From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27DB4C8B4C0 for ; Mon, 16 Nov 2020 12:38:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C3C6520855 for ; Mon, 16 Nov 2020 12:38:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ellerman.id.au header.i=@ellerman.id.au header.b="rmPfVp13" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728695AbgKPM3h (ORCPT ); Mon, 16 Nov 2020 07:29:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727895AbgKPM3h (ORCPT ); Mon, 16 Nov 2020 07:29:37 -0500 Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BB23C0613CF; Mon, 16 Nov 2020 04:29:37 -0800 (PST) Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 4CZT0Z6L5sz9sPB; Mon, 16 Nov 2020 23:29:34 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1605529774; bh=9E6JzyfDdjUQLEqbF7UI53b0Chv12+R9IYyhrZU8bFM=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=rmPfVp13hL1v/7EmT4rYsbfw1Am6SIA3S7arhMzW29Rq7yowZG9hEgpOTnST9xzXP mD+QiCcDuS2Ec1TRyCZBYMzBNtyilemUsWAKEtNjrAqme3gFYURjQvVBLjOhzxWEJu R5uDld+LWjx6LLmxKBl7SX3ZT0XfWnhT0p+ES46dswu1tUD+qKsuXoea4jOpWMrnUg dbNZdxmVdtPfs6KF3WeWlGoBNWxvZZxO3PV3lAMwsx6RyfqKv12hBG3Vaxhf2oikob 0aMVyN6DmzjvcO/+Vr5HV1G+AU7Cz24jt3YIK66K9z64Z5bSzvd616oDy4Tb5BORwa IUhr6jS+/0ZUg== From: Michael Ellerman To: =?utf-8?Q?C=C3=A9dric?= Le Goater , Paul Mackerras Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org, kvm@vger.kernel.org, Greg Kurz , Gustavo Romero , David Gibson Subject: Re: [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page In-Reply-To: <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> References: <20201105134713.656160-1-clg@kaod.org> <878sbftbnt.fsf@mpe.ellerman.id.au> <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> Date: Mon, 16 Nov 2020 23:29:33 +1100 Message-ID: <875z654h8y.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org C=C3=A9dric Le Goater writes: > On 11/6/20 4:19 AM, Michael Ellerman wrote: >> C=C3=A9dric Le Goater writes: >>> When accessing the ESB page of a source interrupt, the fault handler >>> will retrieve the page address from the XIVE interrupt 'xive_irq_data' >>> structure. If the associated KVM XIVE interrupt is not valid, that is >>> not allocated at the HW level for some reason, the fault handler will >>> dereference a NULL pointer leading to the oops below : >>> >>> WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.= c:259 xive_native_esb_fault+0xe4/0x240 [kvm] >>> CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G = W --------- - - 4.18.0-240.el8.ppc64le #1 >>> NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8 >>> REGS: c000001f69617840 TRAP: 0700 Tainted: G W ----= ----- - - (4.18.0-240.el8.ppc64le) >>> MSR: 9000000000029033 CR: 44044282 XER= : 00000000 >>> CFAR: c00000000044b160 IRQMASK: 0 >>> GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f6= 9617c10 >>> GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 fffffffff= fffffff >>> GPR08: 0000000000000000 0000000000000001 0000000000000000 000000000= 0000001 >>> GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 000000000= 0000000 >>> GPR16: 0000000000000000 0000000000000000 0000000000000000 000000000= 0000000 >>> GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c00000000= 1c76f90 >>> GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0= eb98c78 >>> GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 000000000= 0000011 >>> NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm] >>> LR [c00000000044b164] __do_fault+0x64/0x220 >>> Call Trace: >>> [c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable) >>> [c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220 >>> [c000001f69617b90] [c000000000453838] do_fault+0x218/0x930 >>> [c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0 >>> [c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310 >>> [c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0 >>> [c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0 >>> [c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38 >>> Instruction dump: >>> 40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c20= 04ac >>> 7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e8= 9e0018 >>> ---[ end trace 66c6ff034c53f64f ]--- >>> xive-kvm: xive_native_esb_fault: accessing invalid ESB page for sou= rce 8 ! >>> >>> Fix that by checking the validity of the KVM XIVE interrupt structure. >>> >>> Reported-by: Greg Kurz >>> Signed-off-by: C=C3=A9dric Le Goater >>=20 >> Fixes ? > > Ah yes :/=20=20 > > Cc: stable@vger.kernel.org # v5.2+ > Fixes: 6520ca64cde7 ("KVM: PPC: Book3S HV: XIVE: Add a mapping for the so= urce ESB pages") > > Since my provider changed its imap servers, my email filters are really s= crewed=20 > up and I miss emails.