From patchwork Wed Jun 21 13:12:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 13287280 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E1365EB64DD for ; Wed, 21 Jun 2023 13:13:06 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.552721.862947 (Exim 4.92) (envelope-from ) id 1qBxdn-0001SF-Jj; Wed, 21 Jun 2023 13:12:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 552721.862947; Wed, 21 Jun 2023 13:12:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qBxdn-0001S8-GM; Wed, 21 Jun 2023 13:12:55 +0000 Received: by outflank-mailman (input) for mailman id 552721; Wed, 21 Jun 2023 13:12:54 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qBxdm-0000hv-EO for xen-devel@lists.xenproject.org; Wed, 21 Jun 2023 13:12:54 +0000 Received: from smtp-out2.suse.de (smtp-out2.suse.de [2001:67c:2178:6::1d]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 54d28229-1035-11ee-b236-6b7b168915f2; Wed, 21 Jun 2023 15:12:53 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id A60E31FE59; Wed, 21 Jun 2023 13:12:53 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 85CD4134B1; Wed, 21 Jun 2023 13:12:53 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id EJfUH1X3kmQKYQAAMHmgww (envelope-from ); Wed, 21 Jun 2023 13:12:53 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 54d28229-1035-11ee-b236-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1687353173; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OH3D5BL2oDz82o2JgztoWpCZ3H7tiujkv+/UGcR2f4o=; b=h02yh0HWqzeK9gNj1xtBPEjcJvvwrqcyOr8xi/AVYIcPP7VVzj426Zq8yjXQYSvoDStDRh uGkQ5WNDPbel1Arfy3Dec2k2C4xcfJiK5f9uI+PVLqanTSdeSCWuttexj5IaeWRvhkGVmf B+sPB9jq9GU+tX1YKGf1ae5vGJtOHvQ= From: Petr Pavlu To: jgross@suse.com, sstabellini@kernel.org, oleksandr_tyshchenko@epam.com Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, Petr Pavlu Subject: [PATCH 1/2] xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent Date: Wed, 21 Jun 2023 15:12:13 +0200 Message-Id: <20230621131214.9398-2-petr.pavlu@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230621131214.9398-1-petr.pavlu@suse.com> References: <20230621131214.9398-1-petr.pavlu@suse.com> MIME-Version: 1.0 When attempting to run Xen on a QEMU/KVM virtual machine with virtio devices (all x86_64), function xen_dt_get_node() crashes on accessing bus->bridge->parent->of_node because a bridge of the PCI root bus has no parent set: [ 1.694192][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000288 [ 1.695688][ T1] #PF: supervisor read access in kernel mode [ 1.696297][ T1] #PF: error_code(0x0000) - not-present page [ 1.696297][ T1] PGD 0 P4D 0 [ 1.696297][ T1] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 1.696297][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.3.7-1-default #1 openSUSE Tumbleweed a577eae57964bb7e83477b5a5645a1781df990f0 [ 1.696297][ T1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014 [ 1.696297][ T1] RIP: e030:xen_virtio_restricted_mem_acc+0xd9/0x1c0 [ 1.696297][ T1] Code: 45 0c 83 e8 c9 a3 ea ff 31 c0 eb d7 48 8b 87 40 ff ff ff 48 89 c2 48 8b 40 10 48 85 c0 75 f4 48 8b 82 10 01 00 00 48 8b 40 40 <48> 83 b8 88 02 00 00 00 0f 84 45 ff ff ff 66 90 31 c0 eb a5 48 89 [ 1.696297][ T1] RSP: e02b:ffffc90040013cc8 EFLAGS: 00010246 [ 1.696297][ T1] RAX: 0000000000000000 RBX: ffff888006c75000 RCX: 0000000000000029 [ 1.696297][ T1] RDX: ffff888005ed1000 RSI: ffffc900400f100c RDI: ffff888005ee30d0 [ 1.696297][ T1] RBP: ffff888006c75010 R08: 0000000000000001 R09: 0000000330000006 [ 1.696297][ T1] R10: ffff888005850028 R11: 0000000000000002 R12: ffffffff830439a0 [ 1.696297][ T1] R13: 0000000000000000 R14: ffff888005657900 R15: ffff888006e3e1e8 [ 1.696297][ T1] FS: 0000000000000000(0000) GS:ffff88804a000000(0000) knlGS:0000000000000000 [ 1.696297][ T1] CS: e030 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.696297][ T1] CR2: 0000000000000288 CR3: 0000000002e36000 CR4: 0000000000050660 [ 1.696297][ T1] Call Trace: [ 1.696297][ T1] [ 1.696297][ T1] virtio_features_ok+0x1b/0xd0 [ 1.696297][ T1] virtio_dev_probe+0x19c/0x270 [ 1.696297][ T1] really_probe+0x19b/0x3e0 [ 1.696297][ T1] __driver_probe_device+0x78/0x160 [ 1.696297][ T1] driver_probe_device+0x1f/0x90 [ 1.696297][ T1] __driver_attach+0xd2/0x1c0 [ 1.696297][ T1] bus_for_each_dev+0x74/0xc0 [ 1.696297][ T1] bus_add_driver+0x116/0x220 [ 1.696297][ T1] driver_register+0x59/0x100 [ 1.696297][ T1] virtio_console_init+0x7f/0x110 [ 1.696297][ T1] do_one_initcall+0x47/0x220 [ 1.696297][ T1] kernel_init_freeable+0x328/0x480 [ 1.696297][ T1] kernel_init+0x1a/0x1c0 [ 1.696297][ T1] ret_from_fork+0x29/0x50 [ 1.696297][ T1] [ 1.696297][ T1] Modules linked in: [ 1.696297][ T1] CR2: 0000000000000288 [ 1.696297][ T1] ---[ end trace 0000000000000000 ]--- The PCI root bus is in this case created from ACPI description via acpi_pci_root_add() -> pci_acpi_scan_root() -> acpi_pci_root_create() -> pci_create_root_bus() where the last function is called with parent=NULL. It indicates that no parent is present and then bus->bridge->parent is NULL too. Fix the problem by checking bus->bridge->parent in xen_dt_get_node() for NULL first. Fixes: ef8ae384b4c9 ("xen/virtio: Handle PCI devices which Host controller is described in DT") Signed-off-by: Petr Pavlu Reviewed-by: Oleksandr Tyshchenko Reviewed-by: Stefano Stabellini --- drivers/xen/grant-dma-ops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/xen/grant-dma-ops.c b/drivers/xen/grant-dma-ops.c index 9784a77fa3c9..76f6f26265a3 100644 --- a/drivers/xen/grant-dma-ops.c +++ b/drivers/xen/grant-dma-ops.c @@ -303,6 +303,8 @@ static struct device_node *xen_dt_get_node(struct device *dev) while (!pci_is_root_bus(bus)) bus = bus->parent; + if (!bus->bridge->parent) + return NULL; return of_node_get(bus->bridge->parent->of_node); } From patchwork Wed Jun 21 13:12:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 13287281 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AFB46C001B3 for ; Wed, 21 Jun 2023 13:13:07 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.552722.862956 (Exim 4.92) (envelope-from ) id 1qBxdp-0001j7-RA; Wed, 21 Jun 2023 13:12:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 552722.862956; Wed, 21 Jun 2023 13:12:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qBxdp-0001iy-OE; Wed, 21 Jun 2023 13:12:57 +0000 Received: by outflank-mailman (input) for mailman id 552722; Wed, 21 Jun 2023 13:12:56 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qBxdo-0000hv-BO for xen-devel@lists.xenproject.org; Wed, 21 Jun 2023 13:12:56 +0000 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 55d4e730-1035-11ee-b236-6b7b168915f2; Wed, 21 Jun 2023 15:12:55 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5964221D0A; Wed, 21 Jun 2023 13:12:55 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 3ADDA134B1; Wed, 21 Jun 2023 13:12:55 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id kMubDVf3kmQKYQAAMHmgww (envelope-from ); Wed, 21 Jun 2023 13:12:55 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 55d4e730-1035-11ee-b236-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1687353175; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VXZNBzf99S/Re0auqUhITwZGbKoAylMdpUpWJfqNnEs=; b=YxAXnBaeIC1QLya4c71Dnd7MWnN52zRwCYzAtlWAE1NHH/N5NDQTX4/Tu+fwhotb14VGCG URAvGQ6eet0QlZYOf2jJtyU9IHTDmMRbNEO7uwZOqD1L1estEo4vZi/CpAF1XL14d0hTFy hBOb1LXDca9g4Jek6AAjAjXHtcKL6j0= From: Petr Pavlu To: jgross@suse.com, sstabellini@kernel.org, oleksandr_tyshchenko@epam.com Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, Petr Pavlu Subject: [PATCH 2/2] xen/virtio: Avoid use of the dom0 backend in dom0 Date: Wed, 21 Jun 2023 15:12:14 +0200 Message-Id: <20230621131214.9398-3-petr.pavlu@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230621131214.9398-1-petr.pavlu@suse.com> References: <20230621131214.9398-1-petr.pavlu@suse.com> MIME-Version: 1.0 When attempting to run Xen on a QEMU/KVM virtual machine with virtio devices (all x86_64), dom0 tries to establish a grant for itself which eventually results in a hang during the boot. The backtrace looks as follows, the while loop in __send_control_msg() makes no progress: #0 virtqueue_get_buf_ctx (_vq=_vq@entry=0xffff8880074a8400, len=len@entry=0xffffc90000413c94, ctx=ctx@entry=0x0 ) at ../drivers/virtio/virtio_ring.c:2326 #1 0xffffffff817086b7 in virtqueue_get_buf (_vq=_vq@entry=0xffff8880074a8400, len=len@entry=0xffffc90000413c94) at ../drivers/virtio/virtio_ring.c:2333 #2 0xffffffff8175f6b2 in __send_control_msg (portdev=, port_id=0xffffffff, event=0x0, value=0x1) at ../drivers/char/virtio_console.c:562 #3 0xffffffff8175f6ee in __send_control_msg (portdev=, port_id=, event=, value=) at ../drivers/char/virtio_console.c:569 #4 0xffffffff817618b1 in virtcons_probe (vdev=0xffff88800585e800) at ../drivers/char/virtio_console.c:2098 #5 0xffffffff81707117 in virtio_dev_probe (_d=0xffff88800585e810) at ../drivers/virtio/virtio.c:305 #6 0xffffffff8198e348 in call_driver_probe (drv=0xffffffff82be40c0 , drv=0xffffffff82be40c0 , dev=0xffff88800585e810) at ../drivers/base/dd.c:579 #7 really_probe (dev=dev@entry=0xffff88800585e810, drv=drv@entry=0xffffffff82be40c0 ) at ../drivers/base/dd.c:658 #8 0xffffffff8198e58f in __driver_probe_device (drv=drv@entry=0xffffffff82be40c0 , dev=dev@entry=0xffff88800585e810) at ../drivers/base/dd.c:800 #9 0xffffffff8198e65a in driver_probe_device (drv=drv@entry=0xffffffff82be40c0 , dev=dev@entry=0xffff88800585e810) at ../drivers/base/dd.c:830 #10 0xffffffff8198e832 in __driver_attach (dev=0xffff88800585e810, data=0xffffffff82be40c0 ) at ../drivers/base/dd.c:1216 #11 0xffffffff8198bfb2 in bus_for_each_dev (bus=, start=start@entry=0x0 , data=data@entry=0xffffffff82be40c0 , fn=fn@entry=0xffffffff8198e7b0 <__driver_attach>) at ../drivers/base/bus.c:368 #12 0xffffffff8198db65 in driver_attach (drv=drv@entry=0xffffffff82be40c0 ) at ../drivers/base/dd.c:1233 #13 0xffffffff8198d207 in bus_add_driver (drv=drv@entry=0xffffffff82be40c0 ) at ../drivers/base/bus.c:673 #14 0xffffffff8198f550 in driver_register (drv=drv@entry=0xffffffff82be40c0 ) at ../drivers/base/driver.c:246 #15 0xffffffff81706b47 in register_virtio_driver (driver=driver@entry=0xffffffff82be40c0 ) at ../drivers/virtio/virtio.c:357 #16 0xffffffff832cd34b in virtio_console_init () at ../drivers/char/virtio_console.c:2258 #17 0xffffffff8100105c in do_one_initcall (fn=0xffffffff832cd2e0 ) at ../init/main.c:1246 #18 0xffffffff83277293 in do_initcall_level (command_line=0xffff888003e2f900 "root", level=0x6) at ../init/main.c:1319 #19 do_initcalls () at ../init/main.c:1335 #20 do_basic_setup () at ../init/main.c:1354 #21 kernel_init_freeable () at ../init/main.c:1571 #22 0xffffffff81f64be1 in kernel_init (unused=) at ../init/main.c:1462 #23 0xffffffff81001f49 in ret_from_fork () at ../arch/x86/entry/entry_64.S:308 #24 0x0000000000000000 in ?? () Fix the problem by preventing xen_grant_init_backend_domid() from setting dom0 as a backend when running in dom0. Fixes: 035e3a4321f7 ("xen/virtio: Optimize the setup of "xen-grant-dma" devices") Signed-off-by: Petr Pavlu --- drivers/xen/grant-dma-ops.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/xen/grant-dma-ops.c b/drivers/xen/grant-dma-ops.c index 76f6f26265a3..29ed27ac450e 100644 --- a/drivers/xen/grant-dma-ops.c +++ b/drivers/xen/grant-dma-ops.c @@ -362,7 +362,9 @@ static int xen_grant_init_backend_domid(struct device *dev, if (np) { ret = xen_dt_grant_init_backend_domid(dev, np, backend_domid); of_node_put(np); - } else if (IS_ENABLED(CONFIG_XEN_VIRTIO_FORCE_GRANT) || xen_pv_domain()) { + } else if ((IS_ENABLED(CONFIG_XEN_VIRTIO_FORCE_GRANT) || + xen_pv_domain()) && + !xen_initial_domain()) { dev_info(dev, "Using dom0 as backend\n"); *backend_domid = 0; ret = 0;