[Qemu-devel] [questions] host panic happened when kvm guest access the memory which was provided by host remap_pfn_range page to qemu

Zhang Haoyu Wed, 16 Apr 2014 01:34:25 -0700

Hi, all

I provide host's memory to guest by remap_pfn_range host page to qemu, and when 
guest access the page, host paniced.


host code:
static int my_mmap(struct file *filep, struct vm_area_struct *vma)
{
    int ret;
    unsigned long page;

    if (vma->vm_end < vma->vm_start)
        return -EINVAL;

    page = __get_free_page(GFP_KERNEL);
    if (!page)
        return -ENOMEM;

    ret = remap_pfn_range(vma, vma->vm_start, page >> PAGE_SHIFT, PAGE_SIZE, 
vma->vm_page_prot);
    return ret;
}

qemu code:
#define PC_SHMEM_PHY_ADDR 0xfeff8000
MemoryRegion *my_shmem_region = NULL;
static void pc_share_memory_init(MemoryRegion *system_memory)
{
    int fd;
    void *ptr;

    fd = open("/dev/g2h", O_RDWR);
    if (fd < 0)
        return;

    ptr = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | 
MAP_LOCKED, fd, 0);
    if(!ptr) {
        close(fd);
        return;
    }

    my_shmem_region = g_malloc(sizeof(*my_shmem_region));
    memory_region_init_ram_ptr(my_shmem_region, "share.ram", PAGE_SIZE, ptr);
    vmstate_register_ram_global(my_shmem_region);
    memory_region_add_subregion(system_memory, PC_SHMEM_PHY_ADDR, 
my_shmem_region);

    e820_add_entry(PC_SHMEM_PHY_ADDR, PAGE_SIZE, E820_RESERVED);
    return;
}

guest:
mapping the PC_SHMEM_PHY_ADDR, when access it, host paniced, [cut here] shown 
as below,

[    0.892825] ------------[ cut here ]------------
[    0.892850] kernel BUG at arch/x86/kvm/../../../virt/kvm/kvm_main.c:1346!
[    0.892876] invalid opcode: 0000 [#1] SMP
[    0.892934] Modules linked in: tun g2h_main(O) nfsv4 fuse nfsd auth_rpcgss 
nfs_acl nfs lockd dns_resolver fscache sunrpc xt_tcpudp nf_conntrack_ipv4 
nf_defrag_ipv4
[    0.894519] CPU 0
[    0.894541] Pid: 21808, comm: kvm Tainted: G           O 3.9.7 #25 Gigabyte 
Technology Co., Ltd. To be filled by O.E.M./B75M-D3V
[    0.894590] RIP: 0010:[<ffffffffa097d06e>]  [<ffffffffa097d06e>] 
__gfn_to_pfn_memslot+0x2e6/0x355 [kvm]
[    0.894660] RSP: 0018:ffff8803a54dbb38  EFLAGS: 00010246
[    0.894693] RAX: 0000000000000000 RBX: 00007f37902be000 RCX: ffff88041e5dd000
[    0.894728] RDX: ffffea0000000000 RSI: 0000000000000046 RDI: ffffea0000000000
[    0.894763] RBP: 00000000000fef00 R08: 0000000000000002 R09: 0000000000000000
[    0.894798] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8803a54dbc4b
[    0.894833] R13: ffff8803a55ebac8 R14: 0000000000000000 R15: ffff8803a56b8301
[    0.894868] FS:  00007f3784534700(0000) GS:ffff88041e200000(0000) 
knlGS:0000000000000000
[    0.894913] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.894956] CR2: 0000000001c4fc1c CR3: 00000003ab076000 CR4: 00000000001427e0
[    0.895000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.895035] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    0.895070] Process kvm (pid: 21808, threadinfo ffff8803a54da000, task 
ffff8803ca961000)
[    0.895114] Stack:
[    0.895143]  ffff8803a54dbbb8 0000000000000001 ffff8803a54dbbb7 
00ffffff00000000
[    0.895256]  ffff8803a5588000 ffffffffa097d11d 000000000003fe37 
ffff8803a5588000
[    0.895374]  00000000000feff8 0000000000000000 00000000feff8000 
ffff8803a54dbc50
[    0.895487] Call Trace:
[    0.895522]  [<ffffffffa097d11d>] ? __gfn_to_pfn+0x2b/0x50 [kvm]
[    0.895565]  [<ffffffffa09927ee>] ? try_async_pf+0x38/0x1a1 [kvm]
[    0.895603]  [<ffffffffa097cd4d>] ? kvm_host_page_size+0x73/0x7b [kvm]
[    0.895643]  [<ffffffffa099752e>] ? tdp_page_fault+0xf1/0x1ee [kvm]
[    0.895682]  [<ffffffffa0993aee>] ? kvm_mmu_page_fault+0x1e/0xbb [kvm]
[    0.895719]  [<ffffffffa0a17cb9>] ? vmx_handle_exit+0x730/0x776 [kvm_intel]
[    0.895756]  [<ffffffff8149c09c>] ? _raw_spin_unlock_irqrestore+0xc/0xd
[    0.895792]  [<ffffffff813d15b5>] ? skb_dequeue+0x50/0x58
[    0.895827]  [<ffffffff81048aaf>] ? recalc_sigpending+0x12/0x41
[    0.895863]  [<ffffffffa0a16d28>] ? vmx_vcpu_run+0x38a/0x464 [kvm_intel]
[    0.895902]  [<ffffffffa099fc19>] ? apic_update_ppr+0x15/0x74 [kvm]
[    0.895941]  [<ffffffffa09a5a29>] ? e1000_check_irq_ignore+0xfa/0x129 [kvm]
[    0.895981]  [<ffffffffa0990174>] ? kvm_arch_vcpu_ioctl_run+0xb3e/0xec5 [kvm]
[    0.896021]  [<ffffffffa098b737>] ? kvm_arch_vcpu_load+0xc1/0x18c [kvm]
[    0.896058]  [<ffffffffa097c0d3>] ? kvm_vcpu_ioctl+0x118/0x462 [kvm]
[    0.896094]  [<ffffffff8110e9a6>] ? vfs_ioctl+0x1e/0x31
[    0.896128]  [<ffffffff8110f17d>] ? do_vfs_ioctl+0x3ae/0x3f0
[    0.896163]  [<ffffffff81100d48>] ? vfs_read+0x93/0xf5
[    0.896196]  [<ffffffff81101f69>] ? fput+0xf/0xac
[    0.896229]  [<ffffffff8110f20c>] ? sys_ioctl+0x4d/0x7d
[    0.896263]  [<ffffffff814a23e9>] ? system_call_fastpath+0x16/0x1b
[    0.896296] Code: 8a 9b a0 31 c0 e8 92 79 b1 e0 49 8b b5 98 00 00 00 48 c7 
c7 e2 8a 9b a0 31 c0 e8 7d 79 b1 e0 4c 89 f7 e8 05 ed ff ff 84 c0 75 1e <0f> 0b 
45 84 ff
[    0.897491] RIP  [<ffffffffa097d06e>] __gfn_to_pfn_memslot+0x2e6/0x355 [kvm]
[    0.897545]  RSP <ffff8803a54dbb38>

Any ideas?

Thanks,
Zhang Haoyu

[Qemu-devel] [questions] host panic happened when kvm guest access the memory which was provided by host remap_pfn_range page to qemu

Reply via email to