Question on memory commit during MR finalize()

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question on memory commit during MR finalize()

From:	Peter Xu
Subject:	Question on memory commit during MR finalize()
Date:	Mon, 20 Apr 2020 17:00:49 -0400

Paolo & all,

After my recent rebase and changes to my local QEMU kvm-dirty-ring tree, I can
easily trigger a QEMU crash at boot with that:

  kvm_set_phys_mem: error registering slot: File exists

With backtrace:

#0  __GI_raise (sig=sig@entry=6) 
#1  0x00007f29559088d9 in __GI_abort () 
#2  0x000055ce0b39cd84 in kvm_set_phys_mem (kml=0x55ce0e1efeb8, 
section=0x7f294ae035b0, add=true) 
#3  0x000055ce0b39d5aa in kvm_region_add (listener=0x55ce0e1efeb8, 
section=0x7f294ae035b0) 
#4  0x000055ce0b388ae6 in address_space_update_topology_pass (as=0x55ce0bf129e0 
<address_space_memory>, old_view=0x55ce0ef8ae80, new_view=0x7f2944001c20, 
adding=true) 
#5  0x000055ce0b388dde in address_space_set_flatview (as=0x55ce0bf129e0 
<address_space_memory>) 
#6  0x000055ce0b388f85 in memory_region_transaction_commit () 
#7  0x000055ce0b38a8e4 in memory_region_finalize (obj=0x55ce0e52f700) 
#8  0x000055ce0b821de2 in object_deinit (obj=0x55ce0e52f700, 
type=0x55ce0de89d80) 
#9  0x000055ce0b821e54 in object_finalize (data=0x55ce0e52f700) 
#10 0x000055ce0b822e0f in object_unref (obj=0x55ce0e52f700) 
#11 0x000055ce0b32461c in phys_section_destroy (mr=0x55ce0e52f700) 
#12 0x000055ce0b324676 in phys_sections_free (map=0x55ce0e1bf7a0) 
#13 0x000055ce0b327d89 in address_space_dispatch_free (d=0x55ce0e1bf790) 
#14 0x000055ce0b3863f8 in flatview_destroy (view=0x55ce0e193ab0) 
#15 0x000055ce0b9a39cb in call_rcu_thread (opaque=0x0) 
#16 0x000055ce0b9899d9 in qemu_thread_start (args=0x55ce0de39a40) 
#17 0x00007f2955ab54e2 in start_thread (arg=<optimized out>) 
#18 0x00007f29559e4693 in clone () 

It's KVM_SET_USER_MEMORY_REGION returning -EEXIST.

I'm still uncertain how the dirty ring branch can easily trigger this, however
the backtrace looks really odd to me in that we're going to do memory commit
and even sending KVM ioctls during finalize(), especially in the RCU thread...
I never expected that.

I wanted to understand better on 2e2b8eb70f ("memory: allow destroying a
non-empty MemoryRegion", 2015-10-09), but the context didn't help much [1].  Do
any of you still remember why we do that?  Is it really what we want to send
KVM ioctls even in the RCU thread during finalize()?

Any input would be greatly welcomed.

Thanks,

[1] https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg00110.html

-- Peter Xu

[Prev in Thread]

Current Thread

[Next in Thread]

Question on memory commit during MR finalize(), Peter Xu <=
- Re: Question on memory commit during MR finalize(), Paolo Bonzini, 2020/04/20
  - Re: Question on memory commit during MR finalize(), Peter Xu, 2020/04/20
    - Re: Question on memory commit during MR finalize(), Paolo Bonzini, 2020/04/21
    - Re: Question on memory commit during MR finalize(), Peter Xu, 2020/04/21

Prev by Date: Re: [PATCH v1] target/m68k: fix gdb for m68xxx
Next by Date: Re: [PULL 0/3] ppc-for-5.0 queue 20200417
Previous by thread: [PATCH] target/arm: Implement SVE2 scatter store insns
Next by thread: Re: Question on memory commit during MR finalize()
Index(es):
- Date
- Thread