Re: [PATCH v2] KVM: arm/arm64: Handle hva aging while destroying the vm
From: Alexander Graf
Date: Thu Jul 06 2017 - 03:08:02 EST
On 05.07.17 10:57, Suzuki K Poulose wrote:
Hi Alex,
On Wed, Jul 05, 2017 at 08:20:31AM +0200, Alexander Graf wrote:
The kvm_age_hva callback may be called all the way concurrently while
kvm_mmu_notifier_release() is running.
The release function sets kvm->arch.pgd = NULL which the aging function
however implicitly relies on in stage2_get_pud(). That means they can
race and the aging function may dereference a NULL pgd pointer.
This patch adds a check for that case, so that we leave the aging
function silently.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 293f29363 ("kvm-arm: Unmap shadow pagetables properly")
Signed-off-by: Alexander Graf <agraf@xxxxxxx>
---
v1 -> v2:
- Fix commit message
- Add Fixes and stable tags
---
virt/kvm/arm/mmu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c
index f2d5b6c..227931f 100644
--- a/virt/kvm/arm/mmu.c
+++ b/virt/kvm/arm/mmu.c
@@ -861,6 +861,10 @@ static pud_t *stage2_get_pud(struct kvm *kvm, struct kvm_mmu_memory_cache *cache
pgd_t *pgd;
pud_t *pud;
+ /* Do we clash with kvm_free_stage2_pgd()? */
+ if (!kvm->arch.pgd)
+ return NULL;
+
I think this check should be moved up in the chain. We call kvm_age_hva(), with
the kvm->mmu_lock held and we don't release it till we reach here. So, ideally,
if we find the PGD is null when we reach kvm_age_hva(), we could simply return
there, like we do for other call backs from the KVM mmu_notifier.
That probably works too - I'm not sure which version is more consistent
as well as more maintainable in the long run. I'll leave the call here
to Christoffer.
Alex