75b4962026
When accessing the ESB page of a source interrupt, the fault handler
will retrieve the page address from the XIVE interrupt 'xive_irq_data'
structure. If the associated KVM XIVE interrupt is not valid, that is
not allocated at the HW level for some reason, the fault handler will
dereference a NULL pointer leading to the oops below :
WARNING: CPU: 40 PID: 59101 at arch/powerpc/kvm/book3s_xive_native.c:259 xive_native_esb_fault+0xe4/0x240 [kvm]
CPU: 40 PID: 59101 Comm: qemu-system-ppc Kdump: loaded Tainted: G W --------- - - 4.18.0-240.el8.ppc64le #1
NIP: c00800000e949fac LR: c00000000044b164 CTR: c00800000e949ec8
REGS: c000001f69617840 TRAP: 0700 Tainted: G W --------- - - (4.18.0-240.el8.ppc64le)
MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 44044282 XER: 00000000
CFAR: c00000000044b160 IRQMASK: 0
GPR00: c00000000044b164 c000001f69617ac0 c00800000e96e000 c000001f69617c10
GPR04: 05faa2b21e000080 0000000000000000 0000000000000005 ffffffffffffffff
GPR08: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
GPR12: c00800000e949ec8 c000001ffffd3400 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 0000000000000000 0000000000000000 c000001f5c065160 c000000001c76f90
GPR24: c000001f06f20000 c000001f5c065100 0000000000000008 c000001f0eb98c78
GPR28: c000001dcab40000 c000001dcab403d8 c000001f69617c10 0000000000000011
NIP [c00800000e949fac] xive_native_esb_fault+0xe4/0x240 [kvm]
LR [c00000000044b164] __do_fault+0x64/0x220
Call Trace:
[c000001f69617ac0] [0000000137a5dc20] 0x137a5dc20 (unreliable)
[c000001f69617b50] [c00000000044b164] __do_fault+0x64/0x220
[c000001f69617b90] [c000000000453838] do_fault+0x218/0x930
[c000001f69617bf0] [c000000000456f50] __handle_mm_fault+0x350/0xdf0
[c000001f69617cd0] [c000000000457b1c] handle_mm_fault+0x12c/0x310
[c000001f69617d10] [c00000000007ef44] __do_page_fault+0x264/0xbb0
[c000001f69617df0] [c00000000007f8c8] do_page_fault+0x38/0xd0
[c000001f69617e30] [c00000000000a714] handle_page_fault+0x18/0x38
Instruction dump:
40c2fff0 7c2004ac 2fa90000 409e0118 73e90001 41820080 e8bd0008 7c2004ac
7ca90074 39400000 915c0000 7929d182 <0b090000> 2fa50000 419e0080 e89e0018
---[ end trace 66c6ff034c53f64f ]---
xive-kvm: xive_native_esb_fault: accessing invalid ESB page for source 8 !
Fix that by checking the validity of the KVM XIVE interrupt structure.
Fixes:
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| book3s.c | ||
| book3s.h | ||
| book3s_32_mmu.c | ||
| book3s_32_mmu_host.c | ||
| book3s_32_sr.S | ||
| book3s_64_mmu.c | ||
| book3s_64_mmu_host.c | ||
| book3s_64_mmu_hv.c | ||
| book3s_64_mmu_radix.c | ||
| book3s_64_slb.S | ||
| book3s_64_vio.c | ||
| book3s_64_vio_hv.c | ||
| book3s_emulate.c | ||
| book3s_exports.c | ||
| book3s_hv.c | ||
| book3s_hv_builtin.c | ||
| book3s_hv_hmi.c | ||
| book3s_hv_interrupts.S | ||
| book3s_hv_nested.c | ||
| book3s_hv_ras.c | ||
| book3s_hv_rm_mmu.c | ||
| book3s_hv_rm_xics.c | ||
| book3s_hv_rm_xive.c | ||
| book3s_hv_rmhandlers.S | ||
| book3s_hv_tm.c | ||
| book3s_hv_tm_builtin.c | ||
| book3s_hv_uvmem.c | ||
| book3s_interrupts.S | ||
| book3s_mmu_hpte.c | ||
| book3s_paired_singles.c | ||
| book3s_pr.c | ||
| book3s_pr_papr.c | ||
| book3s_rmhandlers.S | ||
| book3s_rtas.c | ||
| book3s_segment.S | ||
| book3s_xics.c | ||
| book3s_xics.h | ||
| book3s_xive.c | ||
| book3s_xive.h | ||
| book3s_xive_native.c | ||
| book3s_xive_template.c | ||
| booke.c | ||
| booke.h | ||
| booke_emulate.c | ||
| booke_interrupts.S | ||
| bookehv_interrupts.S | ||
| e500.c | ||
| e500.h | ||
| e500_emulate.c | ||
| e500_mmu.c | ||
| e500_mmu_host.c | ||
| e500_mmu_host.h | ||
| e500mc.c | ||
| emulate.c | ||
| emulate_loadstore.c | ||
| fpu.S | ||
| irq.h | ||
| mpic.c | ||
| powerpc.c | ||
| timing.c | ||
| timing.h | ||
| tm.S | ||
| trace.h | ||
| trace_book3s.h | ||
| trace_booke.h | ||
| trace_hv.h | ||
| trace_pr.h | ||