linux/arch/powerpc/kvm
Paul Mackerras 17d489019c KVM: PPC: Book3S HV: Fix list traversal in error case
This fixes a regression introduced in commit 25fedfca94, "KVM: PPC:
Book3S HV: Move vcore preemption point up into kvmppc_run_vcpu", which
leads to a user-triggerable oops.

In the case where we try to run a vcore on a physical core that is
not in single-threaded mode, or the vcore has too many threads for
the physical core, we iterate the list of runnable vcpus to make
each one return an EBUSY error to userspace.  Since this involves
taking each vcpu off the runnable_threads list for the vcore, we
need to use list_for_each_entry_safe rather than list_for_each_entry
to traverse the list.  Otherwise the kernel will crash with an oops
message like this:

Unable to handle kernel paging request for data at address 0x000fff88
Faulting instruction address: 0xd00000001e635dc8
Oops: Kernel access of bad area, sig: 11 [#2]
SMP NR_CPUS=1024 NUMA PowerNV
...
CPU: 48 PID: 91256 Comm: qemu-system-ppc Tainted: G      D        3.18.0 #1
task: c00000274e507500 ti: c0000027d1924000 task.ti: c0000027d1924000
NIP: d00000001e635dc8 LR: d00000001e635df8 CTR: c00000000011ba50
REGS: c0000027d19275b0 TRAP: 0300   Tainted: G      D         (3.18.0)
MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 22002824  XER: 00000000
CFAR: c000000000008468 DAR: 00000000000fff88 DSISR: 40000000 SOFTE: 1
GPR00: d00000001e635df8 c0000027d1927830 d00000001e64c850 0000000000000001
GPR04: 0000000000000001 0000000000000001 0000000000000000 0000000000000000
GPR08: 0000000000200200 0000000000000000 0000000000000000 d00000001e63e588
GPR12: 0000000000002200 c000000007dbc800 c000000fc7800000 000000000000000a
GPR16: fffffffffffffffc c000000fd5439690 c000000fc7801c98 0000000000000001
GPR20: 0000000000000003 c0000027d1927aa8 c000000fd543b348 c000000fd543b350
GPR24: 0000000000000000 c000000fa57f0000 0000000000000030 0000000000000000
GPR28: fffffffffffffff0 c000000fd543b328 00000000000fe468 c000000fd543b300
NIP [d00000001e635dc8] kvmppc_run_core+0x198/0x17c0 [kvm_hv]
LR [d00000001e635df8] kvmppc_run_core+0x1c8/0x17c0 [kvm_hv]
Call Trace:
[c0000027d1927830] [d00000001e635df8] kvmppc_run_core+0x1c8/0x17c0 [kvm_hv] (unreliable)
[c0000027d1927a30] [d00000001e638350] kvmppc_vcpu_run_hv+0x5b0/0xdd0 [kvm_hv]
[c0000027d1927b70] [d00000001e510504] kvmppc_vcpu_run+0x44/0x60 [kvm]
[c0000027d1927ba0] [d00000001e50d4a4] kvm_arch_vcpu_ioctl_run+0x64/0x170 [kvm]
[c0000027d1927be0] [d00000001e504be8] kvm_vcpu_ioctl+0x5e8/0x7a0 [kvm]
[c0000027d1927d40] [c0000000002d6720] do_vfs_ioctl+0x490/0x780
[c0000027d1927de0] [c0000000002d6ae4] SyS_ioctl+0xd4/0xf0
[c0000027d1927e30] [c000000000009358] syscall_exit+0x0/0x98
Instruction dump:
60000000 60420000 387e1b30 38800003 38a00001 38c00000 480087d9 e8410018
ebde1c98 7fbdf040 3bdee368 419e0048 <813e1b20> 939e1b18 2f890001 409effcc
---[ end trace 8cdf50251cca6680 ]---

