On Fr, 2016-11-11 at 17:28 +0100, Jiri Slaby wrote:> On 11/09/2016, 09:01 AM, Gerd Hoffmann wrote: > > On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote: > >> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote: > >>> Hi, > >>> > >>> I can relatively easily reproduce this bug: > > > > How? > > Run dmesg -w in the qemu window (virtio_gpu) to see a lot of output. > Run pps [1] without exit(0); on e.g. serial console. > Wait a bit. The lot of output causes the BUG. > > [1] https://github.com/jirislaby/collected_sources/blob/master/pps.cDoesn't reproduce here. Running "while true; do dmesg; done" on the virtio-gpu fbcon. Running the pps fork bomb on the serial console. Can watch dmesg printing the kernel messages over and over, until the shell can't spawn dmesg any more due to the fork bomb hitting the process limit. No BUG() triggered. Tried spice, gtk and sdl. Hmm. Any ideas what else might be needed to reproduce it? cheers, Gerd
sparse produces these warnings: drivers/gpu/drm/virtio/virtgpu_fb.c:340:27: warning: incorrect type in assignment (different address spaces) drivers/gpu/drm/virtio/virtgpu_fb.c:340:27: expected char [noderef] <asn:2>*screen_base drivers/gpu/drm/virtio/virtgpu_fb.c:340:27: got void *vmap This is because the expected type is void __iomem *, while virtio gpu object is void *vmap. We could just cast the warning away but I'm not sure this is not a symptom of an actual problem. For example, might some code call iounmap on this address? -- MST
On Do, 2016-11-24 at 04:57 +0200, Michael S. Tsirkin wrote:> sparse produces these warnings: > > drivers/gpu/drm/virtio/virtgpu_fb.c:340:27: warning: incorrect type in > assignment (different address spaces) > drivers/gpu/drm/virtio/virtgpu_fb.c:340:27: expected char [noderef] > <asn:2>*screen_base > drivers/gpu/drm/virtio/virtgpu_fb.c:340:27: got void *vmap > > This is because the expected type is void __iomem *, while > virtio gpu object is void *vmap. > > We could just cast the warning away but I'm not sure this > is not a symptom of an actual problem. For example, might > some code call iounmap on this address?Nobody is ever going to unmap that, the kernel will simply use given address to access the framebuffer. Actually it looks like this (in include/linux/fb.h): union { char __iomem *screen_base; /* Virtual address */ char *screen_buffer; }; and given that the virtio always uses normal ram as backing storage for the framebuffer we should simply s/screen_base/screen_buffer/. I'll go prepare a patch. cheers, Gerd
On 11/16/2016, 02:12 PM, Gerd Hoffmann wrote:> On Fr, 2016-11-11 at 17:28 +0100, Jiri Slaby wrote: >> On 11/09/2016, 09:01 AM, Gerd Hoffmann wrote: >>> On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote: >>>> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote: >>>>> Hi, >>>>> >>>>> I can relatively easily reproduce this bug: >>> >>> How? >> >> Run dmesg -w in the qemu window (virtio_gpu) to see a lot of output. >> Run pps [1] without exit(0); on e.g. serial console. >> Wait a bit. The lot of output causes the BUG. >> >> [1] https://github.com/jirislaby/collected_sources/blob/master/pps.c > > Doesn't reproduce here. > > Running "while true; do dmesg; done" on the virtio-gpu fbcon. > Running the pps fork bomb on the serial console. > > Can watch dmesg printing the kernel messages over and over, until the > shell can't spawn dmesg any more due to the fork bomb hitting the > process limit. No BUG() triggered. > > Tried spice, gtk and sdl. > > Hmm. > > Any ideas what else might be needed to reproduce it?I can reproduce even with count = 32 :(. And without the fork bomb (i.e. with the code from the repository). This is how I start qemu: /usr/bin/qemu-system-x86_64 -machine accel=kvm -k en-us -smp 4 -m 2371 -usb -device virtio-rng-pci -drive file=/home/new/suse-fact.img,format=raw,discard=unmap,if=none,id=hd -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=hd -soundhw hda -net user,tftp=/home/xslaby/tftp,bootfile=/pxelinux.0,hostfwd=tcp::2222-:22,hostfwd=tcp::3632-:3632 -net nic,model=virtio -serial pty -balloon virtio -device virtio-tablet-pci -vga virtio -kernel /home/latest/my/arch/x86/boot/bzImage -append root=/dev/sda1 console=ttyS0,115200 loglevel=debug -snapshot I do dmesg -w # on the console and on serial console: while :; do for aa in `seq 1 10`; do ./pps & done; wait; done Note the latter can cause interrupt "storm" (~ 700 irqs per second) as much output is generated. This can lead to some race condition. serial is on IRQ4 and virtio gpu on IRQ10 which has lower priority AFAIK. thanks, -- js suse labs