From patchwork Tue Jun 6 13:56:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoffer Dall X-Patchwork-Id: 103161 Delivered-To: patch@linaro.org Received: by 10.140.91.77 with SMTP id y71csp1433281qgd; Tue, 6 Jun 2017 06:56:55 -0700 (PDT) X-Received: by 10.98.13.138 with SMTP id 10mr4761539pfn.218.1496757415743; Tue, 06 Jun 2017 06:56:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1496757415; cv=none; d=google.com; s=arc-20160816; b=tjwgTLjRgGw/ice/AaKLQNuDiTkEDkFfKhcTQLuqwEuS1MvLa3lvCGUVpHQM7hdjHX WzvmgY89cWodPbY2TEvjxMOZjJiYkdnx+9s0c47kR1x2TVvXTMkGM1jAX7BVmtX8yG7w Crkg7riTD/KCRF5n6kQknXmgiNR4hQZ1e9lEBur6Bh8LrA7ATlhAxvCeLHL9FjKHe57E C+AVw0YjDdOohcjpsHaqn7V4LtFvvVHRWQNQVyFlTp1/JK/ke2dIAksLSn2QxSVwceev iS4xa8O4q5AQbkaWUmVNQRVuPnakiwd44eP8ZRVyvQAj+Fi5pE4ddG4OmrS1TTpqKF8H ubmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=S5X4aVMVwKwyxCJ1P/KCFfH7YvSJsKAmtf5ebjhgSb8=; b=mdIwKGa1x3NtPSZJnbTLYt9Ejf4PY1xr0Wla1Y3v9Y+1DJ6wsErDJM0+EFrWFBUSOw MRA1isQoOTolKgkJgRvlkwm1JR/w1avYzBjxTXmbbbg+TSq4rDPQLlG2+5nwynFTgBN6 xQEF6Te6ohYv9h5ul1AffpKt6ZzDpJHnc/foZ8rmawrQ12X/nIZ/mLbthy27z8pdA66H +tmGUuqt4gawdLVr+DVrMN14dTgnKHPMEf6cITtCJLeEnstGKheC8d8KrgJ5HnZtq13+ tYg6Hwt0lGP/pTgl7+k9YaFpdJwWG0UxR75wVTR+pkno2rR6Fxu7IyY4E8XIYvPhcPIK ZYrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m9si10263366plk.368.2017.06.06.06.56.55; Tue, 06 Jun 2017 06:56:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751388AbdFFN4y (ORCPT + 6 others); Tue, 6 Jun 2017 09:56:54 -0400 Received: from mail-wm0-f47.google.com ([74.125.82.47]:37607 "EHLO mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751474AbdFFN4t (ORCPT ); Tue, 6 Jun 2017 09:56:49 -0400 Received: by mail-wm0-f47.google.com with SMTP id d73so49537497wma.0 for ; Tue, 06 Jun 2017 06:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=S5X4aVMVwKwyxCJ1P/KCFfH7YvSJsKAmtf5ebjhgSb8=; b=G9mB47gw8S4NY4d6ZVWcOcoUN6/qEdaxQwY8u19/rXdq71M7ccU19BToNemDdWXZ95 Hml4ayt+gpRtF7506uYW1TLRJQoddaAMvmXdJsN24h5x9kceUqVXkEUfFBBPn+pb0boN FvnjotUmAMpCPqYXg+8Bn09BHwmVganuzqO4s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=S5X4aVMVwKwyxCJ1P/KCFfH7YvSJsKAmtf5ebjhgSb8=; b=P1lLrG9d+IVZ6ndN73elhLWIQMOohzqwkIiIumfpQpeU7ib1CSF6M4xaj9FDrOGYLQ 99SVe+6qvUyEW83RojZao37Tp3ZLxZY8L2it5C2W2qwRivez0Qmj7E/ARNbtavAD8acV lQR5diFvJMTt0QEQnR9xQ4Plu2YZ6iJIjP7o9tnMJhU15xFwqvLIKm9VayVzEzYIjVxl 4QhaaTyIgTvt/XkvsI1/BD052aOXbfwaR947NyY9qW3R05+wEe0Pee/9pYt2rdNj8+GC +11FeYy1Jt+w9qS4ATwSnZvuFxfGiJn8tY2h2zVTMJZpgrEasTxnlMZ6X4oWDvnBzAD1 wXSQ== X-Gm-Message-State: AODbwcCPiAZ7YVFmgz2YsgGupKadrEIawHb9sMpLK3h2Ss56vfNDkc8e mQvsqZrMXIgENPaN X-Received: by 10.80.137.136 with SMTP id g8mr12670336edg.125.1496757408148; Tue, 06 Jun 2017 06:56:48 -0700 (PDT) Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk. [217.61.220.45]) by smtp.gmail.com with ESMTPSA id b30sm14791532edd.6.2017.06.06.06.56.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 06 Jun 2017 06:56:47 -0700 (PDT) From: Christoffer Dall To: Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= Cc: Marc Zyngier , kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, stable@vger.kernel.org, Christoffer Dall Subject: [PULL 3/3] KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages Date: Tue, 6 Jun 2017 15:56:29 +0200 Message-Id: <20170606135629.31664-4-cdall@linaro.org> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170606135629.31664-1-cdall@linaro.org> References: <20170606135629.31664-1-cdall@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier