From: David Hildenbrand <david@redhat.com>
To: Wanpeng Li <kernellwp@gmail.com>, Dmitry Vyukov <dvyukov@google.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"KVM list" <kvm@vger.kernel.org>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Wanpeng Li" <wanpeng.li@hotmail.com>
Subject: Re: [PATCH] KVM: ioapic: fix NULL deref ioapic->lock
Date: Tue, 3 Jan 2017 13:06:18 +0100 [thread overview]
Message-ID: <be8045cc-a42c-b519-e4bf-e8c196429292@redhat.com> (raw)
In-Reply-To: <CANRm+CwC=duTn7oPykbE+ixnLUBQwt8KMMHkCQWZOS9i2Mzz0A@mail.gmail.com>
>>> Thanks, this is beautiful enough. :)
>>>
>>> Hmm, the combination of 6c7caebc26c5 ("KVM: introduce
>>> kvm->created_vcpus", 2016-06-16) and 4c5ea0a9cd02 ("locking/static_key:
>>> Fix concurrent static_key_slow_inc()", 2016-06-24) should have fixed it
>>> for good.
>>>
>>> Is the ENABLE_CAP necessary to reproduce? Then, the bug is simply that
>>> the ENABLE_CAP should have failed without an irqchip (the
>>> KVM_CREATE_IRQCHIP in turn must have failed with EINVAL).
>>
>> ENABLE_CAP is necessary to reproduce.
>
> Now I see what Paolo means, how about something like below:
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 51ccfe0..7ec22e2 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -3337,7 +3337,10 @@ static int kvm_vcpu_ioctl_enable_cap(struct
> kvm_vcpu *vcpu,
>
> switch (cap->cap) {
> case KVM_CAP_HYPERV_SYNIC:
> - return kvm_hv_activate_synic(vcpu);
> + if (!irqchip_in_kernel(vcpu->kvm))
> + return -EINVAL;
> + else
You can simply drop the else and return directly.
Can't really say if this is the right fix, my first thought was that
a request has been set although it should never have been set for
that VCPU. Maybe that is an effect of synic being activated
(because synic code unconditionally later on sets the request).
Fixing the cause of the request seems better than fixing up the result.
--
David
next prev parent reply other threads:[~2017-01-03 12:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-01 3:44 [PATCH] KVM: ioapic: fix NULL deref ioapic->lock Wanpeng Li
2017-01-02 10:09 ` Paolo Bonzini
2017-01-02 10:17 ` Dmitry Vyukov
2017-01-02 18:01 ` Paolo Bonzini
2017-01-02 22:37 ` Wanpeng Li
2017-01-03 9:27 ` Dmitry Vyukov
2017-01-03 10:40 ` Wanpeng Li
2017-01-03 12:06 ` David Hildenbrand [this message]
2017-01-03 17:23 ` Paolo Bonzini
2017-01-03 22:03 ` Wanpeng Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=be8045cc-a42c-b519-e4bf-e8c196429292@redhat.com \
--to=david@redhat.com \
--cc=dvyukov@google.com \
--cc=kernellwp@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=wanpeng.li@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox