Re: kvm: GPF in __get_kvmclock_ns

From: Dmitry Vyukov <dvyukov@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
	rkrcmar@redhat.com, Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	"x86@kernel.org" <x86@kernel.org>, KVM list <kvm@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Steve Rutherford <srutherford@google.com>
Cc: syzkaller <syzkaller@googlegroups.com>
Subject: Re: kvm: GPF in __get_kvmclock_ns
Date: Fri, 11 Nov 2016 17:21:59 -0800	[thread overview]
Message-ID: <CACT4Y+akZHq8LW8kv5669wFNkTCjK03dRU9A=9xgwL_qQsxEbw@mail.gmail.com> (raw)
In-Reply-To: <CACT4Y+aE49Ny8HEdcZOKgKdSyvz4O++UxM=-v+ukA7C-i3Q+pA@mail.gmail.com>

On Fri, Nov 11, 2016 at 4:13 PM, Dmitry Vyukov <dvyukov@google.com> wrote:
> Hello,
>
> The following program triggers GPF in __get_kvmclock_ns if run in a loop:
> https://gist.githubusercontent.com/dvyukov/91e4b366019e8500bac73ead5fbc44b0/raw/18178c254775dc953c4b5cf75442207480d939b4/gistfile1.txt
>
> On commit 015ed9433be2b476ec7e2e6a9a411a56e3b5b035 (Nov 11).
>
> general protection fault: 0000 [#1] SMP KASAN
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Modules linked in:
> CPU: 3 PID: 4898 Comm: syz-executor Not tainted 4.9.0-rc4+ #40
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> task: ffff880066e32dc0 task.stack: ffff880067280000
> RIP: 0010:[<ffffffff8108d3be>]  [<ffffffff8108d3be>]
> __get_kvmclock_ns+0x5e/0x390 arch/x86/kvm/x86.c:1731
> RSP: 0018:ffff8800672878c0  EFLAGS: 00010003
> RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90000766000
> RDX: 000000000000064c RSI: 0000000000000000 RDI: 0000000000003265
> RBP: ffff8800672878f0 R08: ffffed000ce50f3e R09: ffffed000ce50f3e
> R10: ffffed000ce50f3d R11: ffff8800672879ef R12: ffff88006728c000
> R13: ffff88006728c000 R14: 000000002000d000 R15: ffffffffffffffea
> FS:  00007f0b2288a700(0000) GS:ffff88006e300000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000000002000d000 CR3: 00000000672ba000 CR4: 00000000000026e0
> Stack:
>  0000000000000046 1ffff1000ce50f24 1ffff1000ce50f24 ffff8800672879c0
>  ffff88006728c000 000000002000d000 ffff880067287b90 ffffffff810aafd8
>  0000000000000038 ffff880067287948 ffffffff812c10f5 1ffff1000ce50f2d
> Call Trace:
>  [<ffffffff810aafd8>] kvm_arch_vm_ioctl+0x1098/0x1c10 arch/x86/kvm/x86.c:4096
>  [<ffffffff81065643>] kvm_vm_ioctl+0x193/0x1670
> arch/x86/kvm/../../../virt/kvm/kvm_main.c:3097
>  [<     inline     >] vfs_ioctl fs/ioctl.c:43
>  [<ffffffff816b16fc>] do_vfs_ioctl+0x18c/0x1040 fs/ioctl.c:679
>  [<     inline     >] SYSC_ioctl fs/ioctl.c:694
>  [<ffffffff816b263f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
>  [<ffffffff831ebd01>] entry_SYSCALL_64_fastpath+0x1f/0xc2
> Code: 03 80 3c 02 00 0f 85 26 03 00 00 49 8b 9c 24 a0 03 00 00 48 b8
> 00 00 00 00 00 fc ff df 48 8d bb 65 32 00 00 48 89 fa 48 c1 ea 03 <0f>
> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 02 00
> RIP  [<ffffffff8108d3be>] __get_kvmclock_ns+0x5e/0x390 arch/x86/kvm/x86.c:1731
>  RSP <ffff8800672878c0>
> ---[ end trace 86f1ebae02f87a96 ]---
> Kernel panic - not syncing: Fatal exception
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Kernel Offset: disabled
> reboot: cpu_has_vmx: ecx=80a02021 1
>
>
> The line is:
>     if (vcpu && vcpu->arch.hv_clock.flags & PVCLOCK_TSC_STABLE_BIT) {
>
>
> Thanks


+Steve