[Devel] double faults in Virtuozzo KVM

Roman Kagan rkagan at virtuozzo.com
Thu Sep 28 18:27:36 MSK 2017 

On Thu, Sep 28, 2017 at 05:55:51PM +0300, Denis Kirjanov wrote:
> Hi, we're seeing double faults in async_page_fault.

async_page_fault is the #PF handler in KVM guests.  It filters out
specially crafted #PF's from the host; the rest fall through to the
regular #PF handler.  So most likely you're seeing genuine #PFs,
unrelated to virtualization.

> _Some_ of them related to the fact that during the faults RSP points
> to userspace and it leads to double-fault scenario.

The postmortem you quote doesn't support that.

> Is it known problem?

There used to be a bug in async pagefault machinery which caused L0
hypervisor to inject async pagefaults into L2 guest instead of L1.  This
must've been fixed in sufficiently recent vzkernels.

I'd guess the problem is with your kernel.  Doesn't it reproduce on bare
metal?


> [11587.895394] Hardware name: Virtuozzo KVM, BIOS 1.9.1-5.3.2.vz7.6 04/01/2014
> [11587.895394] task: ffff88020bee0000 ti: ffff880204b60000 task.ti:
> ffff880204b60000
> [11587.895394] RIP: 0010:[<ffffffff816a1bdd>]  [<ffffffff816a1bdd>]
> async_page_fault+0xd/0x30
> [11587.895394] RSP: 002b:ffff880234f61fd8  EFLAGS: 00010096
> [11587.895394] RAX: 00000000816a192c RBX: 0000000000000001 RCX: ffffffff816a192c
> [11587.895394] RDX: ffff88023fc03fc0 RSI: 0000000000000000 RDI: ffff880234f62098
> [11587.895394] RBP: ffff880234f62088 R08: ffff88023fbfffc0 R09: ffff88003642af00
> [11587.895394] R10: 0000000000008000 R11: 0000000000000000 R12: ffff88023fc04f58
> [11587.895394] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000000
> [11587.895394] FS:  00007ff80ffc1880(0000) GS:ffff88023fc00000(0000)
> knlGS:0000000000000000
> [11587.895394] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [11587.895394] CR2: ffff880234f61fc8 CR3: 00000000b9436000 CR4: 00000000000007f0
> [11587.895394] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [11587.895394] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [11587.895394] Stack:
> [11587.895394]  0000c7e9e11c7f44 0000270f05836600 906666906666fb02
> be00000001b9d231
> [11587.895394]  e8df8948ffffffff 0000000231a6fba8 0001000000000008
> 0000000000000000
> [11587.895394]  0002000000000000 0000000000000000 0003000000000000
> 0000000000000000
> [11587.895394] Call Trace:
> [11587.895394] Code: 48 89 e7 48 8b 74 24 78 48 c7 44 24 78 ff ff ff
> ff e8 78 3d 00 00 e9 33 02 00 00 0f 1f 00 66 66 90 66 66 90 66 66 90
> 48 83 ec 78 <e8> 7e 01 00 00 48 89 e7 48 8b 74 24 78 48 c7 44 24 78 ff
> ff ff
> [11587.895394] RIP  [<ffffffff816a1bdd>] async_page_fault+0xd/0x30
> [11587.895394]  RSP <ffff880234f61fd8>

Roman.

More information about the Devel mailing list