From: Marc Zyngier <marc.zyngier@arm.com>
To: Andre Przywara <andre.przywara@arm.com>,
Christoffer Dall <christoffer.dall@linaro.org>
Cc: kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org,
Cosmin Gorgovan <cosmin@linux-geek.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] KVM: arm/arm64: fix reference to uninitialised VGIC
Date: Wed, 3 Feb 2016 17:33:54 +0000 [thread overview]
Message-ID: <56B23A02.7070804@arm.com> (raw)
In-Reply-To: <1454518611-15694-1-git-send-email-andre.przywara@arm.com>
On 03/02/16 16:56, Andre Przywara wrote:
> Commit 4b4b4512da2a ("arm/arm64: KVM: Rework the arch timer to use
> level-triggered semantics") brought the virtual architected timer
> closer to the VGIC. There is one occasion were we don't properly
> check for the VGIC actually having been initialized before, but
> instead go on to check the active state of some IRQ number.
> If userland hasn't instantiated a virtual GIC, we end up with a
> kernel NULL pointer dereference:
> =========
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> pgd = ffffffc9745c5000
> [00000000] *pgd=00000009f631e003, *pud=00000009f631e003, *pmd=0000000000000000
> Internal error: Oops: 96000006 [#2] PREEMPT SMP
> Modules linked in:
> CPU: 0 PID: 2144 Comm: kvm_simplest-ar Tainted: G D 4.5.0-rc2+ #1300
> Hardware name: ARM Juno development board (r1) (DT)
> task: ffffffc976da8000 ti: ffffffc976e28000 task.ti: ffffffc976e28000
> PC is at vgic_bitmap_get_irq_val+0x78/0x90
> LR is at kvm_vgic_map_is_active+0xac/0xc8
> pc : [<ffffffc0000b7e28>] lr : [<ffffffc0000b972c>] pstate: 20000145
> ....
> =========
>
> Fix this by bailing out early of kvm_timer_flush_hwstate() if we don't
> have a VGIC at all.
>
> Reported-by: Cosmin Gorgovan <cosmin@linux-geek.org>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> Cc: <stable@vger.kernel.org> # 4.4.x
Nice catch, thanks.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
WARNING: multiple messages have this Message-ID (diff)
From: marc.zyngier@arm.com (Marc Zyngier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] KVM: arm/arm64: fix reference to uninitialised VGIC
Date: Wed, 3 Feb 2016 17:33:54 +0000 [thread overview]
Message-ID: <56B23A02.7070804@arm.com> (raw)
In-Reply-To: <1454518611-15694-1-git-send-email-andre.przywara@arm.com>
On 03/02/16 16:56, Andre Przywara wrote:
> Commit 4b4b4512da2a ("arm/arm64: KVM: Rework the arch timer to use
> level-triggered semantics") brought the virtual architected timer
> closer to the VGIC. There is one occasion were we don't properly
> check for the VGIC actually having been initialized before, but
> instead go on to check the active state of some IRQ number.
> If userland hasn't instantiated a virtual GIC, we end up with a
> kernel NULL pointer dereference:
> =========
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> pgd = ffffffc9745c5000
> [00000000] *pgd=00000009f631e003, *pud=00000009f631e003, *pmd=0000000000000000
> Internal error: Oops: 96000006 [#2] PREEMPT SMP
> Modules linked in:
> CPU: 0 PID: 2144 Comm: kvm_simplest-ar Tainted: G D 4.5.0-rc2+ #1300
> Hardware name: ARM Juno development board (r1) (DT)
> task: ffffffc976da8000 ti: ffffffc976e28000 task.ti: ffffffc976e28000
> PC is at vgic_bitmap_get_irq_val+0x78/0x90
> LR is at kvm_vgic_map_is_active+0xac/0xc8
> pc : [<ffffffc0000b7e28>] lr : [<ffffffc0000b972c>] pstate: 20000145
> ....
> =========
>
> Fix this by bailing out early of kvm_timer_flush_hwstate() if we don't
> have a VGIC at all.
>
> Reported-by: Cosmin Gorgovan <cosmin@linux-geek.org>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> Cc: <stable@vger.kernel.org> # 4.4.x
Nice catch, thanks.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
next prev parent reply other threads:[~2016-02-03 17:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-03 16:56 [PATCH] KVM: arm/arm64: fix reference to uninitialised VGIC Andre Przywara
2016-02-03 16:56 ` Andre Przywara
2016-02-03 17:33 ` Marc Zyngier [this message]
2016-02-03 17:33 ` Marc Zyngier
2016-02-04 7:36 ` Pavel Fedin
2016-02-04 7:36 ` Pavel Fedin
2016-02-04 7:36 ` Pavel Fedin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56B23A02.7070804@arm.com \
--to=marc.zyngier@arm.com \
--cc=andre.przywara@arm.com \
--cc=christoffer.dall@linaro.org \
--cc=cosmin@linux-geek.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.