From: Wanpeng Li <kernellwp@gmail.com>
To: "Matwey V. Kornilov" <matwey.kornilov@gmail.com>
Cc: Gleb Natapov <gleb@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Radim Krcmar <rkrcmar@redhat.com>, kvm <kvm@vger.kernel.org>
Subject: Re: [BISECTED REGRESSION] v4.0+ KVM: x86: allow TSC deadline timer on all hosts
Date: Sun, 5 Feb 2017 21:21:13 +0800 [thread overview]
Message-ID: <CANRm+Czk7xtDoq41Ej9t3KKOsbME1LPVPmVapG6jWhNxU0KoWQ@mail.gmail.com> (raw)
In-Reply-To: <CAJs94EbvdXj1cz0p4YdDP=xcSDD+Y6+NgD3npmHaCpZmNwyq_A@mail.gmail.com>
2017-02-05 16:39 GMT+08:00 Matwey V. Kornilov <matwey.kornilov@gmail.com>:
> Hello,
>
> I've bisected that commit defcf51fa93929bd ("KVM: x86: allow TSC
> deadline timer on all hosts") makes guest kernels crash under specific
> circumstances.
> The issue itself is the following. I use host linux kernel (was
> bisected) to run guest linux kernels using qemu-kvm (version 2.3.1.
> earlier version 2.1 has also been checked and found demonstrating the
> same behavior)
>
> I've found that
>
> 1) the following qemu command
>
> qemu-system-x86_64 -machine accel=kvm -nodefaults -no-reboot
> -nographic -cpu host -vga none -kernel kernel -initrd initrd -append
> 'panic=1 no-kvmclock console=ttyS0 loglevel=7' -m 1024 -serial stdio
>
> successfully boots the guest kernel when host kernel version is prior
> defcf51fa93929bd (3.16 3.18 3.19 was checked)
>
> 2) the same command leads to the guest kernel failure with the same
> qemu binary and the same kernel and initrd images when host kernel
> 4.0+ is used (4.0 4.4 4.9 was checked):
>
> [ 0.588000] divide error: 0000 [#1] SMP
> [ 0.588000] Modules linked in:
> [ 0.588000] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W
> 3.16.6-2-default #1
> [ 0.588000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS rel-1.8.1-0-g4adadbd-20150316_085822-nilsson.home.kraxel.org
> 04/01/2014
> [ 0.588000] task: ffff88003d61e010 ti: ffff88003d63c000 task.ti:
> ffff88003d63c000
> [ 0.588000] RIP: 0010:[<ffffffff810c6e7f>] [<ffffffff810c6e7f>]
> clockevents_config.part.3+0x1f/0xa0
> [ 0.588000] RSP: 0000:ffff88003d63fe90 EFLAGS: 00010246
> [ 0.588000] RAX: ffffffffffffffff RBX: ffff88003f80ce80 RCX: 0000000000000000
> [ 0.588000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
> [ 0.588000] RBP: 000000000000b060 R08: 0000000000000001 R09: ffffffff81ee84b0
> [ 0.588000] R10: 00000000000000bb R11: 0000000000000003 R12: 000000000000b0a0
> [ 0.588000] R13: 0000000000000200 R14: 0000000000000000 R15: 0000000000000000
> [ 0.588000] FS: 0000000000000000(0000) GS:ffff88003f800000(0000)
> knlGS:0000000000000000
> [ 0.588000] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 0.588000] CR2: 00000000ffffffff CR3: 0000000001c13000 CR4: 00000000000006f0
> [ 0.588000] Stack:
> [ 0.588000] ffff88003f80ce80 000000000000b060 000000000000b0a0
> ffffffff810c73cc
> [ 0.588000] 0000000000000000 ffffffff81d15952 ffffffff81e63338
> 0000000000000000
> [ 0.588000] 0000000000000000 0000000000000000 ffffffff81d0910c
> 0000000000000000
> [ 0.588000] Call Trace:
> [ 0.588000] [<ffffffff810c73cc>] clockevents_config_and_register+0x1c/0x30
> [ 0.588000] [<ffffffff81d15952>] native_smp_prepare_cpus+0x3a1/0x3d0
> [ 0.588000] [<ffffffff81d0910c>] kernel_init_freeable+0xc1/0x202
> [ 0.588000] [<ffffffff815bc04a>] kernel_init+0xa/0xf0
> [ 0.588000] [<ffffffff815d0b7c>] ret_from_fork+0x7c/0xb0
> [ 0.588000] Code: 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66
> 90 41 54 31 d2 89 f1 89 f6 41 b8 01 00 00 00 55 53 48 89 fb 48 8b 7f
> 70 48 89 f8 <48> f7 f6 48 85 c0 74 0b 48 3d 58 02 00 00 41 89 c0 77 4e
> 4c 8d
> [ 0.588000] RIP [<ffffffff810c6e7f>] clockevents_config.part.3+0x1f/0xa0
> [ 0.588000] RSP <ffff88003d63fe90>
> [ 0.592000] ---[ end trace 6dcb37223984f47d ]---
> [ 0.596000] Kernel panic - not syncing: Attempted to kill init!
> exitcode=0x0000000b
>
> As soon as the guest kernel were bootable before in this
> configuration, I think this could be a regression. But I am not sure
> how the commit exactly affects the behavior.
>
> I've also tried to understand what was happening inside the guest
> kernel native_calibrate_tsc() function. Nothing interesting except
> that both tsc1 and tsc2 are ULLONG_MAX after the for loop.
>
> References: https://bugzilla.opensuse.org/show_bug.cgi?id=1023358
It is the guest kernel bug, please refers to commit b47dcbdc516 (x86,
apic: Handle a bad TSC more gracefully).
Regards,
Wanpeng Li
next prev parent reply other threads:[~2017-02-05 13:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-05 8:39 [BISECTED REGRESSION] v4.0+ KVM: x86: allow TSC deadline timer on all hosts Matwey V. Kornilov
2017-02-05 13:21 ` Wanpeng Li [this message]
2017-02-07 18:01 ` Matwey V. Kornilov
2017-02-07 20:43 ` Matwey V. Kornilov
2017-02-08 8:50 ` Paolo Bonzini
2017-02-08 16:26 ` Matwey V. Kornilov
2017-02-08 16:29 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANRm+Czk7xtDoq41Ej9t3KKOsbME1LPVPmVapG6jWhNxU0KoWQ@mail.gmail.com \
--to=kernellwp@gmail.com \
--cc=gleb@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=matwey.kornilov@gmail.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.