| Message ID | 148527662612.23856.14258969006565989096.stgit@bahia (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, 24 Jan 2017 17:50:26 +0100 Greg Kurz <groug@kaod.org> wrote: > The recently added mediated VFIO driver doesn't know about powerpc iommu. > It thus doesn't register a struct iommu_table_group in the iommu group > upon device creation. The iommu_data pointer hence remains null. > > This causes a kernel oops when userspace tries to set the iommu type of a > container associated with a mediated device to VFIO_SPAPR_TCE_v2_IOMMU. > > [ 82.585440] mtty mtty: MDEV: Registered > [ 87.655522] iommu: Adding device 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001 to group 10 > [ 87.655527] vfio_mdev 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001: MDEV: group_id = 10 > [ 116.297184] Unable to handle kernel paging request for data at address 0x00000030 > [ 116.297389] Faulting instruction address: 0xd000000007870524 > [ 116.297465] Oops: Kernel access of bad area, sig: 11 [#1] > [ 116.297611] SMP NR_CPUS=2048 > [ 116.297611] NUMA > [ 116.297627] PowerNV > ... > [ 116.297954] CPU: 33 PID: 7067 Comm: qemu-system-ppc Not tainted 4.10.0-rc5-mdev-test #8 > [ 116.297993] task: c000000e7718b680 task.stack: c000000e77214000 > [ 116.298025] NIP: d000000007870524 LR: d000000007870518 CTR: 0000000000000000 > [ 116.298064] REGS: c000000e77217990 TRAP: 0300 Not tainted (4.10.0-rc5-mdev-test) > [ 116.298103] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> > [ 116.298107] CR: 84004444 XER: 00000000 > [ 116.298154] CFAR: c00000000000888c DAR: 0000000000000030 DSISR: 40000000 SOFTE: 1 > GPR00: d000000007870518 c000000e77217c10 d00000000787b0ed c000000eed2103c0 > GPR04: 0000000000000000 0000000000000000 c000000eed2103e0 0000000f24320000 > GPR08: 0000000000000104 0000000000000001 0000000000000000 d0000000078729b0 > GPR12: c00000000025b7e0 c00000000fe08400 0000000000000001 000001002d31d100 > GPR16: 000001002c22c850 00003ffff315c750 0000000043145680 0000000043141bc0 > GPR20: ffffffffffffffed fffffffffffff000 0000000020003b65 d000000007706018 > GPR24: c000000f16cf0d98 d000000007706000 c000000003f42980 c000000003f42980 > GPR28: c000000f1575ac00 c000000003f429c8 0000000000000000 c000000eed2103c0 > [ 116.298504] NIP [d000000007870524] tce_iommu_attach_group+0x10c/0x360 [vfio_iommu_spapr_tce] > [ 116.298555] LR [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] > [ 116.298601] Call Trace: > [ 116.298610] [c000000e77217c10] [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] (unreliable) > [ 116.298671] [c000000e77217cb0] [d0000000077033a0] vfio_fops_unl_ioctl+0x278/0x3e0 [vfio] > [ 116.298713] [c000000e77217d40] [c0000000002a3ebc] do_vfs_ioctl+0xcc/0x8b0 > [ 116.298745] [c000000e77217de0] [c0000000002a4700] SyS_ioctl+0x60/0xc0 > [ 116.298782] [c000000e77217e30] [c00000000000b220] system_call+0x38/0xfc > [ 116.298812] Instruction dump: > [ 116.298828] 7d3f4b78 409effc8 3d220000 e9298020 3c800140 38a00018 608480c0 e8690028 > [ 116.298869] 4800249d e8410018 7c7f1b79 41820230 <e93e0030> 2fa90000 419e0114 e9090020 > [ 116.298914] ---[ end trace 1e10b0ced08b9120 ]--- > > This patch fixes the oops. > > Reported-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com> > Signed-off-by: Greg Kurz <groug@kaod.org> > --- > drivers/vfio/vfio_iommu_spapr_tce.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/vfio/vfio_iommu_spapr_tce.c b/drivers/vfio/vfio_iommu_spapr_tce.c > index c8823578a1b2..128d10282d16 100644 > --- a/drivers/vfio/vfio_iommu_spapr_tce.c > +++ b/drivers/vfio/vfio_iommu_spapr_tce.c > @@ -1270,6 +1270,10 @@ static int tce_iommu_attach_group(void *iommu_data, > /* pr_debug("tce_vfio: Attaching group #%u to iommu %p\n", > iommu_group_id(iommu_group), iommu_group); */ > table_group = iommu_group_get_iommudata(iommu_group); > + if (!table_group) { > + ret = -ENODEV; > + goto unlock_exit; > + } > > if (tce_groups_attached(container) && (!table_group->ops || > !table_group->ops->take_ownership || > Seems sane to me. David/Alexey, please review. Thanks, Alex