=20 > > Sorry about that, No worries. It doesn't look like Paul has grabbed this, so I'll take it. cheers From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43F65C4742C for ; Mon, 16 Nov 2020 12:35:11 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 597642227F for ; Mon, 16 Nov 2020 12:35:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ellerman.id.au header.i=@ellerman.id.au header.b="rmPfVp13" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 597642227F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ellerman.id.au Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4CZT6z2b72zDqKb for ; Mon, 16 Nov 2020 23:35:07 +1100 (AEDT) Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4CZT0b26nGzDq61 for ; Mon, 16 Nov 2020 23:29:35 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=ellerman.id.au Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ellerman.id.au header.i=@ellerman.id.au header.a=rsa-sha256 header.s=201909 header.b=rmPfVp13; dkim-atps=neutral Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 4CZT0Z6L5sz9sPB; Mon, 16 Nov 2020 23:29:34 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1605529774; bh=9E6JzyfDdjUQLEqbF7UI53b0Chv12+R9IYyhrZU8bFM=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=rmPfVp13hL1v/7EmT4rYsbfw1Am6SIA3S7arhMzW29Rq7yowZG9hEgpOTnST9xzXP mD+QiCcDuS2Ec1TRyCZBYMzBNtyilemUsWAKEtNjrAqme3gFYURjQvVBLjOhzxWEJu R5uDld+LWjx6LLmxKBl7SX3ZT0XfWnhT0p+ES46dswu1tUD+qKsuXoea4jOpWMrnUg dbNZdxmVdtPfs6KF3WeWlGoBNWxvZZxO3PV3lAMwsx6RyfqKv12hBG3Vaxhf2oikob 0aMVyN6DmzjvcO/+Vr5HV1G+AU7Cz24jt3YIK66K9z64Z5bSzvd616oDy4Tb5BORwa IUhr6jS+/0ZUg== From: Michael Ellerman To: =?utf-8?Q?C=C3=A9dric?= Le Goater , Paul Mackerras Subject: Re: [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page In-Reply-To: <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> References: <20201105134713.656160-1-clg@kaod.org> <878sbftbnt.fsf@mpe.ellerman.id.au> <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> Date: Mon, 16 Nov 2020 23:29:33 +1100 Message-ID: <875z654h8y.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kvm@vger.kernel.org, Gustavo Romero , Greg Kurz , kvm-ppc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, David Gibson Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" C=C3=A9dric Le Goater writes: > On 11/6/20 4:19 AM, Michael Ellerman wrote: >> C=C3=A9dric Le Goater writes: >>> When accessing the ESB page of a source interrupt, the fault handler >>> will retrieve the page address from the XIVE interrupt 'xive_irq_data' >>> structure. If the associated KVM XIVE interrupt is not valid, that is >>> not allocated at the HW level for some reason, the fault handler will >>> dereference a NULL pointer leading to the oops below : >>> >>> WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.= c:259 xive_native_esb_fault+0xe4/0x240 [kvm] >>> CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G = W --------- - - 4.18.0-240.el8.ppc64le #1 >>> NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8 >>> REGS: c000001f69617840 TRAP: 0700 Tainted: G W ----= ----- - - (4.18.0-240.el8.ppc64le) >>> MSR: 9000000000029033 CR: 44044282 XER= : 00000000 >>> CFAR: c00000000044b160 IRQMASK: 0 >>> GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f6= 9617c10 >>> GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 fffffffff= fffffff >>> GPR08: 0000000000000000 0000000000000001 0000000000000000 000000000= 0000001 >>> GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 000000000= 0000000 >>> GPR16: 0000000000000000 0000000000000000 0000000000000000 000000000= 0000000 >>> GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c00000000= 1c76f90 >>> GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0= eb98c78 >>> GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 000000000= 0000011 >>> NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm] >>> LR [c00000000044b164] __do_fault+0x64/0x220 >>> Call Trace: >>> [c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable) >>> [c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220 >>> [c000001f69617b90] [c000000000453838] do_fault+0x218/0x930 >>> [c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0 >>> [c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310 >>> [c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0 >>> [c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0 >>> [c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38 >>> Instruction dump: >>> 40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c20= 04ac >>> 7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e8= 9e0018 >>> ---[ end trace 66c6ff034c53f64f ]--- >>> xive-kvm: xive_native_esb_fault: accessing invalid ESB page for sou= rce 8 ! >>> >>> Fix that by checking the validity of the KVM XIVE interrupt structure. >>> >>> Reported-by: Greg Kurz >>> Signed-off-by: C=C3=A9dric Le Goater >>=20 >> Fixes ? > > Ah yes :/=20=20 > > Cc: stable@vger.kernel.org # v5.2+ > Fixes: 6520ca64cde7 ("KVM: PPC: Book3S HV: XIVE: Add a mapping for the so= urce ESB pages") > > Since my provider changed its imap servers, my email filters are really s= crewed=20 > up and I miss emails.=20 > > Sorry about that, No worries. It doesn't look like Paul has grabbed this, so I'll take it. cheers From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Ellerman Date: Mon, 16 Nov 2020 12:29:33 +0000 Subject: Re: [PATCH] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page Message-Id: <875z654h8y.fsf@mpe.ellerman.id.au> List-Id: References: <20201105134713.656160-1-clg@kaod.org> <878sbftbnt.fsf@mpe.ellerman.id.au> <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> In-Reply-To: <1270ada4-e2a9-6a1a-52a9-b5c3479c05ea@kaod.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: =?utf-8?Q?C=C3=A9dric?= Le Goater , Paul Mackerras Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org, kvm@vger.kernel.org, Greg Kurz , Gustavo Romero , David Gibson Cédric Le Goater writes: > On 11/6/20 4:19 AM, Michael Ellerman wrote: >> Cédric Le Goater writes: >>> When accessing the ESB page of a source interrupt, the fault handler >>> will retrieve the page address from the XIVE interrupt 'xive_irq_data' >>> structure. If the associated KVM XIVE interrupt is not valid, that is >>> not allocated at the HW level for some reason, the fault handler will >>> dereference a NULL pointer leading to the oops below : >>> >>> WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.c:259 xive_native_esb_fault+0xe4/0x240 [kvm] >>> CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G W --------- - - 4.18.0-240.el8.ppc64le #1 >>> NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8 >>> REGS: c000001f69617840 TRAP: 0700 Tainted: G W --------- - - (4.18.0-240.el8.ppc64le) >>> MSR: 9000000000029033 CR: 44044282 XER: 00000000 >>> CFAR: c00000000044b160 IRQMASK: 0 >>> GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f69617c10 >>> GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 ffffffffffffffff >>> GPR08: 0000000000000000 0000000000000001 0000000000000000 0000000000000001 >>> GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 0000000000000000 >>> GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 >>> GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c000000001c76f90 >>> GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0eb98c78 >>> GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 0000000000000011 >>> NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm] >>> LR [c00000000044b164] __do_fault+0x64/0x220 >>> Call Trace: >>> [c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable) >>> [c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220 >>> [c000001f69617b90] [c000000000453838] do_fault+0x218/0x930 >>> [c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0 >>> [c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310 >>> [c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0 >>> [c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0 >>> [c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38 >>> Instruction dump: >>> 40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c2004ac >>> 7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e89e0018 >>> ---[ end trace 66c6ff034c53f64f ]--- >>> xive-kvm: xive_native_esb_fault: accessing invalid ESB page for source 8 ! >>> >>> Fix that by checking the validity of the KVM XIVE interrupt structure. >>> >>> Reported-by: Greg Kurz >>> Signed-off-by: Cédric Le Goater >> >> Fixes ? > > Ah yes :/ > > Cc: stable@vger.kernel.org # v5.2+ > Fixes: 6520ca64cde7 ("KVM: PPC: Book3S HV: XIVE: Add a mapping for the source ESB pages") > > Since my provider changed its imap servers, my email filters are really screwed > up and I miss emails. > > Sorry about that, No worries. It doesn't look like Paul has grabbed this, so I'll take it. cheers