From: "Cédric Le Goater" <clg@kaod.org>
To: Michael Ellerman <mpe@ellerman.id.au>, Paul Mackerras <paulus@samba.org>
Cc: <linuxppc-dev@lists.ozlabs.org>, <kvm-ppc@vger.kernel.org>,
<kvm@vger.kernel.org>, Greg Kurz <groug@kaod.org>,
Gustavo Romero <gromero@linux.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page
Date: Tue, 10 Nov 2020 23:04:31 +0100 [thread overview]
Message-ID: <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> (raw)
In-Reply-To: <878sbftbnt.fsf@mpe.ellerman.id.au>
On 11/6/20 4:19 AM, Michael Ellerman wrote:
> Cédric Le Goater <clg@kaod.org> writes:
>> When accessing the ESB page of a source interrupt, the fault handler
>> will retrieve the page address from the XIVE interrupt 'xive_irq_data'
>> structure. If the associated KVM XIVE interrupt is not valid, that is
>> not allocated at the HW level for some reason, the fault handler will
>> dereference a NULL pointer leading to the oops below :
>>
>> WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.c:259 xive_native_esb_fault+0xe4/0x240 [kvm]
>> CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G W --------- - - 4.18.0-240.el8.ppc64le #1
>> NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8
>> REGS: c000001f69617840 TRAP: 0700 Tainted: G W --------- - - (4.18.0-240.el8.ppc64le)
>> MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 44044282 XER: 00000000
>> CFAR: c00000000044b160 IRQMASK: 0
>> GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f69617c10
>> GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 ffffffffffffffff
>> GPR08: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
>> GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 0000000000000000
>> GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c000000001c76f90
>> GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0eb98c78
>> GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 0000000000000011
>> NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm]
>> LR [c00000000044b164] __do_fault+0x64/0x220
>> Call Trace:
>> [c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable)
>> [c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220
>> [c000001f69617b90] [c000000000453838] do_fault+0x218/0x930
>> [c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0
>> [c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310
>> [c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0
>> [c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0
>> [c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38
>> Instruction dump:
>> 40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c2004ac
>> 7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e89e0018
>> ---[ end trace 66c6ff034c53f64f ]---
>> xive-kvm: xive_native_esb_fault: accessing invalid ESB page for source 8 !
>>
>> Fix that by checking the validity of the KVM XIVE interrupt structure.
>>
>> Reported-by: Greg Kurz <groug@kaod.org>
>> Signed-off-by: Cédric Le Goater <clg@kaod.org>
>
> Fixes ?
Ah yes :/
Cc: stable@vger.kernel.org # v5.2+
Fixes: 6520ca64cde7 ("KVM: PPC: Book3S HV: XIVE: Add a mapping for the source ESB pages")
Since my provider changed its imap servers, my email filters are really screwed
up and I miss emails.
Sorry about that,
C.
WARNING: multiple messages have this Message-ID (diff)
From: "Cédric Le Goater" <clg@kaod.org>
To: Michael Ellerman <mpe@ellerman.id.au>, Paul Mackerras <paulus@samba.org>
Cc: kvm@vger.kernel.org, Gustavo Romero <gromero@linux.ibm.com>,
Greg Kurz <groug@kaod.org>,
kvm-ppc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page
Date: Tue, 10 Nov 2020 23:04:31 +0100 [thread overview]
Message-ID: <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> (raw)
In-Reply-To: <878sbftbnt.fsf@mpe.ellerman.id.au>
On 11/6/20 4:19 AM, Michael Ellerman wrote:
> Cédric Le Goater <clg@kaod.org> writes:
>> When accessing the ESB page of a source interrupt, the fault handler
>> will retrieve the page address from the XIVE interrupt 'xive_irq_data'
>> structure. If the associated KVM XIVE interrupt is not valid, that is
>> not allocated at the HW level for some reason, the fault handler will
>> dereference a NULL pointer leading to the oops below :
>>
>> WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.c:259 xive_native_esb_fault+0xe4/0x240 [kvm]
>> CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G W --------- - - 4.18.0-240.el8.ppc64le #1
>> NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8
>> REGS: c000001f69617840 TRAP: 0700 Tainted: G W --------- - - (4.18.0-240.el8.ppc64le)
>> MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 44044282 XER: 00000000
>> CFAR: c00000000044b160 IRQMASK: 0
>> GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f69617c10
>> GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 ffffffffffffffff
>> GPR08: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
>> GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 0000000000000000
>> GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c000000001c76f90
>> GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0eb98c78
>> GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 0000000000000011
>> NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm]
>> LR [c00000000044b164] __do_fault+0x64/0x220
>> Call Trace:
>> [c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable)
>> [c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220
>> [c000001f69617b90] [c000000000453838] do_fault+0x218/0x930
>> [c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0
>> [c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310
>> [c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0
>> [c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0
>> [c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38
>> Instruction dump:
>> 40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c2004ac
>> 7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e89e0018
>> ---[ end trace 66c6ff034c53f64f ]---
>> xive-kvm: xive_native_esb_fault: accessing invalid ESB page for source 8 !