Fixes: 25fedfca94
Signed-off-by: Paul Mackerras <paulus@samba.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-05-10 17:26:05 +02:00
..
book3s_32_mmu_host.c KVM: PPC: Book3S: Make magic page properly 4k mappable 2014-07-28 15:23:11 +02:00
book3s_32_mmu.c arch: powerpc: kvm: book3s_32_mmu.c: Remove unused function 2014-12-17 13:12:25 +01:00
book3s_32_sr.S KVM: PPC: book3s_pr: Simplify transitions between virtual and real mode 2011-09-25 19:52:29 +03:00
book3s_64_mmu_host.c KVM: PPC: Book3S: Make magic page properly 4k mappable 2014-07-28 15:23:11 +02:00
book3s_64_mmu_hv.c powerpc fixes for 4.1 2015-04-26 13:23:15 -07:00
book3s_64_mmu.c KVM: PPC: Disable NX for old magic page using guests 2014-05-30 14:26:24 +02:00
book3s_64_slb.S KVM: PPC: Book3S PR: Rework SLB switching code 2014-05-30 14:26:30 +02:00
book3s_64_vio_hv.c KVM: PPC: Book3S: Introduce hypervisor call H_GET_TCE 2014-03-26 23:34:27 +11:00
book3s_64_vio.c ppc: kvm: use anon_inode_getfd() with O_CLOEXEC flag 2013-08-26 13:19:56 +03:00
book3s_emulate.c KVM: PPC: PR: Handle FSCR feature deselects 2014-07-31 10:23:46 +02:00
book3s_exports.c KVM: PPC: Make shared struct aka magic page guest endian 2014-05-30 14:26:21 +02:00
book3s_hv_builtin.c KVM: PPC: Book3S HV: Use msgsnd for signalling threads on POWER8 2015-04-21 15:21:34 +02:00
book3s_hv_interrupts.S powerpc/kvm: Create proper names for the kvm_host_state PMU fields 2014-12-29 15:45:55 +11:00
book3s_hv_ras.c powerpc/book3s: Fix flush_tlb cpu_spec hook to take a generic argument. 2015-03-17 07:52:48 +11:00
book3s_hv_rm_mmu.c powerpc fixes for 4.1 2015-04-26 13:23:15 -07:00
book3s_hv_rm_xics.c KVM: PPC: Book3S HV: Translate kvmhv_commence_exit to C 2015-04-21 15:21:34 +02:00
book3s_hv_rmhandlers.S KVM: PPC: Book3S HV: Use msgsnd for signalling threads on POWER8 2015-04-21 15:21:34 +02:00
book3s_hv.c KVM: PPC: Book3S HV: Fix list traversal in error case 2015-05-10 17:26:05 +02:00
book3s_interrupts.S KVM: PPC: Book3S PR: Fix ABIv2 on LE 2014-07-28 15:22:15 +02:00
book3s_mmu_hpte.c kvm: powerpc: book3s: pr: move PR related tracepoints to a separate header 2013-10-17 15:36:22 +02:00
book3s_paired_singles.c arch: powerpc: kvm: book3s_paired_singles.c: Remove unused function 2014-12-17 13:13:29 +01:00
book3s_pr_papr.c kvmppc: Implement H_LOGICAL_CI_{LOAD,STORE} in KVM 2015-04-21 15:21:28 +02:00
book3s_pr.c arch: powerpc: kvm: book3s_pr.c: Remove unused function 2014-12-17 13:13:16 +01:00
book3s_rmhandlers.S KVM: PPC: Book3S PR: Fix ABIv2 on LE 2014-07-28 15:22:15 +02:00
book3s_rtas.c KVM: PPC: RTAS: Do byte swaps explicitly 2014-07-07 23:17:20 +02:00
book3s_segment.S KVM: PPC: Book3S PR: Handle Facility interrupt and FSCR 2014-05-30 14:26:22 +02:00
book3s_xics.c powerpc/kvm: Fix SMP=n build error in book3s_xics.c 2015-04-29 08:06:32 +10:00
book3s_xics.h KVM: PPC: Book3S HV: Add ICP real mode counters 2015-04-21 15:21:30 +02:00
book3s.c kvmppc: Implement H_LOGICAL_CI_{LOAD,STORE} in KVM 2015-04-21 15:21:28 +02:00
book3s.h kvm: Fix page ageing bugs 2014-09-24 14:07:58 +02:00
booke_emulate.c KVM: PPC: BOOKE: Emulate debug registers and exception 2014-09-22 10:11:33 +02:00
booke_interrupts.S KVM: PPC: Remove 440 support 2014-07-28 15:23:15 +02:00
booke.c kvm: add halt_poll_ns module parameter 2015-02-06 13:08:37 +01:00
booke.h KVM: PPC: Book3e: Add AltiVec support 2014-09-22 10:11:32 +02:00
bookehv_interrupts.S powerpc/kvm: common sw breakpoint instr across ppc 2014-09-22 10:11:36 +02:00
e500_emulate.c KVM: PPC: Book3e: Add AltiVec support 2014-09-22 10:11:32 +02:00
e500_mmu_host.c powerpc/mm/thp: Make page table walk safe against thp split/collapse 2015-04-17 11:23:39 +10:00
e500_mmu_host.h KVM: PPC: E500: Make clear_tlb_refs and clear_tlb1_bitmap static 2013-01-24 19:23:33 +01:00
e500_mmu.c KVM: PPC: e500: Fix bad address type in deliver_tlb_misss() 2014-01-27 16:00:54 +01:00
e500.c 3.19 changes for KVM: 2014-12-18 16:05:28 -08:00
e500.h KVM: PPC: e500mc: Add support for single threaded vcpus on e6500 core 2014-09-22 10:11:35 +02:00
e500mc.c powerpc: Replace __get_cpu_var uses 2014-11-03 12:12:32 +11:00
emulate_loadstore.c KVM: PPC: Pass enum to kvmppc_get_last_inst 2014-09-22 10:11:36 +02:00
emulate.c KVM: PPC: Pass enum to kvmppc_get_last_inst 2014-09-22 10:11:36 +02:00
fpu.S
irq.h KVM: PPC: Book3S: Add API for in-kernel XICS emulation 2013-05-02 15:28:36 +02:00
Kconfig powerpc fixes for 4.1 2015-04-26 13:23:15 -07:00
Makefile Here are the PPC and ARM changes for KVM, which I separated because 2014-08-07 11:35:30 -07:00
mpic.c kvm/ppc/mpic: drop unused IRQ_testbit 2015-04-08 10:46:58 +02:00
powerpc.c This mostly includes the PPC changes for 4.1, which this time cover 2015-04-26 13:06:22 -07:00
timing.c KVM: PPC: Remove DCR handling 2014-07-28 19:29:15 +02:00
timing.h KVM: PPC: Remove DCR handling 2014-07-28 19:29:15 +02:00
trace_book3s.h KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions 2014-12-17 13:29:27 +01:00
trace_booke.h KVM: PPC: BookE: Improve irq inject tracepoint 2014-12-15 13:27:23 +01:00
trace_hv.h KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions 2014-12-17 13:29:27 +01:00
trace_pr.h KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions 2014-12-17 13:29:27 +01:00
trace.h kvm: powerpc: booke: Move booke related tracepoints to separate header 2013-10-17 15:37:16 +02:00