Re: Bug inkvm_set_irq
Le 03/03/2011 16:55, Michael S. Tsirkin a écrit : On Thu, Mar 03, 2011 at 04:26:11PM +0100, Jean-Philippe Menil wrote: Le 03/03/2011 15:47, Michael S. Tsirkin a écrit : On Tue, Mar 01, 2011 at 03:39:12PM +0100, Jean-Philippe Menil wrote: so this time the bug is: [17882.612303] BUG: unable to handle kernel paging request at 2458 [17882.612342] IP: [a03898a0] kvm_set_irq+0x30/0x140 [kvm] markup_oops give me this: root@ayrshire:~# cat bug-0103.txt | perl markup_oops.pl -m /lib/modules/2.6.37.2-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko /boot/vmlinuz-2.6.37.2-dsiun-110105+ vmaoffset = 18446744072102621184 a0389871: 48 89 e5mov %rsp,%rbp a0389874:41 57 push %r15 a0389876:41 89 cfmov%ecx,%r15d | %r15 = 1 %ecx = 1 a0389879:41 56 push %r14| %r14 = a038aad0 a038987b:41 55 push %r13 a038987d:49 89 fdmov%rdi,%r13 | %edi = 0 %r13 = 0 a0389880:41 54 push %r12| %r12 = 0 a0389882:53 push %rbx a0389883:89 d3 mov%edx,%ebx | %ebx = 1a a0389885:48 81 ec a8 00 00 00sub$0xa8,%rsp a038988c:8b 15 00 00 00 00 mov0x0(%rip),%edx # a0389892kvm_set_irq+0x22 a0389892:89 b5 3c ff ff ff mov%esi,-0xc4(%rbp) | %esi = 0 a0389898:85 d2 test %edx,%edx | %edx = 0 a038989a:0f 85 d5 00 00 00 jnea0389975 kvm_set_irq+0x105 *a03898a0: 49 8b 85 58 24 00 00mov0x2458(%r13),%rax | %eax = 0 %r13 = 0--- faulting instruction a03898a7:3b 98 28 01 00 00 cmp0x128(%rax),%ebx a03898ad:73 61 jaea0389910 kvm_set_irq+0xa0 a03898af:89 db mov%ebx,%ebx a03898b1:48 8b 84 d8 30 01 00mov 0x130(%rax,%rbx,8),%rax a03898b8:00 a03898b9:48 85 c0test %rax,%rax a03898bc:74 52 je a0389910 kvm_set_irq+0xa0 a03898be:48 8d 95 40 ff ff fflea-0xc0(%rbp),%rdx a03898c5:31 db xor%ebx,%ebx a03898c7:48 8b 08mov(%rax),%rcx a03898ca:83 c3 01add$0x1,%ebx a03898cd:0f 18 09prefetcht0 (%rcx) a03898d0:48 8b 48 e0 mov-0x20(%rax),%rcx a03898d4:48 89 0amov%rcx,(%rdx) a03898d7:48 8b 48 e8 mov-0x18(%rax),%rcx a03898db:48 89 4a 08 mov%rcx,0x8(%rdx) a03898df:48 8b 48 f0 mov-0x10(%rax),%rcx a03898e3:48 89 4a 10 mov%rcx,0x10(%rdx) a03898e7:48 8b 48 f8 mov-0x8(%rax),%rcx a03898eb:48 89 4a 18 mov%rcx,0x18(%rdx) wich correspond to offset 68a0 (from objdump): kvm_set_irq(): /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:161 68a0: 49 8b 85 58 24 00 00mov0x2458(%r13),%rax /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:162 68a7: 3b 98 28 01 00 00 cmp0x128(%rax),%ebx root@ayrshire:~# addr2line -e /lib/modules/2.6.37.2-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko 0x68a0 /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:161 So here kvm-irq_routing is null. How can it be? Regards. Not null, this seems to be invalid. I suspect use after free where the kvm pointer is pointing at some random memory. Use after free? Could you please try enabling a slab debugger, recompile and rerun the test? Hi, I'm not sure to activate the right thing. Is that what you want? CONFIG_SLAB=y CONFIG_SLABINFO=y CONFIG_DEBUG_SLAB=y CONFIG_DEBUG_SLAB_LEAK=y Regards. Yes, maybe disable SLAB_LEAK. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Hi, so this time, here is what markup_oops says: root@ayrshire:~# cat oops-0403.txt | perl markup_oops.pl -m /lib/modules/2.6.37.2.999-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko /boot/vmlinuz-2.6.37.2.999-dsiun-110105+ vmaoffset =
