The QEMU project is currently moving its bug tracking to another system.
For this we need to know which bugs are still valid and which could be
closed already. Thus we are setting older bugs to "Incomplete" now.
If the bug has already been fixed in the latest upstream version of QEMU,
then please close this ticket as "Fix released".
If it is not fixed yet and you think that this bug report here is still
valid, then you have two options:
1) If you already have an account on gitlab.com, please open a new ticket
for this problem in our new tracker here:
https://gitlab.com/qemu-project/qemu/-/issues
and then close this ticket here on Launchpad (or let it expire auto-
matically after 60 days). Please mention the URL of this bug ticket on
Launchpad in the new ticket on GitLab.
2) If you don't have an account on gitlab.com and don't intend to get
one, but still would like to keep this ticket opened, then please switch
the state back to "New" within the next 60 days (otherwise it will get
closed as "Expired"). We will then eventually migrate the ticket auto-
matically to the new system (but you won't be the reporter of the bug
in the new system and thus won't get notified on changes anymore).
Thank you and sorry for the inconvenience.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1885175
Title:
memory.c range assertion hit at full invalidating
Status in QEMU:
Incomplete
Bug description:
I am able to hit this assertion when a Red Hat 7 guest virtio_net
device raises an "Invalidation" of all the TLB entries. This happens
in the guest's startup if 'intel_iommu=on' argument is passed to the
guest kernel and right IOMMU/ATS devices are declared in qemu's
command line.
Command line: /home/qemu/x86_64-softmmu/qemu-system-x86_64 -name
guest=rhel7-test,debug-threads=on -machine
pc-q35-5.1,accel=kvm,usb=off,dump-guest-core=off,kernel_irqchip=split
-cpu
Broadwell,vme=on,ss=on,vmx=on,f16c=on,rdrand=on,hypervisor=on,arat=on
,tsc-adjust=on,umip=on,arch-
capabilities=on,xsaveopt=on,pdpe1gb=on,abm=on,skip-l1dfl-
vmentry=on,rtm=on,hle=on -m 8096 -realtime mlock=off -smp
2,sockets=2,cores=1,threads=1 -uuid d022ecbf-679e-4755-87ce-
eb87fc5bbc5d -display none -no-user-config -nodefaults -rtc
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet
-no-shutdown -global ICH9-LPC.disable_s3=1 -global
ICH9-LPC.disable_s4=1 -boot strict=on -device intel-iommu,intremap=on
,device-iotlb=on -device pcie-root-
port,port=0x8,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x1
-device pcie-root-
port,port=0x9,chassis=2,id=pci.2,bus=pcie.0,addr=0x1.0x1 -device pcie-
root-port,port=0xa,chassis=3,id=pci.3,bus=pcie.0,addr=0x1.0x2 -device
pcie-root-port,port=0xb,chassis=4,id=pci.4,bus=pcie.0,addr=0x1.0x3
-device pcie-root-
port,port=0xc,chassis=5,id=pci.5,bus=pcie.0,addr=0x1.0x4 -device pcie-
root-port,port=0xd,chassis=6,id=pci.6,bus=pcie.0,addr=0x1.0x5 -device
pcie-root-port,port=0xe,chassis=7,id=pci.7,bus=pcie.0,addr=0x1.0x6
-device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device
virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -drive
file=/home/virtio-test2.qcow2,format=qcow2,if=none,id=drive-virtio-
disk0 -device virtio-blk-pci,scsi=off,bus=pci.4,addr=0x0,drive=drive-
virtio-disk0,id=virtio-disk0,bootindex=1 -netdev
tap,id=hostnet0,vhost=on,vhostforce=on -device virtio-net-
pci,netdev=hostnet0,id=net0,mac=52:54:00:0d:1d:f2,bus=pci.1,addr=0x0,iommu_platform=on,ats=on
-device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object rng-