On Tue, Jan 24, 2017 at 11:07:59AM -0700, Alex Williamson wrote: > On Tue, 24 Jan 2017 17:50:26 +0100 > Greg Kurz <groug@kaod.org> wrote: > > > The recently added mediated VFIO driver doesn't know about powerpc iommu. > > It thus doesn't register a struct iommu_table_group in the iommu group > > upon device creation. The iommu_data pointer hence remains null. > > > > This causes a kernel oops when userspace tries to set the iommu type of a > > container associated with a mediated device to VFIO_SPAPR_TCE_v2_IOMMU. > > > > [ 82.585440] mtty mtty: MDEV: Registered > > [ 87.655522] iommu: Adding device 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001 to group 10 > > [ 87.655527] vfio_mdev 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001: MDEV: group_id = 10 > > [ 116.297184] Unable to handle kernel paging request for data at address 0x00000030 > > [ 116.297389] Faulting instruction address: 0xd000000007870524 > > [ 116.297465] Oops: Kernel access of bad area, sig: 11 [#1] > > [ 116.297611] SMP NR_CPUS=2048 > > [ 116.297611] NUMA > > [ 116.297627] PowerNV > > ... > > [ 116.297954] CPU: 33 PID: 7067 Comm: qemu-system-ppc Not tainted 4.10.0-rc5-mdev-test #8 > > [ 116.297993] task: c000000e7718b680 task.stack: c000000e77214000 > > [ 116.298025] NIP: d000000007870524 LR: d000000007870518 CTR: 0000000000000000 > > [ 116.298064] REGS: c000000e77217990 TRAP: 0300 Not tainted (4.10.0-rc5-mdev-test) > > [ 116.298103] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> > > [ 116.298107] CR: 84004444 XER: 00000000 > > [ 116.298154] CFAR: c00000000000888c DAR: 0000000000000030 DSISR: 40000000 SOFTE: 1 > > GPR00: d000000007870518 c000000e77217c10 d00000000787b0ed c000000eed2103c0 > > GPR04: 0000000000000000 0000000000000000 c000000eed2103e0 0000000f24320000 > > GPR08: 0000000000000104 0000000000000001 0000000000000000 d0000000078729b0 > > GPR12: c00000000025b7e0 c00000000fe08400 0000000000000001 000001002d31d100 > > GPR16: 000001002c22c850 00003ffff315c750 0000000043145680 0000000043141bc0 > > GPR20: ffffffffffffffed fffffffffffff000 0000000020003b65 d000000007706018 > > GPR24: c000000f16cf0d98 d000000007706000 c000000003f42980 c000000003f42980 > > GPR28: c000000f1575ac00 c000000003f429c8 0000000000000000 c000000eed2103c0 > > [ 116.298504] NIP [d000000007870524] tce_iommu_attach_group+0x10c/0x360 [vfio_iommu_spapr_tce] > > [ 116.298555] LR [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] > > [ 116.298601] Call Trace: > > [ 116.298610] [c000000e77217c10] [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] (unreliable) > > [ 116.298671] [c000000e77217cb0] [d0000000077033a0] vfio_fops_unl_ioctl+0x278/0x3e0 [vfio] > > [ 116.298713] [c000000e77217d40] [c0000000002a3ebc] do_vfs_ioctl+0xcc/0x8b0 > > [ 116.298745] [c000000e77217de0] [c0000000002a4700] SyS_ioctl+0x60/0xc0 > > [ 116.298782] [c000000e77217e30] [c00000000000b220] system_call+0x38/0xfc > > [ 116.298812] Instruction dump: > > [ 116.298828] 7d3f4b78 409effc8 3d220000 e9298020 3c800140 38a00018 608480c0 e8690028 > > [ 116.298869] 4800249d e8410018 7c7f1b79 41820230 <e93e0030> 2fa90000 419e0114 e9090020 > > [ 116.298914] ---[ end trace 1e10b0ced08b9120 ]--- > > > > This patch fixes the oops. > > > > Reported-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com> > > Signed-off-by: Greg Kurz <groug@kaod.org> > > --- > > drivers/vfio/vfio_iommu_spapr_tce.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/drivers/vfio/vfio_iommu_spapr_tce.c b/drivers/vfio/vfio_iommu_spapr_tce.c > > index c8823578a1b2..128d10282d16 100644 > > --- a/drivers/vfio/vfio_iommu_spapr_tce.c > > +++ b/drivers/vfio/vfio_iommu_spapr_tce.c > > @@ -1270,6 +1270,10 @@ static int tce_iommu_attach_group(void *iommu_data, > > /* pr_debug("tce_vfio: Attaching group #%u to iommu %p\n", > > iommu_group_id(iommu_group), iommu_group); */ > > table_group = iommu_group_get_iommudata(iommu_group); > > + if (!table_group) { > > + ret = -ENODEV; > > + goto unlock_exit; > > + } > > > > if (tce_groups_attached(container) && (!table_group->ops || > > !table_group->ops->take_ownership || > > > > Seems sane to me. > > David/Alexey, please review. Thanks, Seems reasonable.