Under memory pressure, we start ageing pages, which amounts to parsing the page tables. Since we don't want to allocate any extra level, we pass NULL for our private allocation cache. Which means that stage2_get_pud() is allowed to fail. This results in the following splat: [ 1520.409577] Unable to handle kernel NULL pointer dereference at virtual address 00000008 [ 1520.417741] pgd = ffff810f52fef000 [ 1520.421201] [00000008] *pgd=0000010f636c5003, *pud=0000010f56f48003, *pmd=0000000000000000 [ 1520.429546] Internal error: Oops: 96000006 [#1] PREEMPT SMP [ 1520.435156] Modules linked in: [ 1520.438246] CPU: 15 PID: 53550 Comm: qemu-system-aar Tainted: G W 4.12.0-rc4-00027-g1885c397eaec #7205 [ 1520.448705] Hardware name: FOXCONN R2-1221R-A4/C2U4N_MB, BIOS G31FB12A 10/26/2016 [ 1520.463726] task: ffff800ac5fb4e00 task.stack: ffff800ce04e0000 [ 1520.469666] PC is at stage2_get_pmd+0x34/0x110 [ 1520.474119] LR is at kvm_age_hva_handler+0x44/0xf0 [ 1520.478917] pc : [] lr : [] pstate: 40000145 [ 1520.486325] sp : ffff800ce04e33d0 [ 1520.489644] x29: ffff800ce04e33d0 x28: 0000000ffff40064 [ 1520.494967] x27: 0000ffff27e00000 x26: 0000000000000000 [ 1520.500289] x25: ffff81051ba65008 x24: 0000ffff40065000 [ 1520.505618] x23: 0000ffff40064000 x22: 0000000000000000 [ 1520.510947] x21: ffff810f52b20000 x20: 0000000000000000 [ 1520.516274] x19: 0000000058264000 x18: 0000000000000000 [ 1520.521603] x17: 0000ffffa6fe7438 x16: ffff000008278b70 [ 1520.526940] x15: 000028ccd8000000 x14: 0000000000000008 [ 1520.532264] x13: ffff7e0018298000 x12: 0000000000000002 [ 1520.537582] x11: ffff000009241b93 x10: 0000000000000940 [ 1520.542908] x9 : ffff0000092ef800 x8 : 0000000000000200 [ 1520.548229] x7 : ffff800ce04e36a8 x6 : 0000000000000000 [ 1520.553552] x5 : 0000000000000001 x4 : 0000000000000000 [ 1520.558873] x3 : 0000000000000000 x2 : 0000000000000008 [ 1520.571696] x1 : ffff000008fd5000 x0 : ffff0000080b149c [ 1520.577039] Process qemu-system-aar (pid: 53550, stack limit = 0xffff800ce04e0000) [...] [ 1521.510735] [] stage2_get_pmd+0x34/0x110 [ 1521.516221] [] kvm_age_hva_handler+0x44/0xf0 [ 1521.522054] [] handle_hva_to_gpa+0xb8/0xe8 [ 1521.527716] [] kvm_age_hva+0x44/0xf0 [ 1521.532854] [] kvm_mmu_notifier_clear_flush_young+0x70/0xc0 [ 1521.539992] [] __mmu_notifier_clear_flush_young+0x88/0xd0 [ 1521.546958] [] page_referenced_one+0xf0/0x188 [ 1521.552881] [] rmap_walk_anon+0xec/0x250 [ 1521.558370] [] rmap_walk+0x78/0xa0 [ 1521.563337] [] page_referenced+0x164/0x180 [ 1521.569002] [] shrink_active_list+0x178/0x3b8 [ 1521.574922] [] shrink_node_memcg+0x328/0x600 [ 1521.580758] [] shrink_node+0xc4/0x328 [ 1521.585986] [] do_try_to_free_pages+0xc0/0x340 [ 1521.592000] [] try_to_free_pages+0xcc/0x240 [...] The trivial fix is to handle this NULL pud value early, rather than dereferencing it blindly. Cc: stable@vger.kernel.org Signed-off-by: Marc Zyngier Reviewed-by: Christoffer Dall Signed-off-by: Christoffer Dall --- virt/kvm/arm/mmu.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.9.0 diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index a2d6324..e2e5eff 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -879,6 +879,9 @@ static pmd_t *stage2_get_pmd(struct kvm *kvm, struct kvm_mmu_memory_cache *cache pmd_t *pmd; pud = stage2_get_pud(kvm, cache, addr); + if (!pud) + return NULL; + if (stage2_pud_none(*pud)) { if (!cache) return NULL;