barrier op : Enabled
IT instr : Enabled
SETEND instr : Enabled
Instr cache : Enabled
Vector address : In VBAR
PL0 WFI : Enabled
PL0 WFE : Enabled
Exec at writable : Allowed
Exec at unprivileged write: Allowed
Exec endianness : Little-endian
TEX Remap : Disabled
Access flag : Enabled
Exception exc state: A32
TTBR0 : 0x0000000072C56000
TTBR1 : 0x0000000000000000
TCB PC : 0x7004b528 ( (0x7004b4a4) + 0x84)
TCB LR : 0x703f482c ( (0x703f26b4) + 0x2178)
TCB Registers : r0 = 00000080 r1 = 00000086 r2 = 00000100 r3 =
89DA3500
: r4 = 70C085A0 r5 = 703F473C r6 = 001E83D7 r7 =
00000000
: r8 = 0F13B46A r9 = 00000000 r10= 703B8484 fp =
7260FCC4
: ip = 12200000 sp = 7260FCA0 lr = 703F482C pc =
7004B528
Guest assembly being execute leading to the crash:
0x7004b508 <+0x0064>: bc 00 c3 e1 strh r0, [r3, #12]
/* will cause a MMIO VMexit */
0x7004b50c <+0x0068>: 04 30 94 e5 ldr r3, [r4, #4]
0x7004b510 <+0x006c>: bc 10 c3 e1 strh r1, [r3, #12]
/* will cause a MMIO VMexit */
0x7004b514 <+0x0070>: 04 30 94 e5 ldr r3, [r4, #4]
0x7004b518 <+0x0074>: bc 20 c3 e1 strh r2, [r3, #12]
/* will cause a MMIO VMexit */
0x7004b51c <+0x0078>: f0 ab 9d e8 ldm sp, {r4, r5, r6,
r7, r8, r9, r11, sp, pc} /* function return */
0x7004b520 <+0x007c>: 88 c7 03 70 andvc r12, r3, r8,
lsl #15 /* Compiler generated data */
0x7004b524 <+0x0080>: 90 c8 03 70 mulvc r3, r0, r8
/* Compiler generated data */
0x7004b528 <+0x0084>: 3c 47 3f 70 eorsvc r4, pc, r12,
lsr r7 ; <UNPREDICTABLE> /* Compiler generated data */
Observed scenario on KVM:
VM exit occured at vcpu PC 0x7004b518 (exit reason KVM_EXIT_MMIO)
kvm_arch_vcpu_ioctl_run re-entered
kvm_handle_mmio_return is executed to emulate the instruction at vcpu PC
0x7004b518. This is done successfully and vcpu PC is updated to 0x7004b51c.
run->immediate_exit is checked and found to be set. It returns.
kvm_arch_vcpu_ioctl_run re-entered
kvm_handle_mmio_return is executed to emulate the instruction at vcpu PC
0x7004b518. This is done successfully and vcpu PC is updated to 0x7004b520.
run->immediate_exit is checked but is not set.
VM enter occurs with a corrupted vcpu PC which leads to the crash.
System information:
cpu model: ARMv7 Processor rev 4 (v7l)
Linux: 4.19.26
host kernel arch: arm
guest arch: arm
qemu cmd:qemu-system-arm -nographic -M virt -enable-kvm- cpu host ...
I have attached the patch that I have used to fix this issue.
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-08-01 12:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-01 12:04 [Bug 204401] New: After a VMexit, the guest is re-entring with a wrong vcpu PC address which is causing the guest to crash bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).