From: Amit Machhiwal <amachhiw@linux.ibm.com>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: Bjorn Helgaas <helgaas@kernel.org>, Rob Herring <robh@kernel.org>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-ppc@vger.kernel.org, Bjorn Helgaas <bhelgaas@google.com>,
Lizhi Hou <lizhi.hou@amd.com>,
Saravana Kannan <saravanak@google.com>,
Vaibhav Jain <vaibhav@linux.ibm.com>,
Nicholas Piggin <npiggin@gmail.com>,
Vaidyanathan Srinivasan <svaidy@linux.ibm.com>,
Kowshik Jois B S <kowsjois@linux.ibm.com>,
Lukas Wunner <lukas@wunner.de>,
kernel-team@lists.ubuntu.com,
Stefan Bader <stefan.bader@canonical.com>
Subject: Re: [PATCH v3] PCI: Fix crash during pci_dev hot-unplug on pseries KVM guest
Date: Fri, 16 Aug 2024 18:13:40 +0530 [thread overview]
Message-ID: <20240816180441.81f4d694-3b-amachhiw@linux.ibm.com> (raw)
In-Reply-To: <87h6bm1ngo.fsf@mail.lhotse>
Hi Michael,
On 2024/08/15 01:20 PM, Michael Ellerman wrote:
> Bjorn Helgaas <helgaas@kernel.org> writes:
> > On Sat, Aug 03, 2024 at 12:03:25AM +0530, Amit Machhiwal wrote:
> >> With CONFIG_PCI_DYNAMIC_OF_NODES [1], a hot-plug and hot-unplug sequence
> >> of a PCI device attached to a PCI-bridge causes following kernel Oops on
> >> a pseries KVM guest:
> >
> > What is unique about pseries here? There's nothing specific to
> > pseries in the patch, so I would expect this to be a generic problem
> > on any arch.
> >
> >> RTAS: event: 2, Type: Hotplug Event (229), Severity: 1
> >> Kernel attempted to read user page (10ec00000048) - exploit attempt? (uid: 0)
> >> BUG: Unable to handle kernel data access on read at 0x10ec00000048
> >
> > Weird address. I would expect NULL or something. Where did this
> > non-NULL pointer come from?
>
> It originally comes from np->data, which is supposed to be an
> of_changeset.
>
> The powerpc code also uses np->data for the struct pci_dn pointer, see
> pci_add_device_node_info().
>
> I wonder if that's why it's non-NULL?
I'm also looking into the code to figure out where's that value coming from. I
will update as soon as I get there.
>
> Amit, do we have exact steps to reproduce this? I poked around a bit but
> couldn't get it to trigger.
Sure, below are the steps:
1. Set CONFIG_PCI_DYNAMIC_OF_NODES=y in the kernel config and compile (Fedora
has it disabled in it's distro config, Ubuntu has it enabled but will have it
disabled in the next update)
2. If you are using Fedora cloud images, make sure you've these packages
installed:
$ rpm -qa | grep -e 'ppc64-diag\|powerpc-utils'
powerpc-utils-core-1.3.11-6.fc40.ppc64le
powerpc-utils-1.3.11-6.fc40.ppc64le
ppc64-diag-rtas-2.7.9-6.fc40.ppc64le
ppc64-diag-2.7.9-6.fc40.ppc64le
3. Hotplug a pci device as follows:
virsh attach-interface <domain_name> bridge --source virbr0
4. Check if the pci device was added by running `ip a s`
5. Try hot-unplug of that device by supplying the MAC, which should trigger the
Oops
virsh detach-interface <domain_name> bridge <mac_addr>
Thanks,
Amit
> cheers
next prev parent reply other threads:[~2024-08-16 12:44 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-02 18:33 [PATCH v3] PCI: Fix crash during pci_dev hot-unplug on pseries KVM guest Amit Machhiwal
2024-08-06 20:00 ` Bjorn Helgaas
2024-08-13 16:43 ` Rob Herring
2024-08-15 3:20 ` Michael Ellerman
2024-08-16 12:43 ` Amit Machhiwal [this message]
2024-08-16 22:59 ` Michael Ellerman
2024-08-19 11:33 ` Amit Machhiwal
2024-08-13 16:44 ` Rob Herring (Arm)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240816180441.81f4d694-3b-amachhiw@linux.ibm.com \
--to=amachhiw@linux.ibm.com \
--cc=bhelgaas@google.com \
--cc=devicetree@vger.kernel.org \
--cc=helgaas@kernel.org \
--cc=kernel-team@lists.ubuntu.com \
--cc=kowsjois@linux.ibm.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lizhi.hou@amd.com \
--cc=lukas@wunner.de \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=robh@kernel.org \
--cc=saravanak@google.com \
--cc=stefan.bader@canonical.com \
--cc=svaidy@linux.ibm.com \
--cc=vaibhav@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox