Using kvm with the ebuild provided modules crashes kvm and gives a weird kernel BUG: PAX: kvm:17402, uid/euid: 1000/1000, attempted to modify kernel code BUG: unable to handle kernel paging request at ffffffff8074f045 IP: [<ffffffffa016a09b>] 0xffffffffa016a09b PGD 744067 PUD 74d063 PMD 6001e1 Oops: 0003 [#4] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:01:01.0/resource CPU 1 Modules linked in: kvm_intel kvm [last unloaded: kvm] Pid: 17402, comm: kvm Tainted: G D 2.6.28-hardened-r6 #1 RIP: 0010:[<ffffffffa016a09b>] [<ffffffffa016a09b>] 0xffffffffa016a09b RSP: 0018:ffff88006c0f1d28 EFLAGS: 00010202 RAX: 0000000000000089 RBX: ffff88003e570000 RCX: ffff88004fcc4680 RDX: ffffffff8074f000 RSI: 0000000000000000 RDI: ffff88003e570000 RBP: ffff88003e570000 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: ffffffffa016a560 R12: 00000000fffffffc R13: ffff8800479c5000 R14: ffff88003e5716a8 R15: ffffffff80b414e0 FS: 0000000042067950(0063) GS:ffff88007f802880(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff8074f045 CR3: 000000003f5b0000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process kvm (pid: 17402, threadinfo ffff88006c0f0000, task ffff88003e5ba220) Stack: ffff8074f000ffff ffffffffffffffff 0000000000000296 ffffffffa014590e ffff88003e570000 ffffffffa01455e9 ffff88007942fa00 ffffffffa014a859 ffffffff80b414e0 0000000000000000 0000000000000000 0000000000000000 Call Trace: [<ffffffffa014590e>] ? 0xffffffffa014590e [<ffffffffa01455e9>] ? 0xffffffffa01455e9 [<ffffffffa014a859>] ? 0xffffffffa014a859 [<ffffffffa01428e8>] ? 0xffffffffa01428e8 [<ffffffff80282184>] ? 0xffffffff80282184 [<ffffffffa014588a>] ? 0xffffffffa014588a [<ffffffffa01446ad>] ? 0xffffffffa01446ad [<ffffffff802aa06f>] ? 0xffffffff802aa06f [<ffffffff802aa16c>] ? 0xffffffff802aa16c [<ffffffff80256c34>] ? 0xffffffff80256c34 [<ffffffff802aa5f1>] ? 0xffffffff802aa5f1 [<ffffffff8020291b>] ? 0xffffffff8020291b Code: 78 d0 8e af 16 28 00 00 b9 01 01 00 c0 48 89 c2 48 c1 ea 20 0f 30 56 9d 0f 01 04 24 48 8b 54 24 02 0f b6 42 45 83 e0 f0 83 c8 09 <88> 42 45 0f 20 c2 48 89 d0 48 25 ff ff fe ff 0f 22 c0 b8 40 00 RIP [<ffffffffa016a09b>] 0xffffffffa016a09b RSP <ffff88006c0f1d28> CR2: ffffffff8074f045 ---[ end trace ac79d224e314f749 ]--- Using the kernel provided modules, on the other hand, works nicely. Reproducible: Always Steps to Reproduce: 1. Build kvm with the modules use flag 2. Disable the builtin kernel modules 3. Load the kvm-intel module 4. Try to run kvm Actual Results: kvm crashes Expected Results: kvm works smoothly emerge --info: Portage 2.1.6.7 (hardened/amd64/multilib, gcc-4.3.3, glibc-2.8_p20080602-r3, 2.6.28-hardened-r6 x86_64) ================================================================= System uname: Linux-2.6.28-hardened-r6-x86_64-Intel-R-_Core-TM-2_CPU_6320_@_1.86GHz-with-glibc2.4 Timestamp of tree: Sun, 29 Mar 2009 02:15:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.7 dev-lang/python: 2.5.2-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.7.9-r1, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r4 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fweb -frename-registers -fomit-frame-pointer -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -march=core2" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -fweb -frename-registers -fomit-frame-pointer -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -march=core2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks fixpackages metadata-transfer parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://cesium.di.uminho.pt/pub/gentoo/" LANG="es_ES.UTF-8" LDFLAGS="" LINGUAS="es es_ES" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/xake-toolchain /usr/portage/local/bouml-portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl alsa amd64 bash-completion berkdb bzip2 cracklib crypt cxx gdbm gpm hal hardened iconv justify kde midi multilib ncurses nls nptl nptlonly openmp pam pic qt3 readline sse sse2 sse3 ssl tcpd unicode urandom xinerama xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="es es_ES" USERLAND="GNU" VIDEO_CARDS="v4l vesa vga" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Is this still an issue with newer versions?
