From: Gregory Haskins <ghaskins@novell.com>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
mst@redhat.com, davidel@xmailserver.org
Subject: Re: [KVM PATCH v9 0/5] irqfd fixes and enhancements
Date: Sun, 05 Jul 2009 17:21:17 -0400 [thread overview]
Message-ID: <4A51194D.8000403@novell.com> (raw)
In-Reply-To: <4A50723E.6030305@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3915 bytes --]
Avi Kivity wrote:
> On 07/02/2009 06:50 PM, Avi Kivity wrote:
>> On 07/02/2009 06:37 PM, Gregory Haskins wrote:
>>> (Applies to kvm.git/master:1f9050fd)
>>>
>>> The following is the latest attempt to fix the races in
>>> irqfd/eventfd, as
>>> well as restore DEASSIGN support. For more details, please read the
>>> patch
>>> headers.
>>>
>>> As always, this series has been tested against the kvm-eventfd unit
>>> test
>>> and everything appears to be functioning properly. You can download
>>> this
>>> test here:
>>
>> Applied, thanks.
>>
>
> ... and unapplied. There's a refcounting mismatch in irqfd_cleanup: a
> reference is taken for each irqfd, but dropped for each guest.
Doh!
Note that the kvm->irqfds.init boolean was supposed to make it both
acquire and release the reference on a per-vm basis. Obviously,
something is wrong. :)
But I see later in the thread you guys have already figured out that
only the last patch needs to be reverted. Ill take a look at the last
patch and fix the issue once I am back in the office tomorrow. Sorry
for the trouble.
Kind Regards,
-Greg
> This causes an oops if a guest with no irqfds is created and destroyed:
>
> IP: [<ffffffff8105254a>] flush_workqueue+0x23/0x6e
> PGD 0
> Oops: 0000 [4] SMP
> CPU 1
> Modules linked in: kvm_intel kvm nfs lockd nfs_acl sco bridge stp bnep
> l2cap bluetooth autofs4 sunrpc ipv6 dm_multipath uinput i5000_edac
> e1000e edac_core iTCO_wdt
> iTCO_vendor_support i2c_i801 i2c_core e100 mii floppy pcspkr shpchp
> serio_raw ata_generic pata_acpi [last unloaded: kvm]
> Pid: 2088, comm: qemu Tainted: G D
> 2.6.27.19-170.2.35.fc10.x86_64 #1 TYAN Transport GT20-B5372
> RIP: 0010:[<ffffffff8105254a>] [<ffffffff8105254a>]
> flush_workqueue+0x23/0x6e
> RSP: 0018:ffff8801077d1b08 EFLAGS: 00010292
> RAX: ffffffff8156de08 RBX: ffff8801097e8a50 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: 000000000000019f RDI: 0000000000000000
> RBP: ffff8801077d1b28 R08: 0000000000000000 R09: ffffffff81140027
> R10: ffff88012f402340 R11: ffff880125daf820 R12: ffffffff8156de10
> R13: 0000000000000000 R14: ffff88012f449cd8 R15: ffff88012f002900
> FS: 00007f9b67295950(0000) GS:ffff88012fc04980(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
> CR2: 0000000000000020 CR3: 0000000000201000 CR4: 00000000000026e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process qemu (pid: 2088, threadinfo ffff8801077d0000, task
> ffff88012984c530)
> Stack: ffff8801077d1b28 ffff8801097e8a50 ffff8801097e8000
> ffff8801097e8a68
> ffff8801077d1b58 ffffffffa01c4eec 0000000800000000 ffff8801097e8000
> ffff88012f449cd8 ffff88012c80c600 ffff8801077d1b78 ffffffffa01af34b
> Call Trace:
> [<ffffffffa01c4eec>] kvm_irqfd_release+0x7a/0xcc [kvm]
> [<ffffffffa01af34b>] kvm_vm_release+0x18/0x27 [kvm]
> [<ffffffff810c14c7>] __fput+0xca/0x16d
> [<ffffffff810c157f>] fput+0x15/0x17
> [<ffffffff810bea29>] filp_close+0x67/0x72
> [<ffffffff810433ec>] put_files_struct+0x74/0xc8
> [<ffffffff81043488>] exit_files+0x48/0x51
> [<ffffffff81044de9>] do_exit+0x26a/0x8a0
> [<ffffffffa01da330>] ? vmx_vcpu_put+0x9/0xb [kvm_intel]
> [<ffffffff810454a1>] do_group_exit+0x82/0xaf
> [<ffffffff8104eabb>] get_signal_to_deliver+0x2b0/0x2dc
> [<ffffffff81010379>] ? sysret_signal+0x42/0x71
> [<ffffffff8100f45f>] do_notify_resume+0x90/0x93f
> [<ffffffff81060cca>] ? do_futex+0x90/0x973
> [<ffffffffa01ad956>] ? kvm_vcpu_ioctl+0x470/0x485 [kvm]
> [<ffffffff81333801>] ? trace_hardirqs_on_thunk+0x3a/0x3c
> [<ffffffff810616a2>] ? sys_futex+0xf5/0x113
> [<ffffffff81010379>] ? sysret_signal+0x42/0x71
> [<ffffffff81010737>] ptregscall_common+0x67/0xb0
>
> irqfd_cleanup.wq has never been initialized, but is destroyed.
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 266 bytes --]
next prev parent reply other threads:[~2009-07-05 21:21 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-02 15:37 [KVM PATCH v9 0/5] irqfd fixes and enhancements Gregory Haskins
2009-07-02 15:38 ` [KVM PATCH v9 1/5] kvm: prepare irqfd for having interrupts disabled during eventfd->release Gregory Haskins
2009-07-02 15:38 ` [KVM PATCH v9 2/5] eventfd: use locked POLLHUP Gregory Haskins
2009-07-02 16:43 ` Davide Libenzi
2009-07-02 15:38 ` [KVM PATCH v9 3/5] KVM: Fix races in irqfd using new eventfd_kref_get interface Gregory Haskins
2009-07-02 15:38 ` [KVM PATCH v9 4/5] KVM: add irqfd DEASSIGN feature Gregory Haskins
2009-07-02 15:38 ` [KVM PATCH v9 5/5] KVM: create irqfd-cleanup-wq on demand Gregory Haskins
2009-07-06 15:58 ` Michael S. Tsirkin
2009-07-06 16:03 ` Gregory Haskins
2009-07-06 16:14 ` Michael S. Tsirkin
2009-07-06 16:32 ` Gregory Haskins
2009-07-06 16:50 ` Michael S. Tsirkin
2009-07-06 18:28 ` Gregory Haskins
2009-07-07 5:17 ` Avi Kivity
2009-07-07 11:26 ` Gregory Haskins
2009-07-02 15:50 ` [KVM PATCH v9 0/5] irqfd fixes and enhancements Avi Kivity
2009-07-05 9:28 ` Avi Kivity
2009-07-05 10:16 ` Michael S. Tsirkin
2009-07-05 10:20 ` Michael S. Tsirkin
2009-07-05 10:38 ` Michael S. Tsirkin
2009-07-05 10:42 ` Avi Kivity
2009-07-05 21:21 ` Gregory Haskins [this message]
2009-07-06 14:56 ` Gregory Haskins
2009-07-06 16:13 ` Michael S. Tsirkin
2009-07-06 16:41 ` Gregory Haskins
2009-07-06 16:49 ` Michael S. Tsirkin
2009-07-06 18:48 ` Gregory Haskins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A51194D.8000403@novell.com \
--to=ghaskins@novell.com \
--cc=avi@redhat.com \
--cc=davidel@xmailserver.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.