>>
>> Fix that by checking the validity of the KVM XIVE interrupt structure.
>>
>> Reported-by: Greg Kurz <groug@kaod.org>
>> Signed-off-by: Cédric Le Goater <clg@kaod.org>
>
> Fixes ?
Ah yes :/
Cc: stable@vger.kernel.org # v5.2+
Fixes: 6520ca64cde7 ("KVM: PPC: Book3S HV: XIVE: Add a mapping for the source ESB pages")
Since my provider changed its imap servers, my email filters are really screwed
up and I miss emails.
Sorry about that,
C.
WARNING: multiple messages have this Message-ID (diff)
From: "Cédric Le Goater" <clg@kaod.org>
To: Michael Ellerman <mpe@ellerman.id.au>, Paul Mackerras <paulus@samba.org>
Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org,
kvm@vger.kernel.org, Greg Kurz <groug@kaod.org>,
Gustavo Romero <gromero@linux.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page
Date: Tue, 10 Nov 2020 22:04:31 +0000 [thread overview]
Message-ID: <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> (raw)
In-Reply-To: <878sbftbnt.fsf@mpe.ellerman.id.au>
On 11/6/20 4:19 AM, Michael Ellerman wrote:
> Cédric Le Goater <clg@kaod.org> writes:
>> When accessing the ESB page of a source interrupt, the fault handler
>> will retrieve the page address from the XIVE interrupt 'xive_irq_data'
>> structure. If the associated KVM XIVE interrupt is not valid, that is
>> not allocated at the HW level for some reason, the fault handler will
>> dereference a NULL pointer leading to the oops below :
>>
>> WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.c:259 xive_native_esb_fault+0xe4/0x240 [kvm]
>> CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G W --------- - - 4.18.0-240.el8.ppc64le #1
>> NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8
>> REGS: c000001f69617840 TRAP: 0700 Tainted: G W --------- - - (4.18.0-240.el8.ppc64le)
>> MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 44044282 XER: 00000000
>> CFAR: c00000000044b160 IRQMASK: 0
>> GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f69617c10
>> GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 ffffffffffffffff
>> GPR08: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
>> GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 0000000000000000
>> GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c000000001c76f90
>> GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0eb98c78
>> GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 0000000000000011
>> NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm]
>> LR [c00000000044b164] __do_fault+0x64/0x220
>> Call Trace:
>> [c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable)
>> [c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220
>> [c000001f69617b90] [c000000000453838] do_fault+0x218/0x930
>> [c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0
>> [c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310
>> [c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0
>> [c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0
>> [c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38
>> Instruction dump:
>> 40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c2004ac
>> 7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e89e0018
>> ---[ end trace 66c6ff034c53f64f ]---
>> xive-kvm: xive_native_esb_fault: accessing invalid ESB page for source 8 !
>>
>> Fix that by checking the validity of the KVM XIVE interrupt structure.
>>
>> Reported-by: Greg Kurz <groug@kaod.org>
>> Signed-off-by: Cédric Le Goater <clg@kaod.org>
>
> Fixes ?
Ah yes :/
Cc: stable@vger.kernel.org # v5.2+
Fixes: 6520ca64cde7 ("KVM: PPC: Book3S HV: XIVE: Add a mapping for the source ESB pages")
Since my provider changed its imap servers, my email filters are really screwed
up and I miss emails.
Sorry about that,
C.
next prev parent reply other threads:[~2020-11-10 22:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-05 13:47 [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page Cédric Le Goater
2020-11-05 13:47 ` Cédric Le Goater
2020-11-05 13:47 ` Cédric Le Goater
2020-11-05 17:41 ` Greg Kurz
2020-11-05 17:41 ` Greg Kurz
2020-11-05 17:41 ` Greg Kurz
2020-11-06 3:19 ` Michael Ellerman
2020-11-06 3:19 ` Michael Ellerman
2020-11-06 3:19 ` Michael Ellerman
2020-11-10 22:04 ` Cédric Le Goater [this message]
2020-11-10 22:04 ` Cédric Le Goater
2020-11-10 22:04 ` Cédric Le Goater
2020-11-16 12:29 ` Michael Ellerman
2020-11-16 12:29 ` Michael Ellerman
2020-11-16 12:29 ` Michael Ellerman
2020-11-17 10:52 ` Michael Ellerman
-- strict thread matches above, loose matches on Subject: below --
2019-05-28 21:13 [PATCH] KVM: PPC: Book3S HV: XIVE: fix page offset when clearing ESB pages Cédric Le Goater
2019-05-28 21:13 ` Cédric Le Goater
2019-05-29 9:06 ` Greg Kurz
2019-05-29 9:06 ` Greg Kurz
2019-05-31 6:36 ` Paul Mackerras
2019-05-31 6:36 ` Paul Mackerras
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org \
--to=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=gromero@linux.ibm.com \
--cc=groug@kaod.org \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.