From: Stefan Bader <stefan.bader@canonical.com>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 13/20] KVM: x86 emulator: fix memory access during x86 emulation
Date: Mon, 08 Mar 2010 21:48:03 +0100 [thread overview]
Message-ID: <4B956283.10706@canonical.com> (raw)
In-Reply-To: <4B9505E6.1040501@redhat.com>
Avi Kivity wrote:
> On 03/08/2010 04:10 PM, Stefan Bader wrote:
>> Avi Kivity wrote:
>>
>>> On 03/06/2010 03:53 PM, Stefan Bader wrote:
>>>
>>>> i Avi,
>>>>
>>>> we currently try to integrate this patch for an update into a 2.6.32
>>>> based
>>>> system (amongst other kvm updates). But as soon as this patch gets
>>>> added kvm
>>>> will die on startup in kvm_leave_lazy_mmu. This has been documented
>>>> here:
>>>>
>>>> https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/531823
>>>>
>>>> I have placed the backports of your patches, which are currently in
>>>> linux-next
>>>> and marked for stable here:
>>>>
>>>> git://kernel.ubuntu.com/smb/linux-2.6.32.y kvm
>>>>
>>>> I have tested the failure with a version that got only the following
>>>> patches in:
>>>> KVM: x86 emulator: Add Virtual-8086 mode of emulation
>>>> KVM: x86 emulator: fix memory access during x86 emulation
>>>> KVM: x86 emulator: Check IOPL level during io instruction emulation
>>>> KVM: x86 emulator: Fix popf emulation
>>>> KVM: x86 emulator: Check CPL level during privilege instruction
>>>> emulation
>>>>
>>>> and also with a version that takes all stable patches up to the bad
>>>> one:
>>>> KVM: VMX: Trap and invalid MWAIT/MONITOR instruction
>>>> KVM: x86 emulator: Add group8 instruction decoding
>>>> KVM: x86 emulator: Add group9 instruction decoding
>>>> KVM: x86 emulator: Add Virtual-8086 mode of emulation
>>>> KVM: x86 emulator: fix memory access during x86 emulation
>>>>
>>>> But as soon as the fix for memory access gets added, the bug will
>>>> occur. Would
>>>> you have an idea what might be causing this?
>>>>
>>>>
>>> Does the same guest, using the same qemu-kvm, work on kvm.git or
>>> upstream?
>>>
>>>
>> The test was done with a kvm user-space package based on 0.12.3 (which
>> seems to
>> be the current upstream version). I try to do a test on the git version.
>>
>
> I meant keep the same userspace without change, and try it on a Linus
> kernel or kvm.git master
> (http://git.kernel.org/?p=virt/kvm/kvm.git;a=summary).
>
HEAD of kvm.git tree works (with same client and userspace)
Stable 2.6.32.y tree plus all patches marked cc: stable fails.
(32bit host/guest)
Host dmesg:
kvm: emulating exchange as write
Guest dmesg:
...
[ 3.053503] Freeing initrd memory: 8843k freed
[ 3.059863] Freeing unused kernel memory: 660k freed
[ 3.076657] Write protecting the kernel text: 4780k
[ 3.082863] Write protecting the kernel read-only data: 1912k
[ 3.086666] BUG: unable to handle kernel paging request at c01292e3
[ 3.088025] IP: [<c01292e3>] kvm_leave_lazy_mmu+0x43/0x70
[ 3.088025] *pde = 00910067 *pte = 00129161
[ 3.088025] Oops: 0003 [#1] SMP
[ 3.088025] last sysfs file:
[ 3.088025] Modules linked in:
[ 3.088025]
[ 3.088025] Pid: 1, comm: init Not tainted (2.6.32-15-generic #22-Ubuntu) Bochs
[ 3.088025] EIP: 0060:[<c01292e3>] EFLAGS: 00010246 CPU: 0
[ 3.088025] EIP is at kvm_leave_lazy_mmu+0x43/0x70
[ 3.088025] EAX: 00000002 EBX: 00000018 ECX: 01802c20 EDX: 00000000
[ 3.088025] ESI: c1802c20 EDI: c1802c20 EBP: df071cb4 ESP: df071ca8
[ 3.088025] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 3.088025] Process init (pid: 1, ti=df070000 task=df068000 task.ti=df070000)
[ 3.088025] Stack:
[ 3.088025] c0000000 dce2b000 dce2a844 df071cf0 c01e8b6d 00000000 00000001
bffff000
[ 3.088025] <0> 00000000 db7ed000 c139d54c c139d54c df133000 db7ed000
1ffef067 bffff000
[ 3.088025] <0> bfe10000 db44bbfc df071d2c c01e8ce0 c0000000 df133000
db44bbfc bfe10000
[ 3.088025] Call Trace:
[ 3.088025] [<c01e8b6d>] ? move_ptes+0x1ad/0x270
[ 3.088025] [<c01e8ce0>] ? move_page_tables+0xb0/0x130
[ 3.088025] [<c020b614>] ? shift_arg_pages+0x94/0x180
[ 3.088025] [<c020b885>] ? setup_arg_pages+0x185/0x1b0
[ 3.088025] [<c0241243>] ? load_elf_binary+0x3c3/0xac0
[ 3.088025] [<c02f1654>] ? security_file_permission+0x14/0x20
[ 3.088025] [<c02052f4>] ? rw_verify_area+0x64/0xe0
[ 3.088025] [<c0240e80>] ? load_elf_binary+0x0/0xac0
[ 3.088025] [<c020bd9f>] ? search_binary_handler+0xef/0x2f0
[ 3.088025] [<c020b465>] ? kernel_read+0x35/0x50
[ 3.088025] [<c023f7b2>] ? load_script+0x1e2/0x270
[ 3.088025] [<c01e4160>] ? get_user_pages+0x50/0x60
[ 3.088025] [<c020a662>] ? get_arg_page+0x52/0xb0
[ 3.088025] [<c023f5d0>] ? load_script+0x0/0x270
[ 3.088025] [<c020bd9f>] ? search_binary_handler+0xef/0x2f0
[ 3.088025] [<c020a834>] ? copy_strings+0x174/0x190
[ 3.088025] [<c020c2c7>] ? do_execve+0x1f7/0x2c0
[ 3.088025] [<c034ed6a>] ? strncpy_from_user+0x3a/0x70
[ 3.088025] [<c0101a1d>] ? sys_execve+0x2d/0x60
[ 3.088025] [<c01033ec>] ? syscall_call+0x7/0xb
[ 3.088025] [<c01070a4>] ? kernel_execve+0x24/0x30
[ 3.088025] [<c01012ac>] ? run_init_process+0x1c/0x20
[ 3.088025] [<c0101396>] ? init_post+0xe6/0x100
[ 3.088025] [<c07d83d0>] ? kernel_init+0xb8/0xbf
[ 3.088025] [<c07d8318>] ? kernel_init+0x0/0xbf
[ 3.088025] [<c0104087>] ? kernel_thread_helper+0x7/0x10
[ 3.088025] Code: 6c 87 c0 64 a1 40 6a 87 c0 03 3c 85 80 4a 7d c0 8b 9f 00 04
00 00 85 db 74 24 89 fe 31 d2 66 90 8d 8e 00 00 00 40 b8 02 00 00 00 <0f> 01 c1
01 c6 29 c3 75 ec c7 87 00 04 00 00 00 00 00 00 e8 e5
[ 3.088025] EIP: [<c01292e3>] kvm_leave_lazy_mmu+0x43/0x70 SS:ESP 0068:df071ca8