Yes: with kvm-88-r1 loaded kvm module (kvm-kmod-devel-88) PAX: kvm:27966, uid/euid: 1000/1000, attempted to modify kernel code BUG: unable to handle kernel paging request at ffffffff80795045 IP: [<ffffffffa00af08f>] 0xffffffffa00af08f PGD 78b067 PUD 794063 PMD 6001e1 Oops: 0003 [#1] SMP last sysfs file: /sys/class/misc/kvm/dev CPU 0 Modules linked in: kvm_intel kvm fuse radeon drm [last unloaded: kvm] Pid: 27966, comm: kvm Not tainted 2.6.28-hardened-r9 #2 RIP: 0010:[<ffffffffa00af08f>] [<ffffffffa00af08f>] 0xffffffffa00af08f RSP: 0018:ffff88007d09bd18 EFLAGS: 00010202 RAX: 0000000000000089 RBX: ffff880058c88000 RCX: 0000000000000000 RDX: ffffffff80795000 RSI: 0000000000000000 RDI: ffff880058c88000 RBP: ffff880058c88000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88006a1cb000 R14: ffff880058c88051 R15: 0000000000000000 FS: 0000695d0f59b950(0000) GS:ffffffff80b5b040(0000) knlGS:0000000000000000 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: ffffffff80795045 CR3: 000000007d080000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process kvm (pid: 27966, threadinfo ffff88007d09a000, task ffff88006220d550) Stack: ffff80795000ffff ffff88006a1cffff 0000000000000292 ffffffffa00891be ffff880058c88000 ffffffffa0088e99 ffff880068947f00 ffffffffa008df75 ffffffff80baedb0 ffffffff80b4f4e0 0000000000000000 0000000000000000 Call Trace: [<ffffffffa00891be>] ? 0xffffffffa00891be [<ffffffffa0088e99>] ? 0xffffffffa0088e99 [<ffffffffa008df75>] ? 0xffffffffa008df75 [<ffffffffa0085992>] ? 0xffffffffa0085992 [<ffffffff8023f841>] ? 0xffffffff8023f841 [<ffffffff8024135c>] ? 0xffffffff8024135c [<ffffffff802aa0ef>] ? 0xffffffff802aa0ef [<ffffffff802aa1ec>] ? 0xffffffff802aa1ec [<ffffffff8040bcc1>] ? 0xffffffff8040bcc1 [<ffffffff802aa671>] ? 0xffffffff802aa671 [<ffffffff8020291b>] ? 0xffffffff8020291b Code: 78 d0 49 89 c1 0f 78 d0 b9 01 01 00 c0 49 c1 e9 20 44 89 ca 0f 30 56 9d 0f 01 04 24 48 8b 54 24 02 0f b6 42 45 83 e0 f0 83 c8 09 <88> 42 45 0f 20 c2 48 89 d0 48 25 ff ff fe ff 0f 22 c0 b8 40 00 RIP [<ffffffffa00af08f>] 0xffffffffa00af08f RSP <ffff88007d09bd18> CR2: ffffffff80795045 ---[ end trace 954dedb0a91671dd ]---
Are you using kvm-kmod or modules from the kernel, and in that case, have you tried compile the modules from your kernel?
This only happens with kvm-kmod modules, modules form the kernel work fine but there are odd Kernel Panics under heavy network load.
http://blog.cardoe.com/archives/2009/11/22/kvm-changes-in-gentoo Here Cardoe states that he (as current maintainer of qemu-kvm (former kvm) will not support external kernel modules (e.i. kvm-kmod). As of such this bug maybe should be closed as wontfix? Please retry with app-emulation/qemu-kvm, and the proper modules compiled into/from your current kernel and see if your problem with the network is fixed if they (as I read you comment) appeares with the module from your kernel tree. And if it does, please file a new bug as this current (afaics) is about a problem with the kvm-kmod package.
