4.15 is now available in Bionic. Marking this Fix Released.
** Tags added: kernel
** Information type changed from Proprietary to Public
** Changed in: intel
Status: New => Fix Released
** Changed in: linux (Ubuntu)
Status: New => Fix Released
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1744637
Title:
[Bug]Crystal Ridge - non-temporal stores receive double fault in KVM
guest
Status in intel:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Bug description:
Description:
I'm seeing a regression in my QEMU based NVDIMM testing system, and I
bisected it to this commit:
664f8e26b00c7673a8303b0d40853a0c24ca93e1 is the first bad commit
commit 664f8e26b00c7673a8303b0d40853a0c24ca93e1
Author: Wanpeng Li <wanpeng...@hotmail.com>
Date: Thu Aug 24 03:35:09 2017 -0700
KVM: X86: Fix loss of exception which has not yet been injected
The behavior I'm seeing is that heavy I/O to simulated NVDIMMs in
multiple virtual machines causes the QEMU guests to receive double
faults, crashing them. Here's an example backtrace:
[ 1042.653816] PANIC: double fault, error_code: 0x0
[ 1042.654398] CPU: 2 PID: 30257 Comm: fsstress Not tainted 4.15.0-rc5 #1
[ 1042.655169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-2.fc27 04/01/2014
[ 1042.656121] RIP: 0010:memcpy_flushcache+0x4d/0x180
[ 1042.656631] RSP: 0018:ffffac098c7d3808 EFLAGS: 00010286
[ 1042.657245] RAX: ffffac0d18ca8000 RBX: 0000000000000fe0 RCX:
ffffac0d18ca8000
[ 1042.658085] RDX: ffff921aaa5df000 RSI: ffff921aaa5e0000 RDI:
000019f26e6c9000
[ 1042.658802] RBP: 0000000000001000 R08: 0000000000000000 R09:
0000000000000000
[ 1042.659503] R10: 0000000000000000 R11: 0000000000000000 R12:
ffff921aaa5df020
[ 1042.660306] R13: ffffac0d18ca8000 R14: fffff4c102a977c0 R15:
0000000000001000
[ 1042.661132] FS: 00007f71530b90c0(0000) GS:ffff921b3b280000(0000)
knlGS:0000000000000000
[ 1042.662051] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1042.662528] CR2: 0000000001156002 CR3: 000000012a936000 CR4:
00000000000006e0
[ 1042.663093] Call Trace:
[ 1042.663329] write_pmem+0x6c/0xa0 [nd_pmem]
[ 1042.663668] pmem_do_bvec+0x15f/0x330 [nd_pmem]
[ 1042.664056] ? kmem_alloc+0x61/0xe0 [xfs]
[ 1042.664393] pmem_make_request+0xdd/0x220 [nd_pmem]
[ 1042.664781] generic_make_request+0x11f/0x300
[ 1042.665135] ? submit_bio+0x6c/0x140
[ 1042.665436] submit_bio+0x6c/0x140
[ 1042.665754] ? next_bio+0x18/0x40
[ 1042.666025] ? _cond_resched+0x15/0x40
[ 1042.666341] submit_bio_wait+0x53/0x80
[ 1042.666804] blkdev_issue_zeroout+0xdc/0x210
[ 1042.667336] ? __dax_zero_page_range+0xb5/0x140
[ 1042.667810] __dax_zero_page_range+0xb5/0x140
[ 1042.668197] ? xfs_file_iomap_begin+0x2bd/0x8e0 [xfs]
[ 1042.668611] iomap_zero_range_actor+0x7c/0x1b0
[ 1042.668974] ? iomap_write_actor+0x170/0x170
[ 1042.669318] iomap_apply+0xa4/0x110
[ 1042.669616] ? iomap_write_actor+0x170/0x170
[ 1042.669958] iomap_zero_range+0x52/0x80
[ 1042.670255] ? iomap_write_actor+0x170/0x170
[ 1042.670616] xfs_setattr_size+0xd4/0x330 [xfs]
[ 1042.670995] xfs_ioc_space+0x27e/0x2f0 [xfs]
[ 1042.671332] ? terminate_walk+0x87/0xf0
[ 1042.671662] xfs_file_ioctl+0x862/0xa40 [xfs]
[ 1042.672035] ? _copy_to_user+0x22/0x30
[ 1042.672346] ? cp_new_stat+0x150/0x180
[ 1042.672663] do_vfs_ioctl+0xa1/0x610
[ 1042.672960] ? SYSC_newfstat+0x3c/0x60
[ 1042.673264] SyS_ioctl+0x74/0x80
[ 1042.673661] entry_SYSCALL_64_fastpath+0x1a/0x7d
[ 1042.674239] RIP: 0033:0x7f71525a2dc7
[ 1042.674681] RSP: 002b:00007ffef97aa778 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[ 1042.675664] RAX: ffffffffffffffda RBX: 00000000000112bc RCX:
00007f71525a2dc7
[ 1042.676592] RDX: 00007ffef97aa7a0 RSI: 0000000040305825 RDI:
0000000000000003
[ 1042.677520] RBP: 0000000000000009 R08: 0000000000000045 R09:
00007ffef97aa78c
[ 1042.678442] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000000000003
[ 1042.679330] R13: 0000000000019e38 R14: 00000000000fcca7 R15:
0000000000000016
[ 1042.680216] Code: 48 8d 5d e0 4c 8d 62 20 48 89 cf 48 29 d7 48 89
de 48 83 e6 e0 4c 01 e6 48 8d 04 17 4c 8b 02 4c 8b 4a 08 4c 8b 52 10
4c 8b 5a 18 <4c> 0f c3 00 4c 0f c3 48 08 4c 0f c3 50 10 4c 0f c3 58 18
48 83
This appears to be independent of both the guest kernel version (this
backtrace has v4.15.0-rc5, but I've seen it with other kernels) as
well as independent of the host QMEU version (mine happens to be
qemu-2.10.1-2.fc27 in Fedora 27).
The new behavior is due to this commit being present in the host OS
kernel. Prior to this commit I could fire up 4 VMs and run xfstests
on my simulated NVDIMMs, but after this commit such testing results in
multiple of my VMs crashing almost immediately.
Reproduction is very simple, at least on my development box. All you
need are a pair of VMs (I just did it with clean installs of Fedora
27) with NVDIMMs. Here's a sample QEMU command to get one of these:
qemu-system-x86_64 /home/rzwisler/vms/Fedora27.qcow2 -m
4G,slots=3,maxmem=512G -smp 12 -machine pc,accel=kvm,nvdimm
-enable-kvm -object
memory-backend-file,id=mem1,share,mem-path=/home/rzwisler/nvdimms/nvdimm-1,size=17G
-device nvdimm,memdev=mem1,id=nv1
In my setup my NVDIMMs backing files (/home/rzwisler/nvdimms/nvdimm-1)
are being created on a filesystem on an SSD.
After these two qemu guests are up, run write I/Os to the resulting
/dev/pmem0 devices. I've done this with xfstests and fio to get the
error, but the simplest way is just:
dd if=/dev/zero of=/dev/pmem0
The double fault should happen in under a minute, definitely before
the DDs run out of space on their /dev/pmem0 devices.
I've reproduced this on multiple development boxes, so I'm pretty sure
it's not related to a flakey hardware setup.
Commit ids:2a266f23550be997d783f27e704b9b40c4010292
Target Kernel: 4.15
Target Release: 18.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1744637/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