[ 3.088025] CR2: 00000000c01292e3
[ 3.088025] ---[ end trace 85e247d11bf9c7e0 ]---
[ 3.088025] note: init[1] exited with preempt_count 2
[ 3.141968] BUG: scheduling while atomic: init/1/0x00000002
[ 3.143101] Modules linked in:
[ 3.143723] Pid: 1, comm: init Tainted: G D 2.6.32-15-generic #22-Ubuntu
[ 3.145183] Call Trace:
[ 3.145674] [<c013d562>] __schedule_bug+0x62/0x70
[ 3.146646] [<c05a37d4>] schedule+0x614/0x840
[ 3.147497] [<c05a9bcc>] ? smp_apic_timer_interrupt+0x5c/0x8b
[ 3.148636] [<c0103df1>] ? apic_timer_interrupt+0x31/0x40
[ 3.149690] [<c05a53b5>] rwsem_down_failed_common+0x75/0x1a0
[ 3.150977] [<c05a552d>] rwsem_down_read_failed+0x1d/0x30
[ 3.152040] [<c05a5587>] call_rwsem_down_read_failed+0x7/0x10
[ 3.153149] [<c05a4aec>] ? down_read+0x1c/0x20
[ 3.154017] [<c01878ef>] acct_collect+0x3f/0x170
[ 3.154976] [<c014ec12>] do_exit+0x262/0x310
[ 3.155808] [<c05a6595>] oops_end+0x95/0xd0
[ 3.156642] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
[ 3.157660] [<c012b2cc>] no_context+0xbc/0xe0
[ 3.158545] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
[ 3.159553] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
[ 3.160627] [<c012b32c>] __bad_area_nosemaphore+0x3c/0x160
[ 3.161838] [<c01c89ba>] ? T.903+0x3da/0x480
[ 3.162741] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
[ 3.163772] [<c012b467>] bad_area_nosemaphore+0x17/0x20
[ 3.164809] [<c05a7d56>] do_page_fault+0x2f6/0x380
[ 3.165744] [<c05a7a60>] ? do_page_fault+0x0/0x380
[ 3.166737] [<c05a5a63>] error_code+0x73/0x80
[ 3.167595] [<c01292e3>] ? kvm_leave_lazy_mmu+0x43/0x70
[ 3.168629] [<c01e8b6d>] move_ptes+0x1ad/0x270
[ 3.169495] [<c01e8ce0>] move_page_tables+0xb0/0x130
[ 3.170525] [<c020b614>] shift_arg_pages+0x94/0x180
[ 3.171476] [<c020b885>] setup_arg_pages+0x185/0x1b0
[ 3.172461] [<c0241243>] load_elf_binary+0x3c3/0xac0
[ 3.173429] [<c02f1654>] ? security_file_permission+0x14/0x20
[ 3.174609] [<c02052f4>] ? rw_verify_area+0x64/0xe0
[ 3.175555] [<c0240e80>] ? load_elf_binary+0x0/0xac0
[ 3.176533] [<c020bd9f>] search_binary_handler+0xef/0x2f0
[ 3.177588] [<c020b465>] ? kernel_read+0x35/0x50
[ 3.178551] [<c023f7b2>] load_script+0x1e2/0x270
[ 3.179465] [<c01e4160>] ? get_user_pages+0x50/0x60
[ 3.180430] [<c020a662>] ? get_arg_page+0x52/0xb0
[ 3.181346] [<c023f5d0>] ? load_script+0x0/0x270
[ 3.182244] [<c020bd9f>] search_binary_handler+0xef/0x2f0
[ 3.183371] [<c020a834>] ? copy_strings+0x174/0x190
[ 3.184341] [<c020c2c7>] do_execve+0x1f7/0x2c0
[ 3.185210] [<c034ed6a>] ? strncpy_from_user+0x3a/0x70
[ 3.186203] [<c0101a1d>] sys_execve+0x2d/0x60
[ 3.187101] [<c01033ec>] syscall_call+0x7/0xb
[ 3.187945] [<c01070a4>] ? kernel_execve+0x24/0x30
[ 3.188890] [<c01012ac>] ? run_init_process+0x1c/0x20
[ 3.189874] [<c0101396>] ? init_post+0xe6/0x100
[ 3.190828] [<c07d83d0>] ? kernel_init+0xb8/0xbf
[ 3.191873] [<c07d8318>] ? kernel_init+0x0/0xbf
