linux/arch/x86/kvm
Xiao Guangrong 4484141a94 KVM: fix error paths for failed gfn_to_page() calls
This bug was triggered:
[ 4220.198458] BUG: unable to handle kernel paging request at fffffffffffffffe
[ 4220.203907] IP: [<ffffffff81104d85>] put_page+0xf/0x34
......
[ 4220.237326] Call Trace:
[ 4220.237361]  [<ffffffffa03830d0>] kvm_arch_destroy_vm+0xf9/0x101 [kvm]
[ 4220.237382]  [<ffffffffa036fe53>] kvm_put_kvm+0xcc/0x127 [kvm]
[ 4220.237401]  [<ffffffffa03702bc>] kvm_vcpu_release+0x18/0x1c [kvm]
[ 4220.237407]  [<ffffffff81145425>] __fput+0x111/0x1ed
[ 4220.237411]  [<ffffffff8114550f>] ____fput+0xe/0x10
[ 4220.237418]  [<ffffffff81063511>] task_work_run+0x5d/0x88
[ 4220.237424]  [<ffffffff8104c3f7>] do_exit+0x2bf/0x7ca

The test case:

	printf(fmt, ##args);		\
	exit(-1);} while (0)

static int create_vm(void)
{
	int sys_fd, vm_fd;

	sys_fd = open("/dev/kvm", O_RDWR);
	if (sys_fd < 0)
		die("open /dev/kvm fail.\n");

	vm_fd = ioctl(sys_fd, KVM_CREATE_VM, 0);
	if (vm_fd < 0)
		die("KVM_CREATE_VM fail.\n");

	return vm_fd;
}

static int create_vcpu(int vm_fd)
{
	int vcpu_fd;

	vcpu_fd = ioctl(vm_fd, KVM_CREATE_VCPU, 0);
	if (vcpu_fd < 0)
		die("KVM_CREATE_VCPU ioctl.\n");
	printf("Create vcpu.\n");
	return vcpu_fd;
}

static void *vcpu_thread(void *arg)
{
	int vm_fd = (int)(long)arg;

	create_vcpu(vm_fd);
	return NULL;
}

int main(int argc, char *argv[])
{
	pthread_t thread;
	int vm_fd;

	(void)argc;
	(void)argv;

	vm_fd = create_vm();
	pthread_create(&thread, NULL, vcpu_thread, (void *)(long)vm_fd);
	printf("Exit.\n");
	return 0;
}

It caused by release kvm->arch.ept_identity_map_addr which is the
error page.

The parent thread can send KILL signal to the vcpu thread when it was
exiting which stops faulting pages and potentially allocating memory.
So gfn_to_pfn/gfn_to_page may fail at this time

Fixed by checking the page before it is used

Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2012-09-10 11:34:11 +03:00
..
cpuid.c KVM: VMX: Implement PCID/INVPCID for guests with EPT 2012-07-12 13:07:34 +03:00
cpuid.h KVM: VMX: Implement PCID/INVPCID for guests with EPT 2012-07-12 13:07:34 +03:00
emulate.c KVM: x86 emulator: use stack size attribute to mask rsp in stack ops 2012-08-22 18:54:26 -03:00
i8254.c KVM: x86: Run PIT work in own kthread 2012-04-27 19:40:29 -03:00
i8254.h KVM: x86: Run PIT work in own kthread 2012-04-27 19:40:29 -03:00
i8259.c KVM: PIC: fix use of uninitialised variable. 2012-09-04 15:44:42 +03:00
irq.c KVM: fix typo in copyright notice 2010-10-24 10:53:14 +02:00
irq.h KVM: Intelligent device lookup on I/O bus 2011-09-25 19:17:59 +03:00
Kconfig KVM: Introduce direct MSI message injection for in-kernel irqchips 2012-04-24 15:59:47 +03:00
kvm_cache_regs.h KVM: MMU: Do not unconditionally read PDPTE from guest memory 2011-09-25 19:18:01 +03:00
kvm_timer.h KVM: emulate lapic tsc deadline timer for guest 2011-10-05 15:34:56 +02:00
lapic.c KVM: host side for eoi optimization 2012-06-25 12:40:55 +03:00
lapic.h KVM: host side for eoi optimization 2012-06-25 12:40:55 +03:00
Makefile KVM: Expose a version 2 architectural PMU to a guests 2011-12-27 11:24:29 +02:00
mmu_audit.c KVM: MMU: Improve iteration through sptes from rmap 2012-04-08 16:08:27 +03:00
mmu.c KVM: MMU: Fix mmu_shrink() so that it can free mmu pages as intended 2012-08-22 15:27:13 +03:00
mmu.h KVM: MMU: mmio page fault support 2011-07-24 11:50:40 +03:00
mmutrace.h KVM: MMU: fix kvm_mmu_pagetable_walk tracepoint 2012-07-11 16:51:22 +03:00
paging_tmpl.h KVM: MMU: fix kvm_mmu_pagetable_walk tracepoint 2012-07-11 16:51:22 +03:00
pmu.c perf/x86: Rename Intel specific macros 2012-07-05 21:19:39 +02:00
svm.c KVM: VMX: Implement PCID/INVPCID for guests with EPT 2012-07-12 13:07:34 +03:00
timer.c KVM: x86: Simplify kvm timer handler 2011-12-27 11:17:05 +02:00
trace.h KVM updates for the 3.6 merge window 2012-07-24 12:01:20 -07:00
tss.h KVM: x86: hardware task switching support 2008-04-27 12:00:39 +03:00
vmx.c KVM: fix error paths for failed gfn_to_page() calls 2012-09-10 11:34:11 +03:00
x86.c KVM: fix error paths for failed gfn_to_page() calls 2012-09-10 11:34:11 +03:00
x86.h KVM: x86: add paging gcc optimization 2012-04-08 14:03:13 +03:00