View Issue Details

IDProjectCategoryView StatusLast Update
0007998CentOS-7kernelpublic2014-12-15 12:43
Reporterr0mr0m Assigned To 
PrioritynormalSeveritycrashReproducibilityrandom
Status newResolutionopen 
Product Version7.0-1406 
Summary0007998: KVM: eventfd: Fix lock order inversion.
Description
There is a race during guest's shutdown...

And upstream patch which fixes this issue and would be good if it can be applied in the coming version.

Upstream patch:
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/virt/kvm/eventfd.c?id=684a0b719ddbbafe1c7e6646b9bc239453a1773d

Error log:

[ 268.949297] ======================================================
[ 268.949298] [ INFO: possible circular locking dependency detected ]
[ 268.949299] 3.10.0-123.6.3.el7.x86_64.debug #1 Tainted: G O--------------
[ 268.949300] -------------------------------------------------------
[ 268.949301] qemu-kvm/3344 is trying to acquire lock:
[ 268.949320] (&(&kvm->irqfds.lock)->rlock){......}, at: [<ffffffffa051cf9f>] irqfd_wakeup+0x4f/0x240 [kvm]
[ 268.949320] but task is already holding lock:
[ 268.949324] (&ctx->wqh#2){......}, at: [<ffffffff810ab503>] __wake_up+0x23/0x50
[ 268.949324]
which lock already depends on the new lock.

[ 268.949325]
the existing dependency chain (in reverse order) is:
[ 268.949326]
-> #1 (&ctx->wqh#2){......}:
[ 268.949330] [<ffffffff810ea2bb>] validate_chain.isra.43+0x49b/0x900
[ 268.949345] [<ffffffff810eb5b6>] __lock_acquire+0x3c6/0xb60
[ 268.949346] [<ffffffff810ec544>] lock_acquire+0xa4/0x1f0
[ 268.949350] [<ffffffff8171102e>] _raw_spin_lock_irqsave+0x5e/0xa0
[ 268.949353] [<ffffffff8109f17c>] add_wait_queue+0x1c/0x50
[ 268.949362] [<ffffffffa051ca18>] irqfd_ptable_queue_proc+0x18/0x20 [kvm]
[ 268.949366] [<ffffffff81252d22>] eventfd_poll+0x32/0x90
[ 268.949374] [<ffffffffa051d6a6>] kvm_irqfd+0x486/0x610 [kvm]
[ 268.949382] [<ffffffffa050dfea>] kvm_vm_ioctl+0x63a/0x870 [kvm]
[ 268.949385] [<ffffffff81212475>] do_vfs_ioctl+0x305/0x530
[ 268.949386] [<ffffffff81212741>] SyS_ioctl+0xa1/0xc0
[ 268.949389] [<ffffffff8171b199>] system_call_fastpath+0x16/0x1b
[ 268.949390]
-> #0 (&(&kvm->irqfds.lock)->rlock){......}:
[ 268.949392] [<ffffffff810e9e17>] check_prevs_add+0x9a7/0x9b0
[ 268.949393] [<ffffffff810ea2bb>] validate_chain.isra.43+0x49b/0x900
[ 268.949395] [<ffffffff810eb5b6>] __lock_acquire+0x3c6/0xb60
[ 268.949396] [<ffffffff810ec544>] lock_acquire+0xa4/0x1f0
[ 268.949398] [<ffffffff8171102e>] _raw_spin_lock_irqsave+0x5e/0xa0
[ 268.949406] [<ffffffffa051cf9f>] irqfd_wakeup+0x4f/0x240 [kvm]
[ 268.949409] [<ffffffff810a9968>] __wake_up_common+0x58/0x90
[ 268.949410] [<ffffffff810ab519>] __wake_up+0x39/0x50
[ 268.949412] [<ffffffff81253429>] eventfd_release+0x29/0x50
[ 268.949414] [<ffffffff811ff022>] __fput+0x102/0x310
[ 268.949415] [<ffffffff811ff30e>] ____fput+0xe/0x10
[ 268.949417] [<ffffffff8109a394>] task_work_run+0xb4/0xe0
[ 268.949420] [<ffffffff81073af2>] do_exit+0x302/0xc60
[ 268.949421] [<ffffffff810744dc>] do_group_exit+0x4c/0xc0
[ 268.949424] [<ffffffff81088201>] get_signal_to_deliver+0x2e1/0x970
[ 268.949427] [<ffffffff8101a4c7>] do_signal+0x57/0x610
[ 268.949429] [<ffffffff8101aaf1>] do_notify_resume+0x71/0xc0
[ 268.949431] [<ffffffff8171b4d2>] int_signal+0x12/0x17
[ 268.949431]
Steps To ReproduceRacy, but might happen on failure during live migration.
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2014-12-15 12:43 r0mr0m New Issue