(In reply to comment #5) > http://blog.cardoe.com/archives/2009/11/22/kvm-changes-in-gentoo > > Here Cardoe states that he (as current maintainer of qemu-kvm (former kvm) will > not support external kernel modules (e.i. kvm-kmod). > As of such this bug maybe should be closed as wontfix? In the end I've added kvm-kmod to the tree and fixed a few issues. Please confirm if this still happens with the newer versions.
Hi Doug, The new kvm-kmod seems to not be working properly still, though maybe the fact that the hardened kernel is still a 2.6.28 has something to see. Here is the output: loaded kvm module (kvm-kmod-2.6.32.7) PAX: kvm:5555, uid/euid: 1000/1000, attempted to modify kernel code BUG: unable to handle kernel paging request at ffffffff806e5045 IP: [<ffffffffa00ae085>] 0xffffffffa00ae085 PGD 6da067 PUD 6e3063 PMD 6001e1 Oops: 0003 [#1] SMP last sysfs file: /sys/devices/virtual/misc/kvm/dev CPU 1 Modules linked in: kvm_intel kvm fuse radeon drm [last unloaded: kvm] Pid: 5555, comm: kvm Not tainted 2.6.28-hardened-r9 #5 RIP: 0010:[<ffffffffa00ae085>] [<ffffffffa00ae085>] 0xffffffffa00ae085 RSP: 0018:ffff88007dde5d38 EFLAGS: 00010282 RAX: 00000000a00a9089 RBX: ffff880068cc0000 RCX: ffff88006a0d30c0 RDX: ffffffff806e5000 RSI: ffff88007dde5dd8 RDI: ffff880068cc0000 RBP: ffff880068cc0000 R08: 00000000fffbd000 R09: 0000000000000000 R10: ffff880068cc0051 R11: ffffffffa00af92c R12: 0000000000000000 R13: ffff880068cc0050 R14: ffff88007d94b000 R15: ffff880068cc0051 FS: 000073701f590910(0000) GS:ffff88007f802780(0000) knlGS:0000000000000000 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: ffffffff806e5045 CR3: 000000007d4e3000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process kvm (pid: 5555, threadinfo ffff88007dde4000, task ffff880066c1e660) Stack: ffff880068cc0000 ffff880068cc0000 ffff806e5000ffff ffff880068ccffff 0000000000000282 ffffffffa0089612 ffff880068cc0000 ffffffffa00893b7 ffff88007d41eb00 ffffffffa008dbed 0000000000000008 ffffffff80b424e0 Call Trace: [<ffffffffa0089612>] ? 0xffffffffa0089612 [<ffffffffa00893b7>] ? 0xffffffffa00893b7 [<ffffffffa008dbed>] ? 0xffffffffa008dbed [<ffffffffa0086677>] ? 0xffffffffa0086677 [<ffffffff8023633f>] ? 0xffffffff8023633f [<ffffffff802378c6>] ? 0xffffffff802378c6 [<ffffffff8028bf46>] ? 0xffffffff8028bf46 [<ffffffff8028c300>] ? 0xffffffff8028c300 [<ffffffff80401f5c>] ? 0xffffffff80401f5c [<ffffffff8028c37e>] ? 0xffffffff8028c37e [<ffffffff8020237b>] ? 0xffffffff8020237b Code: 78 d0 49 89 c0 0f 78 d0 b9 01 01 00 c0 49 c1 e8 20 44 89 c2 0f 30 56 9d 0f 01 44 24 10 48 8b 54 24 12 8a 42 45 83 e0 f0 83 c8 09 <88> 42 45 0f 20 c2 48 89 d0 48 25 ff ff fe ff 0f 22 c0 b8 40 00 RIP [<ffffffffa00ae085>] 0xffffffffa00ae085 RSP <ffff88007dde5d38> CR2: ffffffff806e5045 ---[ end trace b9ad4bdbd08baba2 ]---
Re: Comment 7 - for anything meaningful to be derived from your traces, you should switch to the 'custom' grsecurity level then disable the CONFIG_GRKERNSEC_HIDESYM option. Also, you might find a recent 2.6.32 release in the hardened overlay from Anarchy. If not, feel free to contact me in the project channel and I'll hook you up with a current release for testing.
This seems to be about the old kvm modules that have been removed from the tree sometime ago. I suggest closing this bug or requesting someone to test with the latest versions in the tree.
This report is with an older version of kvm not any more in the tree and hardened-sources. If you still have any issues, please open a new bug with test results of latest qemu-kvm and latest hardened-sources. Closing this one with aggreement from Zorry