Re: kvm: GPF in kvm_irq_map_gsi

From: Paolo Bonzini
Date: Tue May 31 2016 - 05:56:21 EST




On 15/02/2016 14:30, Dmitry Vyukov wrote:
> *(uint32_t*)0x2000a6b9 = (uint32_t)0x3e;
> *(uint16_t*)0x2000a6bd = (uint16_t)0x8;
> *(uint8_t*)0x2000a6bf = (uint8_t)0x8d4;
> *(uint8_t*)0x2000a6c0 = (uint8_t)0xffffffffffff5fe9;
> *(uint8_t*)0x2000a6c1 = (uint8_t)0x80000001;
> *(uint8_t*)0x2000a6c2 = (uint8_t)0x0;
> *(uint8_t*)0x2000a6c3 = (uint8_t)0xbe2;
> *(uint8_t*)0x2000a6c4 = (uint8_t)0x9;
> *(uint8_t*)0x2000a6c5 = (uint8_t)0x7ff;
> *(uint8_t*)0x2000a6c6 = (uint8_t)0x1;
> *(uint8_t*)0x2000a6c7 = (uint8_t)0x1f;
> *(uint8_t*)0x2000a6c8 = (uint8_t)0x1d8;
> *(uint16_t*)0x2000a6c9 = (uint16_t)0x8;

This field (.channels[0].count_load_time) should be uint64_t. I
understand that it's all random, but it makes it even harder to follow
what's going on...

Thanks,

Paolo

> *(uint32_t*)0x2000a6cd = (uint32_t)0x736d;
> *(uint16_t*)0x2000a6d1 = (uint16_t)0x3;
> *(uint8_t*)0x2000a6d3 = (uint8_t)0xff;
> *(uint8_t*)0x2000a6d4 = (uint8_t)0x3;
> *(uint8_t*)0x2000a6d5 = (uint8_t)0xffffffffffff8000;
> *(uint8_t*)0x2000a6d6 = (uint8_t)0xc20;
> *(uint8_t*)0x2000a6d7 = (uint8_t)0x6;
> *(uint8_t*)0x2000a6d8 = (uint8_t)0x2;
> *(uint8_t*)0x2000a6d9 = (uint8_t)0x6;
> *(uint8_t*)0x2000a6da = (uint8_t)0x8;
> *(uint8_t*)0x2000a6db = (uint8_t)0x3;
> *(uint8_t*)0x2000a6dc = (uint8_t)0x1;
> *(uint16_t*)0x2000a6dd = (uint16_t)0xce;
> *(uint32_t*)0x2000a6e1 = (uint32_t)0xab85;
> *(uint16_t*)0x2000a6e5 = (uint16_t)0x0;
> *(uint8_t*)0x2000a6e7 = (uint8_t)0xa0e3;
> *(uint8_t*)0x2000a6e8 = (uint8_t)0x100000001;
> *(uint8_t*)0x2000a6e9 = (uint8_t)0x3;
> *(uint8_t*)0x2000a6ea = (uint8_t)0x1;
> *(uint8_t*)0x2000a6eb = (uint8_t)0x2;
> *(uint8_t*)0x2000a6ec = (uint8_t)0x1;
> *(uint8_t*)0x2000a6ed = (uint8_t)0x7ff;
> *(uint8_t*)0x2000a6ee = (uint8_t)0x2;
> *(uint8_t*)0x2000a6ef = (uint8_t)0x8a;
> *(uint8_t*)0x2000a6f0 = (uint8_t)0xca6;
> *(uint16_t*)0x2000a6f1 = (uint16_t)0x1;
> *(uint32_t*)0x2000a6f5 = (uint32_t)0x401;
> *(uint32_t*)0x2000a6f9 = (uint32_t)0x0;
> *(uint32_t*)0x2000a6fd = (uint32_t)0x0;
> *(uint32_t*)0x2000a701 = (uint32_t)0x0;
> *(uint32_t*)0x2000a705 = (uint32_t)0x0;
> *(uint32_t*)0x2000a709 = (uint32_t)0x0;
> *(uint32_t*)0x2000a70d = (uint32_t)0x0;
> *(uint32_t*)0x2000a711 = (uint32_t)0x0;
> *(uint32_t*)0x2000a715 = (uint32_t)0x0;
> *(uint32_t*)0x2000a719 = (uint32_t)0x0;
> r[71] =
> syscall(SYS_ioctl, r[3], 0x4070aea0ul, 0x2000a6b9ul, 0, 0, 0);
> break;
> case 6:
> r[72] = syscall(SYS_mmap, 0x2000e000ul, 0x1000ul, 0x3ul, 0x32ul,
> 0xfffffffffffffffful, 0x0ul);
> break;
> case 7:
> r[73] = syscall(SYS_ioctl, r[2], 0x5424ul, 0x2000e630ul, 0, 0, 0);
> break;
> }
> return 0;
> }
>
> int main()
> {
> long i;
> pthread_t th[8];
>
> srand(getpid());
> memset(r, -1, sizeof(r));
> for (i = 0; i < 8; i++) {
> pthread_create(&th[i], 0, thr, (void*)i);
> usleep(rand()%10000);
> }
> for (i = 0; i < 8; i++)
> pthread_join(th[i], 0);
> for (i = 0; i < 8; i++) {
> pthread_create(&th[i], 0, thr, (void*)i);
> if (rand()%2)
> usleep(rand()%10000);
> }
> for (i = 0; i < 8; i++)
> pthread_join(th[i], 0);
> return 0;
> }
>
>
> On commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95 (4.5-rc3)
>