Re: [PATCH seabios 3/3] kvmtool: support larger virtio queues - Jean-Philippe Brucker

From: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
To: Gerd Hoffmann <kraxel@redhat.com>,
	"seabios@seabios.org" <seabios@seabios.org>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Cc: James Morse <James.Morse@arm.com>
Subject: Re: [PATCH seabios 3/3] kvmtool: support larger virtio queues
Date: Fri, 3 Nov 2017 19:42:06 +0000	[thread overview]
Message-ID: <d82fb35e-f0cc-d124-afdf-1a03fe2de0fd@arm.com> (raw)
In-Reply-To: <1509723266.5662.5.camel@redhat.com>

On 03/11/17 15:34, Gerd Hoffmann wrote:
> On Fri, 2017-11-03 at 13:49 +0000, Jean-Philippe Brucker wrote:
>> On 02/11/17 15:50, Gerd Hoffmann wrote:
>>> Queues have 256 entries on kvmtool, support that.  Needs more
>>> memory for
>>> virtqueues now.  But with the move to 32bit drivers for virtio this
>>> should not be much of an issue any more.
>>>
>>> Known problems (probably kvmtool bugs):
>>>  * Must bump to 260 entries to make things actually work,
>>>    otherwise kvmtool segfaults.  Oops.
>>
>> You mean setting MAX_QUEUE_NUM to 256 instead of 260 in seabios
>> causes a
>> kvmtool crash?
> 
> yes.
> 
>>  Do you have any more detail on the segfault?
> 
> Ok, lets have a look with gdb ...
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7f81caf3c700 (LWP 20234)]
> virt_queue__get_head_iov (vq=vq@entry=0x7f82576be0a0, iov=iov@entry=0x7
> f826770aae0, 
>     out=out@entry=0x7f826770bae0, in=in@entry=0x7f826770bae2,
> head=65104, kvm=kvm@entry=0x246eee0)
>     at virtio/core.c:105
> 105             *out = *in = 0;
> (gdb) bt
> #0  0x000000000040c91b in virt_queue__get_head_iov (vq=vq@entry=0x7f825
> 76be0a0, iov=iov@entry=0x7f826770aae0, out=out@entry=0x7f826770bae0, in
> =in@entry=0x7f826770bae2, head=65104, kvm=kvm@entry=0x246eee0) at
> virtio/core.c:105
> #1  0x000000000040bbf7 in virtio_blk_thread (bdev=0x7f82576be010,
> vq=0x7f82576be0a0, kvm=0x246eee0)
>     at virtio/blk.c:134
> #2  0x000000000040bbf7 in virtio_blk_thread (dev=0x7f82576be010) at
> virtio/blk.c:208
> #3  0x00007f82571c6e25 in start_thread () at /lib64/libpthread.so.0
> #4  0x00007f82543b134d in clone () at /lib64/libc.so.6
> (gdb) print *vq
> $1 = {vring = {num = 256, desc = 0x7f824cf3e000, avail =
> 0x7f824cf3f000, used = 0x7f824cf40000}, 
>   pfn = 524285, last_avail_idx = 263, last_used_signalled = 1, endian =
> 1}
> 
> last_avail_idx looks bogus ...

It follows avail->idx, which wraps naturally at 65536 (regardless of the
ring size). But head=65104 seems bogus, it should be an index into the
descriptor table. So either seabios puts that value in the avail ring, or
kvmtool reads some uninitialized ring entry. I haven't found how we can
get into this situation yet.

Thanks,
Jean