From patchwork Tue Jun  6 13:56:29 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 9768935
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	6F38D60364 for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue,  6 Jun 2017 13:57:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B94727D4D
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue,  6 Jun 2017 13:57:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5026728358; Tue,  6 Jun 2017 13:57:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID autolearn=unavailable version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C266E27D4D
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue,  6 Jun 2017 13:57:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=uUmPjLTuyskmyTvr5Fm4VuklYG+3OLdKVL4Eqtg+MmQ=;
	b=ejCu+Z7ovdsDyYBF6Pw/7AdY9H
	M9nLoleBUBpC9UTUEV2sjdgSGDf/s8apdxTvDp7ZSiyqjm08dww6poKnZlh3JgFkZsFJYMutMBnlQ
	2MKNtTjKV14YkhvzF81oGxxq79o0bg+Ljp5NoWz0x743ciUTEKSIVql9RavHw4iGn8mxT3GVZx8IC
	B9soyA37h9rqZS8JUJu+AddpuHDksRL0sLqGH5jnStkAptDkTqNC7SBwvm3bilQmklpoLv+F9mi7k
	0B9vRGcLbSKSdSJoJTYr0XmC2JNd/CnJKTQhmXvRG5uHxuVpkG/8mQfkLb/nkTBTaq2rPUbjPRG56
	Xs4BqA6g==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1dIEzU-0006dy-Sh; Tue, 06 Jun 2017 13:57:48 +0000
Received: from mail-wm0-x234.google.com ([2a00:1450:400c:c09::234])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1dIEyr-0005lE-LY for linux-arm-kernel@lists.infradead.org;
	Tue, 06 Jun 2017 13:57:12 +0000
Received: by mail-wm0-x234.google.com with SMTP id n195so101311591wmg.1
	for <linux-arm-kernel@lists.infradead.org>;
	Tue, 06 Jun 2017 06:56:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=S5X4aVMVwKwyxCJ1P/KCFfH7YvSJsKAmtf5ebjhgSb8=;
	b=G9mB47gw8S4NY4d6ZVWcOcoUN6/qEdaxQwY8u19/rXdq71M7ccU19BToNemDdWXZ95
	Hml4ayt+gpRtF7506uYW1TLRJQoddaAMvmXdJsN24h5x9kceUqVXkEUfFBBPn+pb0boN
	FvnjotUmAMpCPqYXg+8Bn09BHwmVganuzqO4s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=S5X4aVMVwKwyxCJ1P/KCFfH7YvSJsKAmtf5ebjhgSb8=;
	b=CCCNijCmZfLf9go1LNSGI2LP53thdhfrvQ9DXiQ061UH1/i+aeuRS1lovg+zw4aAc4
	rgaKcN09Ye4e3hnD3E4G77AlwLxZFMDjbS2w8WBp0blSlLX68789PM6YmYvLdX2kg3GY
	RVnbf2AeFqTK9DAv9CGSK+w+p0FpVa1o1yl3qXeeoPH7M4vRemV5R6Eh4pn/iDf6zMiB
	FmnyqEl+MSedG9nw8P0NwgbbDkHSGIZo1m7oPitAql1h8cGjsR2p00orO/c0AQjiTb6E
	+ike0oUOjGH0mNkzDujzhxwtVFqnigijsvyv1cIllwnANU2OGvYilqLjg5R6DQE5qtJY
	TsLA==
X-Gm-Message-State: AODbwcC3JlVlmWBVn9iDgGREVioasymVLIBRxl+QEXm8zZGpN/994IIh
	dK2Q3BJz2Iuezs1+62Hi0Q==
X-Received: by 10.80.137.136 with SMTP id g8mr12670336edg.125.1496757408148;
	Tue, 06 Jun 2017 06:56:48 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
	[217.61.220.45]) by smtp.gmail.com with ESMTPSA id
	b30sm14791532edd.6.2017.06.06.06.56.47
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 06 Jun 2017 06:56:47 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
Subject: [PULL 3/3] KVM: arm/arm64: Handle possible NULL stage2 pud when
	ageing pages
Date: Tue,  6 Jun 2017 15:56:29 +0200
Message-Id: <20170606135629.31664-4-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170606135629.31664-1-cdall@linaro.org>
References: <20170606135629.31664-1-cdall@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170606_065709_871993_4FCE048F 
X-CRM114-Status: GOOD (  12.91  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Christoffer Dall <cdall@linaro.org>, kvm@vger.kernel.org,
	Marc Zyngier <marc.zyngier@arm.com>, stable@vger.kernel.org,
	kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Marc Zyngier <marc.zyngier@arm.com>

Under memory pressure, we start ageing pages, which amounts to parsing
the page tables. Since we don't want to allocate any extra level,
we pass NULL for our private allocation cache. Which means that
stage2_get_pud() is allowed to fail. This results in the following
splat:

[ 1520.409577] Unable to handle kernel NULL pointer dereference at virtual address 00000008
[ 1520.417741] pgd = ffff810f52fef000
[ 1520.421201] [00000008] *pgd=0000010f636c5003, *pud=0000010f56f48003, *pmd=0000000000000000
[ 1520.429546] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[ 1520.435156] Modules linked in:
[ 1520.438246] CPU: 15 PID: 53550 Comm: qemu-system-aar Tainted: G        W       4.12.0-rc4-00027-g1885c397eaec #7205
[ 1520.448705] Hardware name: FOXCONN R2-1221R-A4/C2U4N_MB, BIOS G31FB12A 10/26/2016
[ 1520.463726] task: ffff800ac5fb4e00 task.stack: ffff800ce04e0000
[ 1520.469666] PC is at stage2_get_pmd+0x34/0x110
[ 1520.474119] LR is at kvm_age_hva_handler+0x44/0xf0
[ 1520.478917] pc : [<ffff0000080b137c>] lr : [<ffff0000080b149c>] pstate: 40000145
[ 1520.486325] sp : ffff800ce04e33d0
[ 1520.489644] x29: ffff800ce04e33d0 x28: 0000000ffff40064
[ 1520.494967] x27: 0000ffff27e00000 x26: 0000000000000000
[ 1520.500289] x25: ffff81051ba65008 x24: 0000ffff40065000
[ 1520.505618] x23: 0000ffff40064000 x22: 0000000000000000
[ 1520.510947] x21: ffff810f52b20000 x20: 0000000000000000
[ 1520.516274] x19: 0000000058264000 x18: 0000000000000000
[ 1520.521603] x17: 0000ffffa6fe7438 x16: ffff000008278b70
[ 1520.526940] x15: 000028ccd8000000 x14: 0000000000000008
[ 1520.532264] x13: ffff7e0018298000 x12: 0000000000000002
[ 1520.537582] x11: ffff000009241b93 x10: 0000000000000940
[ 1520.542908] x9 : ffff0000092ef800 x8 : 0000000000000200
[ 1520.548229] x7 : ffff800ce04e36a8 x6 : 0000000000000000
[ 1520.553552] x5 : 0000000000000001 x4 : 0000000000000000
[ 1520.558873] x3 : 0000000000000000 x2 : 0000000000000008
[ 1520.571696] x1 : ffff000008fd5000 x0 : ffff0000080b149c
[ 1520.577039] Process qemu-system-aar (pid: 53550, stack limit = 0xffff800ce04e0000)
[...]
[ 1521.510735] [<ffff0000080b137c>] stage2_get_pmd+0x34/0x110
[ 1521.516221] [<ffff0000080b149c>] kvm_age_hva_handler+0x44/0xf0
[ 1521.522054] [<ffff0000080b0610>] handle_hva_to_gpa+0xb8/0xe8
[ 1521.527716] [<ffff0000080b3434>] kvm_age_hva+0x44/0xf0
[ 1521.532854] [<ffff0000080a58b0>] kvm_mmu_notifier_clear_flush_young+0x70/0xc0
[ 1521.539992] [<ffff000008238378>] __mmu_notifier_clear_flush_young+0x88/0xd0
[ 1521.546958] [<ffff00000821eca0>] page_referenced_one+0xf0/0x188
[ 1521.552881] [<ffff00000821f36c>] rmap_walk_anon+0xec/0x250
[ 1521.558370] [<ffff000008220f78>] rmap_walk+0x78/0xa0
[ 1521.563337] [<ffff000008221104>] page_referenced+0x164/0x180
[ 1521.569002] [<ffff0000081f1af0>] shrink_active_list+0x178/0x3b8
[ 1521.574922] [<ffff0000081f2058>] shrink_node_memcg+0x328/0x600
[ 1521.580758] [<ffff0000081f23f4>] shrink_node+0xc4/0x328
[ 1521.585986] [<ffff0000081f2718>] do_try_to_free_pages+0xc0/0x340
[ 1521.592000] [<ffff0000081f2a64>] try_to_free_pages+0xcc/0x240
[...]

The trivial fix is to handle this NULL pud value early, rather than
dereferencing it blindly.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 virt/kvm/arm/mmu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c
index a2d6324..e2e5eff 100644
--- a/virt/kvm/arm/mmu.c
+++ b/virt/kvm/arm/mmu.c
@@ -879,6 +879,9 @@ static pmd_t *stage2_get_pmd(struct kvm *kvm, struct kvm_mmu_memory_cache *cache
 	pmd_t *pmd;
 
 	pud = stage2_get_pud(kvm, cache, addr);
+	if (!pud)
+		return NULL;
+
 	if (stage2_pud_none(*pud)) {
 		if (!cache)
 			return NULL;