[ 3.192777] [<c0104087>] ? kernel_thread_helper+0x7/0x10
[ 3.524180] Clocksource tsc unstable (delta = -140394173 ns)
next prev parent reply other threads:[~2010-03-08 20:48 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-17 13:45 [PATCH 00/20] KVM updates for the 2.6.34 merge window (batch 4/4) Avi Kivity
2010-02-17 13:45 ` [PATCH 01/20] KVM: Fix Codestyle in virt/kvm/coalesced_mmio.c Avi Kivity
2010-02-17 13:45 ` [PATCH 02/20] KVM: MMU: Add tracepoint for guest page aging Avi Kivity
2010-02-17 13:45 ` [PATCH 03/20] KVM: VMX: Rename VMX_EPT_IGMT_BIT to VMX_EPT_IPAT_BIT Avi Kivity
2010-02-17 13:45 ` [PATCH 04/20] KVM: PIT: unregister kvm irq notifier if fail to create pit Avi Kivity
2010-02-17 13:45 ` [PATCH 05/20] KVM: kvm->arch.vioapic should be NULL if kvm_ioapic_init() failure Avi Kivity
2010-02-17 13:45 ` [PATCH 06/20] KVM: cleanup the failure path of KVM_CREATE_IRQCHIP ioctrl Avi Kivity
2010-02-17 13:45 ` [PATCH 07/20] KVM: ia64: destroy ioapic device if fail to setup default irq routing Avi Kivity
2010-02-17 13:45 ` [PATCH 08/20] KVM: ppc/booke: Set ESR and DEAR when inject interrupt to guest Avi Kivity
2010-02-17 13:45 ` [PATCH 09/20] KVM: do not store wqh in irqfd Avi Kivity
2010-02-17 13:45 ` [PATCH 10/20] KVM: x86 emulator: Add group8 instruction decoding Avi Kivity
2010-02-17 13:45 ` [PATCH 11/20] KVM: x86 emulator: Add group9 " Avi Kivity
2010-02-17 13:45 ` [PATCH 12/20] KVM: x86 emulator: Add Virtual-8086 mode of emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 13/20] KVM: x86 emulator: fix memory access during x86 emulation Avi Kivity
2010-03-06 13:53 ` Stefan Bader
2010-03-07 10:07 ` Avi Kivity
2010-03-08 14:10 ` Stefan Bader
2010-03-08 14:12 ` Avi Kivity
2010-03-08 14:17 ` Stefan Bader
2010-03-08 20:48 ` Stefan Bader [this message]
2010-03-09 15:49 ` Stefan Bader
2010-03-11 21:16 ` KVM: x86: ignore access permissions for hypercall patching Marcelo Tosatti
2010-03-11 21:22 ` Stefan Bader
2010-03-12 5:56 ` Gleb Natapov
2010-03-12 6:07 ` Gleb Natapov
2010-02-17 13:45 ` [PATCH 14/20] KVM: x86 emulator: Check IOPL level during io instruction emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 15/20] KVM: x86 emulator: Fix popf emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 16/20] KVM: x86 emulator: Check CPL level during privilege instruction emulation Avi Kivity
2010-02-17 13:45 ` [PATCH 17/20] KVM: x86 emulator: Add LOCK prefix validity checking Avi Kivity
2010-02-17 13:45 ` [PATCH 18/20] KVM: Plan obsolescence of kernel allocated slots, paravirt mmu Avi Kivity
2010-02-17 13:45 ` [PATCH 19/20] KVM: x86 emulator: code style cleanup Avi Kivity
2010-02-17 13:45 ` [PATCH 20/20] KVM: x86 emulator: disallow opcode 82 in 64-bit mode Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B956283.10706@canonical.com \
--to=stefan.bader@canonical.com \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.