projects
/
firefly-linux-kernel-4.4.55.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
0be0226
)
kvm: fix crash in kvm_vcpu_reload_apic_access_page
author
Andrea Arcangeli
<aarcange@redhat.com>
Fri, 8 May 2015 12:32:56 +0000
(14:32 +0200)
committer
Paolo Bonzini
<pbonzini@redhat.com>
Wed, 20 May 2015 10:30:06 +0000
(12:30 +0200)
memslot->userfault_addr is set by the kernel with a mmap executed
from the kernel but the userland can still munmap it and lead to the
below oops after memslot->userfault_addr points to a host virtual
address that has no vma or mapping.
[ 327.538306] BUG: unable to handle kernel paging request at
fffffffffffffffe
[ 327.538407] IP: [<
ffffffff811a7b55
>] put_page+0x5/0x50
[ 327.538474] PGD
1a01067
PUD
1a03067
PMD 0
[ 327.538529] Oops: 0000 [#1] SMP
[ 327.538574] Modules linked in: macvtap macvlan xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT iptable_filter ip_tables tun bridge stp llc rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache xprtrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp scsi_tgt ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm ipmi_devintf iTCO_wdt iTCO_vendor_support intel_powerclamp coretemp dcdbas intel_rapl kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd pcspkr sb_edac edac_core ipmi_si ipmi_msghandler acpi_pad wmi acpi_power_meter lpc_ich mfd_core mei_me
[ 327.539488] mei shpchp nfsd auth_rpcgss nfs_acl lockd grace sunrpc mlx4_ib ib_sa ib_mad ib_core mlx4_en vxlan ib_addr ip_tunnel xfs libcrc32c sd_mod crc_t10dif crct10dif_common crc32c_intel mgag200 syscopyarea sysfillrect sysimgblt i2c_algo_bit drm_kms_helper ttm drm ahci i2c_core libahci mlx4_core libata tg3 ptp pps_core megaraid_sas ntb dm_mirror dm_region_hash dm_log dm_mod
[ 327.539956] CPU: 3 PID: 3161 Comm: qemu-kvm Not tainted 3.10.0-240.el7.userfault19.
4ca4011
.x86_64.debug #1
[ 327.540045] Hardware name: Dell Inc. PowerEdge R420/0CN7CM, BIOS 2.1.2 01/20/2014
[ 327.540115] task:
ffff8803280ccf00
ti:
ffff880317c58000
task.ti:
ffff880317c58000
[ 327.540184] RIP: 0010:[<
ffffffff811a7b55
>] [<
ffffffff811a7b55
>] put_page+0x5/0x50
[ 327.540261] RSP: 0018:
ffff880317c5bcf8
EFLAGS:
00010246
[ 327.540313] RAX:
00057ffffffff000
RBX:
ffff880616a20000
RCX:
0000000000000000
[ 327.540379] RDX:
0000000000002014
RSI:
00057ffffffff000
RDI:
fffffffffffffffe
[ 327.540445] RBP:
ffff880317c5bd10
R08:
0000000000000103
R09:
0000000000000000
[ 327.540511] R10:
0000000000000000
R11:
0000000000000000
R12:
fffffffffffffffe
[ 327.540576] R13:
0000000000000000
R14:
ffff880317c5bd70
R15:
ffff880317c5bd50
[ 327.540643] FS:
00007fd230b7f700
(0000) GS:
ffff880630800000
(0000) knlGS:
0000000000000000
[ 327.540717] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 327.540771] CR2:
fffffffffffffffe
CR3:
000000062a2c3000
CR4:
00000000000427e0
[ 327.540837] DR0:
0000000000000000
DR1:
0000000000000000
DR2:
0000000000000000
[ 327.540904] DR3:
0000000000000000
DR6:
00000000ffff0ff0
DR7:
0000000000000400
[ 327.540974] Stack:
[ 327.541008]
ffffffffa05d6d0c
ffff880616a20000
0000000000000000
ffff880317c5bdc0
[ 327.541093]
ffffffffa05ddaa2
0000000000000000
00000000002191bf
00000042f3feab2d
[ 327.541177]
00000042f3feab2d
0000000000000002
0000000000000001
0321000000000000
[ 327.541261] Call Trace:
[ 327.541321] [<
ffffffffa05d6d0c
>] ? kvm_vcpu_reload_apic_access_page+0x6c/0x80 [kvm]
[ 327.543615] [<
ffffffffa05ddaa2
>] vcpu_enter_guest+0x3f2/0x10f0 [kvm]
[ 327.545918] [<
ffffffffa05e2f10
>] kvm_arch_vcpu_ioctl_run+0x2b0/0x5a0 [kvm]
[ 327.548211] [<
ffffffffa05e2d02
>] ? kvm_arch_vcpu_ioctl_run+0xa2/0x5a0 [kvm]
[ 327.550500] [<
ffffffffa05ca845
>] kvm_vcpu_ioctl+0x2b5/0x680 [kvm]
[ 327.552768] [<
ffffffff810b8d12
>] ? creds_are_invalid.part.1+0x12/0x50
[ 327.555069] [<
ffffffff810b8d71
>] ? creds_are_invalid+0x21/0x30
[ 327.557373] [<
ffffffff812d6066
>] ? inode_has_perm.isra.49.constprop.65+0x26/0x80
[ 327.559663] [<
ffffffff8122d985
>] do_vfs_ioctl+0x305/0x530
[ 327.561917] [<
ffffffff8122dc51
>] SyS_ioctl+0xa1/0xc0
[ 327.564185] [<
ffffffff816de829
>] system_call_fastpath+0x16/0x1b
[ 327.566480] Code: 0b 31 f6 4c 89 e7 e8 4b 7f ff ff 0f 0b e8 24 fd ff ff e9 a9 fd ff ff 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 <48> f7 07 00 c0 00 00 55 48 89 e5 75 2a 8b 47 1c 85 c0 74 1e f0
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/x86.c
patch
|
blob
|
history
diff --git
a/arch/x86/kvm/x86.c
b/arch/x86/kvm/x86.c
index 986b3f5d0523eff5fdb5aec6c5cf8f10d622aa12..5f3818846465caa1b87f4a7afafec62ad8a02b89 100644
(file)
--- a/
arch/x86/kvm/x86.c
+++ b/
arch/x86/kvm/x86.c
@@
-6195,6
+6195,8
@@
void kvm_vcpu_reload_apic_access_page(struct kvm_vcpu *vcpu)
return;
page = gfn_to_page(vcpu->kvm, APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT);
+ if (is_error_page(page))
+ return;
kvm_x86_ops->set_apic_access_page_addr(vcpu, page_to_phys(page));
/*