From: sashiko-bot@kernel.org
To: "Claudio Imbrenda" <imbrenda@linux.ibm.com>
Cc: "Vasily Gorbik" <gor@linux.ibm.com>,
linux-s390@vger.kernel.org, "Heiko Carstens" <hca@linux.ibm.com>,
kvm@vger.kernel.org, "Alexander Gordeev" <agordeev@linux.ibm.com>
Subject: Re: [PATCH v2 3/5] KVM: s390: vsie: Fix allocation of struct vsie_rmap
Date: Wed, 10 Jun 2026 17:07:43 +0000 [thread overview]
Message-ID: <20260610170744.2F0451F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260610165247.238366-4-imbrenda@linux.ibm.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] Infinite loop on OOM in handle_sske() and handle_pfmf() due to ignored return value.
--
commit 728611fa9ca52a1777f3dfd83064a923ef5d5bf7
Author: Claudio Imbrenda <imbrenda@linux.ibm.com>
KVM: s390: vsie: Fix allocation of struct vsie_rmap
The allocation size for struct vsie_rmap in kvm_s390_mmu_cache_topup()
was wrong due to a copy-paste error. This patch fixes it by using the
correct size.
> diff --git a/arch/s390/kvm/dat.c b/arch/s390/kvm/dat.c
> index 4a41c0247ffa2..b3931e3592b52 100644
> --- a/arch/s390/kvm/dat.c
> +++ b/arch/s390/kvm/dat.c
> @@ -45,7 +45,7 @@ int kvm_s390_mmu_cache_topup(struct kvm_s390_mmu_cache *mc)
> mc->pts[mc->n_pts] = o;
> }
> for ( ; mc->n_rmaps < KVM_S390_MMU_CACHE_N_RMAPS; mc->n_rmaps++) {
> - o = kzalloc_obj(*mc->rmaps[0], GFP_KERNEL_ACCOUNT);
> + o = kzalloc(sizeof(struct vsie_rmap), GFP_KERNEL_ACCOUNT);
> if (!o)
> return -ENOMEM;
> mc->rmaps[mc->n_rmaps] = o;
[Severity: High]
This isn't a bug introduced by this patch, but since we return -ENOMEM
here on allocation failure, are the callers handling this correctly?
Looking at handle_sske() in arch/s390/kvm/priv.c:
while (start != end) {
scoped_guard(read_lock, &vcpu->kvm->mmu_lock) {
rc = dat_cond_set_storage_key(...);
}
if (rc > 1)
return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
if (rc == -ENOMEM) {
kvm_s390_mmu_cache_topup(vcpu->arch.mc);
continue;
}
if (rc < 0)
return rc;
start += PAGE_SIZE;
}
If dat_cond_set_storage_key() fails with -ENOMEM, we call
kvm_s390_mmu_cache_topup() and then continue the loop. Since we ignore the
return value of kvm_s390_mmu_cache_topup(), if it also fails with -ENOMEM
(e.g., under severe memory pressure or with a pending SIGKILL), the loop
will restart with an empty cache.
Can this result in an endless retry loop causing a CPU soft-lockup?
The same pattern seems to exist in handle_pfmf() in the same file.
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260610165247.238366-1-imbrenda@linux.ibm.com?part=3
next prev parent reply other threads:[~2026-06-10 17:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-10 16:52 [PATCH v2 0/5] KVM: s390: A few misc gmap fixes Claudio Imbrenda
2026-06-10 16:52 ` [PATCH v2 1/5] KVM: s390: Silence potential warnings in _gmap_crstep_xchg_atomic() Claudio Imbrenda
2026-06-10 16:52 ` [PATCH v2 2/5] KVM: s390: Fix unlikely race in try_get_locked_pte() Claudio Imbrenda
2026-06-10 16:52 ` [PATCH v2 3/5] KVM: s390: vsie: Fix allocation of struct vsie_rmap Claudio Imbrenda
2026-06-10 17:07 ` sashiko-bot [this message]
2026-06-10 16:52 ` [PATCH v2 4/5] KVM: s390: vsie: Add missing radix_tree_preload() in _gaccess_shadow_fault() Claudio Imbrenda
2026-06-10 17:06 ` sashiko-bot
2026-06-10 16:52 ` [PATCH v2 5/5] KVM: s390: vsie: Use mmu cache to allocate rmap Claudio Imbrenda
2026-06-10 17:10 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260610170744.2F0451F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.