From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:44836 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751494AbdFLMHB (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 12 Jun 2017 08:07:01 -0400
Date: Mon, 12 Jun 2017 14:06:54 +0200
From: Greg KH <gregkh@linuxfoundation.org>
To: Marc Zyngier <marc.zyngier@arm.com>
Cc: cdall@linaro.org, stable@vger.kernel.org
Subject: Re: FAILED: patch "[PATCH] KVM: arm/arm64: Handle possible NULL
 stage2 pud when ageing" failed to apply to 4.11-stable tree
Message-ID: <20170612120654.GD15695@kroah.com>
References: <1497254356219169@kroah.com>
 <11020173-0604-438c-5485-7d442d130671@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <11020173-0604-438c-5485-7d442d130671@arm.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Mon, Jun 12, 2017 at 10:33:22AM +0100, Marc Zyngier wrote:
> On 12/06/17 08:59, gregkh@linuxfoundation.org wrote:
> > 
> > The patch below does not apply to the 4.11-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> > 
> > thanks,
> > 
> > greg k-h
> > 
> > ------------------ original commit in Linus's tree ------------------
> > 
> > From d6dbdd3c8558cad3b6d74cc357b408622d122331 Mon Sep 17 00:00:00 2001
> > From: Marc Zyngier <marc.zyngier@arm.com>
> > Date: Mon, 5 Jun 2017 19:17:18 +0100
> > Subject: [PATCH] KVM: arm/arm64: Handle possible NULL stage2 pud when ageing
> >  pages
> > 
> > Under memory pressure, we start ageing pages, which amounts to parsing
> > the page tables. Since we don't want to allocate any extra level,
> > we pass NULL for our private allocation cache. Which means that
> > stage2_get_pud() is allowed to fail. This results in the following
> > splat:
> > 
> > [ 1520.409577] Unable to handle kernel NULL pointer dereference at virtual address 00000008
> > [ 1520.417741] pgd = ffff810f52fef000
> > [ 1520.421201] [00000008] *pgd=0000010f636c5003, *pud=0000010f56f48003, *pmd=0000000000000000
> > [ 1520.429546] Internal error: Oops: 96000006 [#1] PREEMPT SMP
> > [ 1520.435156] Modules linked in:
> > [ 1520.438246] CPU: 15 PID: 53550 Comm: qemu-system-aar Tainted: G        W       4.12.0-rc4-00027-g1885c397eaec #7205
> > [ 1520.448705] Hardware name: FOXCONN R2-1221R-A4/C2U4N_MB, BIOS G31FB12A 10/26/2016
> > [ 1520.463726] task: ffff800ac5fb4e00 task.stack: ffff800ce04e0000
> > [ 1520.469666] PC is at stage2_get_pmd+0x34/0x110
> > [ 1520.474119] LR is at kvm_age_hva_handler+0x44/0xf0
> > [ 1520.478917] pc : [<ffff0000080b137c>] lr : [<ffff0000080b149c>] pstate: 40000145
> > [ 1520.486325] sp : ffff800ce04e33d0
> > [ 1520.489644] x29: ffff800ce04e33d0 x28: 0000000ffff40064
> > [ 1520.494967] x27: 0000ffff27e00000 x26: 0000000000000000
> > [ 1520.500289] x25: ffff81051ba65008 x24: 0000ffff40065000
> > [ 1520.505618] x23: 0000ffff40064000 x22: 0000000000000000
> > [ 1520.510947] x21: ffff810f52b20000 x20: 0000000000000000
> > [ 1520.516274] x19: 0000000058264000 x18: 0000000000000000
> > [ 1520.521603] x17: 0000ffffa6fe7438 x16: ffff000008278b70
> > [ 1520.526940] x15: 000028ccd8000000 x14: 0000000000000008
> > [ 1520.532264] x13: ffff7e0018298000 x12: 0000000000000002
> > [ 1520.537582] x11: ffff000009241b93 x10: 0000000000000940
> > [ 1520.542908] x9 : ffff0000092ef800 x8 : 0000000000000200
> > [ 1520.548229] x7 : ffff800ce04e36a8 x6 : 0000000000000000
> > [ 1520.553552] x5 : 0000000000000001 x4 : 0000000000000000
> > [ 1520.558873] x3 : 0000000000000000 x2 : 0000000000000008
> > [ 1520.571696] x1 : ffff000008fd5000 x0 : ffff0000080b149c
> > [ 1520.577039] Process qemu-system-aar (pid: 53550, stack limit = 0xffff800ce04e0000)
> > [...]
> > [ 1521.510735] [<ffff0000080b137c>] stage2_get_pmd+0x34/0x110
> > [ 1521.516221] [<ffff0000080b149c>] kvm_age_hva_handler+0x44/0xf0
> > [ 1521.522054] [<ffff0000080b0610>] handle_hva_to_gpa+0xb8/0xe8
> > [ 1521.527716] [<ffff0000080b3434>] kvm_age_hva+0x44/0xf0
> > [ 1521.532854] [<ffff0000080a58b0>] kvm_mmu_notifier_clear_flush_young+0x70/0xc0
> > [ 1521.539992] [<ffff000008238378>] __mmu_notifier_clear_flush_young+0x88/0xd0
> > [ 1521.546958] [<ffff00000821eca0>] page_referenced_one+0xf0/0x188
> > [ 1521.552881] [<ffff00000821f36c>] rmap_walk_anon+0xec/0x250
> > [ 1521.558370] [<ffff000008220f78>] rmap_walk+0x78/0xa0
> > [ 1521.563337] [<ffff000008221104>] page_referenced+0x164/0x180
> > [ 1521.569002] [<ffff0000081f1af0>] shrink_active_list+0x178/0x3b8
> > [ 1521.574922] [<ffff0000081f2058>] shrink_node_memcg+0x328/0x600
> > [ 1521.580758] [<ffff0000081f23f4>] shrink_node+0xc4/0x328
> > [ 1521.585986] [<ffff0000081f2718>] do_try_to_free_pages+0xc0/0x340
> > [ 1521.592000] [<ffff0000081f2a64>] try_to_free_pages+0xcc/0x240
> > [...]
> > 
> > The trivial fix is to handle this NULL pud value early, rather than
> > dereferencing it blindly.
> > 
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> > Reviewed-by: Christoffer Dall <cdall@linaro.org>
> > Signed-off-by: Christoffer Dall <cdall@linaro.org>
> 
> Here's the patch that applies to both 4.9 and 4.11. I'll send a 4.4
> backport shortly.

Thanks for this, now applied.

greg k-h