iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4484141a94
linux/arch
History
Xiao Guangrong 4484141a94 KVM: fix error paths for failed gfn_to_page() calls 
This bug was triggered:
[ 4220.198458] BUG: unable to handle kernel paging request at fffffffffffffffe
[ 4220.203907] IP: [<ffffffff81104d85>] put_page+0xf/0x34
......
[ 4220.237326] Call Trace:
[ 4220.237361]  [<ffffffffa03830d0>] kvm_arch_destroy_vm+0xf9/0x101 [kvm]
[ 4220.237382]  [<ffffffffa036fe53>] kvm_put_kvm+0xcc/0x127 [kvm]
[ 4220.237401]  [<ffffffffa03702bc>] kvm_vcpu_release+0x18/0x1c [kvm]
[ 4220.237407]  [<ffffffff81145425>] __fput+0x111/0x1ed
[ 4220.237411]  [<ffffffff8114550f>] ____fput+0xe/0x10
[ 4220.237418]  [<ffffffff81063511>] task_work_run+0x5d/0x88
[ 4220.237424]  [<ffffffff8104c3f7>] do_exit+0x2bf/0x7ca

The test case:

	printf(fmt, ##args);		\
	exit(-1);} while (0)

static int create_vm(void)
{
	int sys_fd, vm_fd;

	sys_fd = open("/dev/kvm", O_RDWR);
	if (sys_fd < 0)
		die("open /dev/kvm fail.\n");

	vm_fd = ioctl(sys_fd, KVM_CREATE_VM, 0);
	if (vm_fd < 0)
		die("KVM_CREATE_VM fail.\n");

	return vm_fd;
}

static int create_vcpu(int vm_fd)
{
	int vcpu_fd;

	vcpu_fd = ioctl(vm_fd, KVM_CREATE_VCPU, 0);
	if (vcpu_fd < 0)
		die("KVM_CREATE_VCPU ioctl.\n");
	printf("Create vcpu.\n");
	return vcpu_fd;
}

static void *vcpu_thread(void *arg)
{
	int vm_fd = (int)(long)arg;

	create_vcpu(vm_fd);
	return NULL;
}

int main(int argc, char *argv[])
{
	pthread_t thread;
	int vm_fd;

	(void)argc;
	(void)argv;

	vm_fd = create_vm();
	pthread_create(&thread, NULL, vcpu_thread, (void *)(long)vm_fd);
	printf("Exit.\n");
	return 0;
}

It caused by release kvm->arch.ept_identity_map_addr which is the
error page.

The parent thread can send KILL signal to the vcpu thread when it was
exiting which stops faulting pages and potentially allocating memory.
So gfn_to_pfn/gfn_to_page may fail at this time

Fixed by checking the page before it is used

Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2012-09-10 11:34:11 +03:00
..
alpha alpha: Fix fall-out from disintegrating asm/system.h 2012-08-19 08:41:19 -07:00
arm arm-soc fixes for v3.6-rc3 2012-08-25 17:33:33 -07:00
avr32 ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION 2012-07-30 17:25:21 -07:00
blackfin Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2012-08-03 10:52:41 -07:00
c6x Enable atomic64 ops in C6X 2012-08-17 08:10:12 -07:00
cris ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION 2012-07-30 17:25:21 -07:00
frv Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-30 17:25:34 -07:00
h8300 ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION 2012-07-30 17:25:21 -07:00
hexagon Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2012-07-30 11:24:53 -07:00
ia64 [IA64] defconfig: Remove CONFIG_MISC_DEVICES 2012-08-20 13:04:29 -07:00
m32r ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION 2012-07-30 17:25:21 -07:00
m68k m68k: select CONFIG_GENERIC_ATOMIC64 for all m68k CPU types 2012-08-17 10:04:24 +10:00
microblaze Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2012-08-03 10:52:41 -07:00
mips MIPS: pci-ar724x: avoid data bus error due to a missing PCIe module 2012-08-23 15:44:47 +02:00
mn10300 Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-30 17:25:34 -07:00
openrisc
parisc [PARISC] fix personality flag check in copy_thread() 2012-08-03 11:25:12 +01:00
powerpc Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-08-25 17:30:18 -07:00
s390 s390/32: Don't clobber personality flags on exec 2012-08-30 16:28:07 +02:00
score
sh Merge branches 'sh/urgent' and 'sh/gpiolib' into sh-latest 2012-08-09 13:21:13 +09:00
sparc sparc64: Be less verbose during vmemmap population. 2012-08-15 00:37:29 -07:00
tile memcg: rename config variables 2012-07-31 18:42:43 -07:00
um Merge branch 'for-linus-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2012-08-01 16:45:02 -07:00
unicore32
x86 KVM: fix error paths for failed gfn_to_page() calls 2012-09-10 11:34:11 +03:00
xtensa xtensa: select generic atomic64_t support 2012-07-31 18:42:39 -07:00
.gitignore
Kconfig ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION 2012-07-30 17:25:21 -07:00