From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marc Zyngier Subject: Re: [PATCH] KVM: arm/arm64: fix reference to uninitialised VGIC Date: Wed, 3 Feb 2016 17:33:54 +0000 Message-ID: <56B23A02.7070804@arm.com> References: <1454518611-15694-1-git-send-email-andre.przywara@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1454518611-15694-1-git-send-email-andre.przywara@arm.com> Sender: stable-owner@vger.kernel.org To: Andre Przywara , Christoffer Dall Cc: kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org, Cosmin Gorgovan , stable@vger.kernel.org List-Id: kvmarm@lists.cs.columbia.edu On 03/02/16 16:56, Andre Przywara wrote: > Commit 4b4b4512da2a ("arm/arm64: KVM: Rework the arch timer to use > level-triggered semantics") brought the virtual architected timer > closer to the VGIC. There is one occasion were we don't properly > check for the VGIC actually having been initialized before, but > instead go on to check the active state of some IRQ number. > If userland hasn't instantiated a virtual GIC, we end up with a > kernel NULL pointer dereference: > ========= > Unable to handle kernel NULL pointer dereference at virtual address 00000000 > pgd = ffffffc9745c5000 > [00000000] *pgd=00000009f631e003, *pud=00000009f631e003, *pmd=0000000000000000 > Internal error: Oops: 96000006 [#2] PREEMPT SMP > Modules linked in: > CPU: 0 PID: 2144 Comm: kvm_simplest-ar Tainted: G D 4.5.0-rc2+ #1300 > Hardware name: ARM Juno development board (r1) (DT) > task: ffffffc976da8000 ti: ffffffc976e28000 task.ti: ffffffc976e28000 > PC is at vgic_bitmap_get_irq_val+0x78/0x90 > LR is at kvm_vgic_map_is_active+0xac/0xc8 > pc : [] lr : [] pstate: 20000145 > .... > ========= > > Fix this by bailing out early of kvm_timer_flush_hwstate() if we don't > have a VGIC at all. > > Reported-by: Cosmin Gorgovan > Signed-off-by: Andre Przywara > Cc: # 4.4.x Nice catch, thanks. Acked-by: Marc Zyngier M. -- Jazz is not dead. It just smells funny... From mboxrd@z Thu Jan 1 00:00:00 1970 From: marc.zyngier@arm.com (Marc Zyngier) Date: Wed, 3 Feb 2016 17:33:54 +0000 Subject: [PATCH] KVM: arm/arm64: fix reference to uninitialised VGIC In-Reply-To: <1454518611-15694-1-git-send-email-andre.przywara@arm.com> References: <1454518611-15694-1-git-send-email-andre.przywara@arm.com> Message-ID: <56B23A02.7070804@arm.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On 03/02/16 16:56, Andre Przywara wrote: > Commit 4b4b4512da2a ("arm/arm64: KVM: Rework the arch timer to use > level-triggered semantics") brought the virtual architected timer > closer to the VGIC. There is one occasion were we don't properly > check for the VGIC actually having been initialized before, but > instead go on to check the active state of some IRQ number. > If userland hasn't instantiated a virtual GIC, we end up with a > kernel NULL pointer dereference: > ========= > Unable to handle kernel NULL pointer dereference at virtual address 00000000 > pgd = ffffffc9745c5000 > [00000000] *pgd=00000009f631e003, *pud=00000009f631e003, *pmd=0000000000000000 > Internal error: Oops: 96000006 [#2] PREEMPT SMP > Modules linked in: > CPU: 0 PID: 2144 Comm: kvm_simplest-ar Tainted: G D 4.5.0-rc2+ #1300 > Hardware name: ARM Juno development board (r1) (DT) > task: ffffffc976da8000 ti: ffffffc976e28000 task.ti: ffffffc976e28000 > PC is at vgic_bitmap_get_irq_val+0x78/0x90 > LR is at kvm_vgic_map_is_active+0xac/0xc8 > pc : [] lr : [] pstate: 20000145 > .... > ========= > > Fix this by bailing out early of kvm_timer_flush_hwstate() if we don't > have a VGIC at all. > > Reported-by: Cosmin Gorgovan > Signed-off-by: Andre Przywara > Cc: # 4.4.x Nice catch, thanks. Acked-by: Marc Zyngier M. -- Jazz is not dead. It just smells funny...