diff --git a/drivers/vfio/vfio_iommu_spapr_tce.c b/drivers/vfio/vfio_iommu_spapr_tce.c index c8823578a1b2..128d10282d16 100644 --- a/drivers/vfio/vfio_iommu_spapr_tce.c +++ b/drivers/vfio/vfio_iommu_spapr_tce.c @@ -1270,6 +1270,10 @@ static int tce_iommu_attach_group(void *iommu_data, /* pr_debug("tce_vfio: Attaching group #%u to iommu %p\n", iommu_group_id(iommu_group), iommu_group); */ table_group = iommu_group_get_iommudata(iommu_group); + if (!table_group) { + ret = -ENODEV; + goto unlock_exit; + } if (tce_groups_attached(container) && (!table_group->ops || !table_group->ops->take_ownership ||
The recently added mediated VFIO driver doesn't know about powerpc iommu. It thus doesn't register a struct iommu_table_group in the iommu group upon device creation. The iommu_data pointer hence remains null. This causes a kernel oops when userspace tries to set the iommu type of a container associated with a mediated device to VFIO_SPAPR_TCE_v2_IOMMU. [ 82.585440] mtty mtty: MDEV: Registered [ 87.655522] iommu: Adding device 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001 to group 10 [ 87.655527] vfio_mdev 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001: MDEV: group_id = 10 [ 116.297184] Unable to handle kernel paging request for data at address 0x00000030 [ 116.297389] Faulting instruction address: 0xd000000007870524 [ 116.297465] Oops: Kernel access of bad area, sig: 11 [#1] [ 116.297611] SMP NR_CPUS=2048 [ 116.297611] NUMA [ 116.297627] PowerNV ... [ 116.297954] CPU: 33 PID: 7067 Comm: qemu-system-ppc Not tainted 4.10.0-rc5-mdev-test #8 [ 116.297993] task: c000000e7718b680 task.stack: c000000e77214000 [ 116.298025] NIP: d000000007870524 LR: d000000007870518 CTR: 0000000000000000 [ 116.298064] REGS: c000000e77217990 TRAP: 0300 Not tainted (4.10.0-rc5-mdev-test) [ 116.298103] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> [ 116.298107] CR: 84004444 XER: 00000000 [ 116.298154] CFAR: c00000000000888c DAR: 0000000000000030 DSISR: 40000000 SOFTE: 1 GPR00: d000000007870518 c000000e77217c10 d00000000787b0ed c000000eed2103c0 GPR04: 0000000000000000 0000000000000000 c000000eed2103e0 0000000f24320000 GPR08: 0000000000000104 0000000000000001 0000000000000000 d0000000078729b0 GPR12: c00000000025b7e0 c00000000fe08400 0000000000000001 000001002d31d100 GPR16: 000001002c22c850 00003ffff315c750 0000000043145680 0000000043141bc0 GPR20: ffffffffffffffed fffffffffffff000 0000000020003b65 d000000007706018 GPR24: c000000f16cf0d98 d000000007706000 c000000003f42980 c000000003f42980 GPR28: c000000f1575ac00 c000000003f429c8 0000000000000000 c000000eed2103c0 [ 116.298504] NIP [d000000007870524] tce_iommu_attach_group+0x10c/0x360 [vfio_iommu_spapr_tce] [ 116.298555] LR [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] [ 116.298601] Call Trace: [ 116.298610] [c000000e77217c10] [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] (unreliable) [ 116.298671] [c000000e77217cb0] [d0000000077033a0] vfio_fops_unl_ioctl+0x278/0x3e0 [vfio] [ 116.298713] [c000000e77217d40] [c0000000002a3ebc] do_vfs_ioctl+0xcc/0x8b0 [ 116.298745] [c000000e77217de0] [c0000000002a4700] SyS_ioctl+0x60/0xc0 [ 116.298782] [c000000e77217e30] [c00000000000b220] system_call+0x38/0xfc [ 116.298812] Instruction dump: [ 116.298828] 7d3f4b78 409effc8 3d220000 e9298020 3c800140 38a00018 608480c0 e8690028 [ 116.298869] 4800249d e8410018 7c7f1b79 41820230 <e93e0030> 2fa90000 419e0114 e9090020 [ 116.298914] ---[ end trace 1e10b0ced08b9120 ]--- This patch fixes the oops. Reported-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <groug@kaod.org> --- drivers/vfio/vfio_iommu_spapr_tce.c | 4 ++++ 1 file changed, 4 insertions(+)