Re: include/linux/kvm_host.h:488 suspicious rcu_dereference_check() usage!

From: Borislav Petkov
Date: Mon Sep 21 2015 - 11:45:01 EST

Next message: Murali Karicheri: "Re: possible reason: unannotated irqs-off"
Previous message: Radim KrÄmÃÅ: "Re: [RFC PATCH 0/2] kvmclock: fix ABI breakage from PVCLOCK_COUNTS_FROM_ZERO."
In reply to: Paolo Bonzini: "Re: include/linux/kvm_host.h:488 suspicious rcu_dereference_check() usage!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 21, 2015 at 05:19:57PM +0200, Paolo Bonzini wrote:
> First, the leaf test would have to be == 0, because I prepared the
> patch on the first 4.3 pull request instead of the latest Linus
> tree. However even this would not be a good change, because
>
> is_shadow_present_pte(spte) == !(pte & PT_PRESENT_MASK) || is_mmio_spte(pte)
>
> and thus is_shadow_present_pte implies the "if" I'm adding above.
>
> So can you instead please add this debugging printk?
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index fb16a8ea3dee..90e8ef264861 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -3334,6 +3334,7 @@ walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr, u64 *sptep)
> sptes[root - 1], root);
> root--;
> }
> + pr_err("shadow_mmio_mask: %lx\n", shadow_mmio_mask);
> }
> exit:
> *sptep = spte;

Ok, here's with this ontop. Fixed it up to:

Index: b/arch/x86/kvm/mmu.c
===================================================================
--- a/arch/x86/kvm/mmu.c 2015-09-21 17:26:25.213434565 +0200
+++ b/arch/x86/kvm/mmu.c 2015-09-21 17:27:14.333435968 +0200
@@ -3335,6 +3335,7 @@ walk_shadow_page_get_mmio_spte(struct kv
sptes[root - 1], root);
root--;
}
+ pr_err("shadow_mmio_mask: 0x%llx\n", shadow_mmio_mask);
}
exit:
*sptep = spte;

---

as shadow_mmio_mask is u64.

[ 62.765446] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000, dump hierarchy:
[ 62.774903] ------ spte 0x4173d3027 level 4.
[ 62.779209] ------ spte 0x4173d1027 level 3.
[ 62.783558] ------ spte 0x4173c8027 level 2.
[ 62.783561] ------ spte 0xffff0000000b8f67 level 1.
[ 62.783562] shadow_mmio_mask: 0xc00f000000000001
[ 62.783564] ------------[ cut here ]------------
[ 62.783604] WARNING: CPU: 2 PID: 3531 at arch/x86/kvm/mmu.c:3386 handle_mmio_page_fault.part.93+0x1a/0x20 [kvm]()
[ 62.783642] Modules linked in: tun sha256_ssse3 sha256_generic drbg binfmt_misc ipv6 vfat fat fuse dm_crypt dm_mod kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd amd64_edac_mod k10temp fam15h_power edac_core amdkfd amd_iommu_v2 radeon acpi_cpufreq
[ 62.783646] CPU: 2 PID: 3531 Comm: qemu-system-x86 Not tainted 4.3.0-rc2+ #1
[ 62.783648] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
[ 62.783654] ffffffffa0401892 ffff880416eafb80 ffffffff812c8c2a 0000000000000000
[ 62.783665] ffff880416eafbb8 ffffffff81053e55 ffff8804172d8000 000000000000000f
[ 62.783666] 00000000000b8000 0000000000000000 00000000ffffffff ffff880416eafbc8
[ 62.783667] Call Trace:
[ 62.783671] [<ffffffff812c8c2a>] dump_stack+0x4e/0x84
[ 62.783673] [<ffffffff81053e55>] warn_slowpath_common+0x95/0xe0
[ 62.783674] [<ffffffff81053f5a>] warn_slowpath_null+0x1a/0x20
[ 62.783684] [<ffffffffa03d47ba>] handle_mmio_page_fault.part.93+0x1a/0x20 [kvm]
[ 62.783694] [<ffffffffa03db081>] tdp_page_fault+0x231/0x290 [kvm]
[ 62.783697] [<ffffffff810a24bd>] ? __lock_acquire+0x62d/0x19e0
[ 62.783705] [<ffffffffa03c432e>] ? emulator_pio_in_out+0x6e/0xf0 [kvm]
[ 62.783715] [<ffffffffa03d66f6>] kvm_mmu_page_fault+0x36/0x240 [kvm]
[ 62.783718] [<ffffffffa045c71e>] pf_interception+0xde/0x1d0 [kvm_amd]
[ 62.783720] [<ffffffffa045ecb1>] handle_exit+0x181/0xa70 [kvm_amd]
[ 62.783729] [<ffffffffa03cc50b>] ? kvm_arch_vcpu_ioctl_run+0x68b/0x1730 [kvm]
[ 62.783738] [<ffffffffa03cc576>] kvm_arch_vcpu_ioctl_run+0x6f6/0x1730 [kvm]
[ 62.783748] [<ffffffffa03cc50b>] ? kvm_arch_vcpu_ioctl_run+0x68b/0x1730 [kvm]
[ 62.783749] [<ffffffff81082afb>] ? preempt_count_sub+0x9b/0xf0
[ 62.783751] [<ffffffff816c144f>] ? mutex_lock_killable_nested+0x26f/0x490
[ 62.783753] [<ffffffff81082afb>] ? preempt_count_sub+0x9b/0xf0
[ 62.783759] [<ffffffffa03b37e8>] kvm_vcpu_ioctl+0x358/0x710 [kvm]
[ 62.783761] [<ffffffff810a0ae1>] ? __lock_is_held+0x51/0x70
[ 62.783762] [<ffffffff811a0711>] ? __fget+0x101/0x210
[ 62.783764] [<ffffffff81194a54>] do_vfs_ioctl+0x2f4/0x560
[ 62.783766] [<ffffffff811a0889>] ? __fget_light+0x29/0x90
[ 62.783767] [<ffffffff81194d0c>] SyS_ioctl+0x4c/0x90
[ 62.783769] [<ffffffff816c495b>] entry_SYSCALL_64_fastpath+0x16/0x73
[ 62.783770] ---[ end trace 8fe1d7df0fb72e0c ]---

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Murali Karicheri: "Re: possible reason: unannotated irqs-off"
Previous message: Radim KrÄmÃÅ: "Re: [RFC PATCH 0/2] kvmclock: fix ABI breakage from PVCLOCK_COUNTS_FROM_ZERO."
In reply to: Paolo Bonzini: "Re: include/linux/kvm_host.h:488 suspicious rcu_dereference_check() usage!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]