random,id=objrng0,filename=/dev/urandom -device virtio-rng-
pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -s -msg timestamp=on
Full backtrace:
#0 0x00007ffff521370f in raise () at /lib64/libc.so.6
#1 0x00007ffff51fdb25 in abort () at /lib64/libc.so.6
#2 0x00007ffff51fd9f9 in _nl_load_domain.cold.0 () at /lib64/libc.so.6
#3 0x00007ffff520bcc6 in .annobin_assert.c_end () at /lib64/libc.so.6
#4 0x0000555555888171 in memory_region_notify_one (notifier=0x7ffde05dfde8,
entry=0x7ffde5dfe200) at /home/qemu/memory.c:1918
#5 0x0000555555888247 in memory_region_notify_iommu
(iommu_mr=0x555556f6c0b0, iommu_idx=0, entry=...) at /home/qemu/memory.c:1941
#6 0x0000555555951c8d in vtd_process_device_iotlb_desc (s=0x555557609000,
inv_desc=0x7ffde5dfe2d0)
at /home/qemu/hw/i386/intel_iommu.c:2468
#7 0x0000555555951e6a in vtd_process_inv_desc (s=0x555557609000) at
/home/qemu/hw/i386/intel_iommu.c:2531
#8 0x0000555555951fa5 in vtd_fetch_inv_desc (s=0x555557609000) at
/home/qemu/hw/i386/intel_iommu.c:2563
#9 0x00005555559520e5 in vtd_handle_iqt_write (s=0x555557609000) at
/home/qemu/hw/i386/intel_iommu.c:2590
#10 0x0000555555952b45 in vtd_mem_write (opaque=0x555557609000, addr=136,
val=2688, size=4) at /home/qemu/hw/i386/intel_iommu.c:2837
#11 0x0000555555883e17 in memory_region_write_accessor
(mr=0x555557609330, addr=136, value=0x7ffde5dfe478, size=4, shift=0,
mask=4294967295, attrs=...) at /home/qemu/memory.c:483
#12 0x000055555588401d in access_with_adjusted_size
(addr=136, value=0x7ffde5dfe478, size=4, access_size_min=4,
access_size_max=8, access_fn=
0x555555883d38 <memory_region_write_accessor>, mr=0x555557609330,
attrs=...) at /home/qemu/memory.c:544
#13 0x0000555555886f37 in memory_region_dispatch_write (mr=0x555557609330,
addr=136, data=2688, op=MO_32, attrs=...)
at /home/qemu/memory.c:1476
#14 0x0000555555827a03 in flatview_write_continue
(fv=0x7ffde00935d0, addr=4275634312, attrs=..., ptr=0x7ffff7ff0028,
len=4, addr1=136, l=4, mr=0x555557609330) at /home/qemu/exec.c:3146
#15 0x0000555555827b48 in flatview_write (fv=0x7ffde00935d0, addr=4275634312,
attrs=..., buf=0x7ffff7ff0028, len=4)
at /home/qemu/exec.c:3186
#16 0x0000555555827e9d in address_space_write
(as=0x5555567ca640 <address_space_memory>, addr=4275634312, attrs=...,
buf=0x7ffff7ff0028, len=4) at /home/qemu/exec.c:3277
#17 0x0000555555827f0a in address_space_rw
(as=0x5555567ca640 <address_space_memory>, addr=4275634312, attrs=...,
buf=0x7ffff7ff0028, len=4, is_write=true)
at /home/qemu/exec.c:3287
#18 0x000055555589b633 in kvm_cpu_exec (cpu=0x555556b65640) at
/home/qemu/accel/kvm/kvm-all.c:2511
#19 0x0000555555876ba8 in qemu_kvm_cpu_thread_fn (arg=0x555556b65640) at
/home/qemu/cpus.c:1284
#20 0x0000555555dafff1 in qemu_thread_start (args=0x555556b8c3b0) at
util/qemu-thread-posix.c:521
#21 0x00007ffff55a62de in start_thread () at /lib64/libpthread.so.0
#22 0x00007ffff52d7e83 in clone () at /lib64/libc.so.6
--
If we examinate *entry in frame 4 of backtrace:
*entry = {target_as = 0x555556f6c050, iova = 0x0, translated_addr = 0x0,
addr_mask = 0xffffffffffffffff, perm = 0x0}
Which (I think) tries to invalidate all the TLB registers of the
device.
Just deleting that assert is enough for the VM to start and
communicate using IOMMU, but maybe a better alternative is possible.
We could move it to the caller functions in other cases than IOMMU
invalidation, or make it conditional only if not invalidating.
Guest kernel version: kernel-3.10.0-1151.el7.x86_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1885175/+subscriptions