Re: Bug inkvm_set_irq
On Fri, Mar 04, 2011 at 10:22:03AM +0100, Jean-Philippe Menil wrote: Le 03/03/2011 16:55, Michael S. Tsirkin a écrit : On Thu, Mar 03, 2011 at 04:26:11PM +0100, Jean-Philippe Menil wrote: Le 03/03/2011 15:47, Michael S. Tsirkin a écrit : On Tue, Mar 01, 2011 at 03:39:12PM +0100, Jean-Philippe Menil wrote: so this time the bug is: [17882.612303] BUG: unable to handle kernel paging request at 2458 [17882.612342] IP: [a03898a0] kvm_set_irq+0x30/0x140 [kvm] markup_oops give me this: root@ayrshire:~# cat bug-0103.txt | perl markup_oops.pl -m /lib/modules/2.6.37.2-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko /boot/vmlinuz-2.6.37.2-dsiun-110105+ vmaoffset = 18446744072102621184 a0389871:48 89 e5 mov %rsp,%rbp a0389874: 41 57 push %r15 a0389876: 41 89 cfmov%ecx,%r15d | %r15 = 1 %ecx = 1 a0389879: 41 56 push %r14| %r14 = a038aad0 a038987b: 41 55 push %r13 a038987d: 49 89 fdmov%rdi,%r13 | %edi = 0 %r13 = 0 a0389880: 41 54 push %r12| %r12 = 0 a0389882: 53 push %rbx a0389883: 89 d3 mov%edx,%ebx | %ebx = 1a a0389885: 48 81 ec a8 00 00 00sub$0xa8,%rsp a038988c: 8b 15 00 00 00 00 mov0x0(%rip),%edx # a0389892kvm_set_irq+0x22 a0389892: 89 b5 3c ff ff ff mov%esi,-0xc4(%rbp) | %esi = 0 a0389898: 85 d2 test %edx,%edx | %edx = 0 a038989a: 0f 85 d5 00 00 00 jnea0389975 kvm_set_irq+0x105 *a03898a0:49 8b 85 58 24 00 00mov 0x2458(%r13),%rax | %eax = 0 %r13 = 0--- faulting instruction a03898a7: 3b 98 28 01 00 00 cmp0x128(%rax),%ebx a03898ad: 73 61 jaea0389910 kvm_set_irq+0xa0 a03898af: 89 db mov%ebx,%ebx a03898b1: 48 8b 84 d8 30 01 00mov 0x130(%rax,%rbx,8),%rax a03898b8: 00 a03898b9: 48 85 c0test %rax,%rax a03898bc: 74 52 je a0389910 kvm_set_irq+0xa0 a03898be: 48 8d 95 40 ff ff fflea-0xc0(%rbp),%rdx a03898c5: 31 db xor%ebx,%ebx a03898c7: 48 8b 08mov(%rax),%rcx a03898ca: 83 c3 01add$0x1,%ebx a03898cd: 0f 18 09prefetcht0 (%rcx) a03898d0: 48 8b 48 e0 mov-0x20(%rax),%rcx a03898d4: 48 89 0amov%rcx,(%rdx) a03898d7: 48 8b 48 e8 mov-0x18(%rax),%rcx a03898db: 48 89 4a 08 mov%rcx,0x8(%rdx) a03898df: 48 8b 48 f0 mov-0x10(%rax),%rcx a03898e3: 48 89 4a 10 mov%rcx,0x10(%rdx) a03898e7: 48 8b 48 f8 mov-0x8(%rax),%rcx a03898eb: 48 89 4a 18 mov%rcx,0x18(%rdx) wich correspond to offset 68a0 (from objdump): kvm_set_irq(): /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:161 68a0: 49 8b 85 58 24 00 00mov0x2458(%r13),%rax /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:162 68a7: 3b 98 28 01 00 00 cmp0x128(%rax),%ebx root@ayrshire:~# addr2line -e /lib/modules/2.6.37.2-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko 0x68a0 /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:161 So here kvm-irq_routing is null. How can it be? Regards. Not null, this seems to be invalid. I suspect use after free where the kvm pointer is pointing at some random memory. Use after free? Could you please try enabling a slab debugger, recompile and rerun the test? Hi, I'm not sure to activate the right thing. Is that what you want? CONFIG_SLAB=y CONFIG_SLABINFO=y CONFIG_DEBUG_SLAB=y CONFIG_DEBUG_SLAB_LEAK=y Regards. Yes, maybe disable SLAB_LEAK. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Hi, so this time, here is what markup_oops says: root@ayrshire:~# cat oops-0403.txt | perl markup_oops.pl -m
Re: Bug inkvm_set_irq
Le 04/03/2011 10:35, Michael S. Tsirkin a écrit : On Fri, Mar 04, 2011 at 10:22:03AM +0100, Jean-Philippe Menil wrote: Le 03/03/2011 16:55, Michael S. Tsirkin a écrit : On Thu, Mar 03, 2011 at 04:26:11PM +0100, Jean-Philippe Menil wrote: Le 03/03/2011 15:47, Michael S. Tsirkin a écrit : On Tue, Mar 01, 2011 at 03:39:12PM +0100, Jean-Philippe Menil wrote: so this time the bug is: [17882.612303] BUG: unable to handle kernel paging request at 2458 [17882.612342] IP: [a03898a0] kvm_set_irq+0x30/0x140 [kvm] markup_oops give me this: root@ayrshire:~# cat bug-0103.txt | perl markup_oops.pl -m /lib/modules/2.6.37.2-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko /boot/vmlinuz-2.6.37.2-dsiun-110105+ vmaoffset = 18446744072102621184 a0389871: 48 89 e5 mov %rsp,%rbp a0389874: 41 57 push %r15 a0389876: 41 89 cfmov%ecx,%r15d | %r15 =1 %ecx = 1 a0389879: 41 56 push %r14| %r14 =a038aad0 a038987b: 41 55 push %r13 a038987d: 49 89 fdmov%rdi,%r13 | %edi = 0 %r13 =0 a0389880: 41 54 push %r12| %r12 =0 a0389882: 53 push %rbx a0389883: 89 d3 mov%edx,%ebx | %ebx =1a a0389885: 48 81 ec a8 00 00 00sub$0xa8,%rsp a038988c: 8b 15 00 00 00 00 mov0x0(%rip),%edx # a0389892kvm_set_irq+0x22 a0389892: 89 b5 3c ff ff ff mov%esi,-0xc4(%rbp) | %esi = 0 a0389898: 85 d2 test %edx,%edx | %edx =0 a038989a: 0f 85 d5 00 00 00 jnea0389975 kvm_set_irq+0x105 *a03898a0: 49 8b 85 58 24 00 00mov 0x2458(%r13),%rax | %eax = 0 %r13 = 0--- faulting instruction a03898a7: 3b 98 28 01 00 00 cmp0x128(%rax),%ebx a03898ad: 73 61 jaea0389910 kvm_set_irq+0xa0 a03898af: 89 db mov%ebx,%ebx a03898b1: 48 8b 84 d8 30 01 00mov 0x130(%rax,%rbx,8),%rax a03898b8: 00 a03898b9: 48 85 c0test %rax,%rax a03898bc: 74 52 je a0389910 kvm_set_irq+0xa0 a03898be: 48 8d 95 40 ff ff fflea-0xc0(%rbp),%rdx a03898c5: 31 db xor%ebx,%ebx a03898c7: 48 8b 08mov(%rax),%rcx a03898ca: 83 c3 01add$0x1,%ebx a03898cd: 0f 18 09prefetcht0 (%rcx) a03898d0: 48 8b 48 e0 mov-0x20(%rax),%rcx a03898d4: 48 89 0amov%rcx,(%rdx) a03898d7: 48 8b 48 e8 mov-0x18(%rax),%rcx a03898db: 48 89 4a 08 mov%rcx,0x8(%rdx) a03898df: 48 8b 48 f0 mov-0x10(%rax),%rcx a03898e3: 48 89 4a 10 mov%rcx,0x10(%rdx) a03898e7: 48 8b 48 f8 mov-0x8(%rax),%rcx a03898eb: 48 89 4a 18 mov%rcx,0x18(%rdx) wich correspond to offset 68a0 (from objdump): kvm_set_irq(): /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:161 68a0: 49 8b 85 58 24 00 00mov0x2458(%r13),%rax /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:162 68a7: 3b 98 28 01 00 00 cmp0x128(%rax),%ebx root@ayrshire:~# addr2line -e /lib/modules/2.6.37.2-dsiun-110105+/kernel/arch/x86/kvm/kvm.ko 0x68a0 /usr/src/GIT/linux-2.6-stable/arch/x86/kvm/../../../virt/kvm/irq_comm.c:161 So here kvm-irq_routing is null. How can it be? Regards. Not null, this seems to be invalid. I suspect use after free where the kvm pointer is pointing at some random memory. Use after free? Could you please try enabling a slab debugger, recompile and rerun the test? Hi, I'm not sure to activate the right thing. Is that what you want? CONFIG_SLAB=y CONFIG_SLABINFO=y CONFIG_DEBUG_SLAB=y CONFIG_DEBUG_SLAB_LEAK=y Regards. Yes, maybe disable SLAB_LEAK. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Hi, so this time, here is what markup_oops says: root@ayrshire:~# cat oops-0403.txt | perl markup_oops.pl -m
RE: [PATCH 4/6] Staging: hv: Unify the hyperv driver abstractions
-Original Message- From: Greg KH [mailto:gre...@suse.de] Sent: Thursday, March 03, 2011 4:22 PM To: KY Srinivasan Cc: Greg KH; linux-ker...@vger.kernel.org; de...@linuxdriverproject.org; virtualizat...@lists.osdl.org; Haiyang Zhang; Hank Janssen Subject: Re: [PATCH 4/6] Staging: hv: Unify the hyperv driver abstractions On Thu, Mar 03, 2011 at 09:16:29PM +, KY Srinivasan wrote: -Original Message- From: Greg KH [mailto:gre...@suse.de] Sent: Thursday, March 03, 2011 1:10 AM To: KY Srinivasan Cc: Greg KH; linux-ker...@vger.kernel.org; de...@linuxdriverproject.org; virtualizat...@lists.osdl.org; Haiyang Zhang; Hank Janssen Subject: Re: [PATCH 4/6] Staging: hv: Unify the hyperv driver abstractions On Thu, Mar 03, 2011 at 02:50:00AM +, KY Srinivasan wrote: struct driver_context? Oh please no. Greg; this is the patch that consolidates the state in struct hv_driver into struct driver_context. In the spirit of doing one thing in a patch; other relevant changes are made in: Patch[5/6]: Changes the name driver_context to hyperv_driver Patch[6/6]: Cleanup all variable names that refer to struct hyperv_driver. Yes, but on its own, this patch is wrong, that is not a valid name, even if it is a temporary name. Greg, the temporary name happens to be the name currently in use in the code - this is not the name I introduced. There is not a struct driver_context in the code that I see today, or am I missing something? That's my objection here, please don't use that name, it's not valid for a subsystem to use, even for a tiny bit. Look at the file vmbus.h you will see struct driver_context. This has been there for as long as I have seen this code. Ok, I am rightly corrected, I totally missed that, you are right. Feel free to resend after addressing the other issues. I'll fix up the hv_mouse driver, you don't have to worry about that one if you don't want to, just ignore it please. Greg, I am working on a patch-set that hopefully will address all the concerns that were raised. As part of this effort, I will also deal with the mouse driver. I should have these patches out next week. Thanks for your patience here. Regards, K. Y ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/virtualization
