[PATCH] drm/i915/kvmgt: fix suspicious rcu dereference usage

[Zhenyu Wang]

On 2017.03.13 16:44:33 +0800, changbin.du at intel.com wrote:
> From: Changbin Du <changbin.du at intel.com>
>

I'm cc Guangrong to confirm kvm lock for this.

> The srcu read lock must be held while accessing kvm memslots.
> This patch fix below warning for function kvmgt_rw_gpa().
> 
> [  165.345093] [ ERR: suspicious RCU usage.  ]
> [  165.416538] Call Trace:
> [  165.418989]  dump_stack+0x85/0xc2
> [  165.422310]  lockdep_rcu_suspicious+0xd7/0x110
> [  165.426769]  kvm_read_guest_page+0x195/0x1b0 [kvm]
> [  165.431574]  kvm_read_guest+0x50/0x90 [kvm]
> [  165.440492]  kvmgt_rw_gpa+0x43/0xa0 [kvmgt]
> [  165.444683]  kvmgt_read_gpa+0x11/0x20 [kvmgt]
> [  165.449061]  gtt_get_entry64+0x4d/0xc0 [i915]
> [  165.453438]  ppgtt_populate_shadow_page_by_guest_entry+0x380/0xdc0 [i915]
> [  165.460254]  shadow_mm+0xd1/0x460 [i915]
> [  165.472488]  intel_vgpu_create_mm+0x1ab/0x210 [i915]
> [  165.477472]  intel_vgpu_g2v_create_ppgtt_mm+0x5f/0xc0 [i915]
> [  165.483154]  pvinfo_mmio_write+0x19b/0x1d0 [i915]
> [  165.499068]  intel_vgpu_emulate_mmio_write+0x3f9/0x600 [i915]
> [  165.504827]  intel_vgpu_rw+0x114/0x150 [kvmgt]
> [  165.509281]  intel_vgpu_write+0x16f/0x1a0 [kvmgt]
> [  165.513993]  vfio_mdev_write+0x20/0x30 [vfio_mdev]
> [  165.518793]  vfio_device_fops_write+0x24/0x30 [vfio]
> [  165.523770]  __vfs_write+0x28/0x120
> [  165.540529]  vfs_write+0xce/0x1f0
> 
> Signed-off-by: Changbin Du <changbin.du at intel.com>
> Cc: stable at kernel.org
> ---
>  drivers/gpu/drm/i915/gvt/kvmgt.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
> index 84d8016..81402f0 100644
> --- a/drivers/gpu/drm/i915/gvt/kvmgt.c
> +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
> @@ -1417,7 +1417,7 @@ static int kvmgt_rw_gpa(unsigned long handle, unsigned long gpa,
>  {
>  	struct kvmgt_guest_info *info;
>  	struct kvm *kvm;
> -	int ret;
> +	int idx, ret;
>  	bool kthread = current->mm == NULL;
>  
>  	if (!handle_valid(handle))
> @@ -1429,8 +1429,10 @@ static int kvmgt_rw_gpa(unsigned long handle, unsigned long gpa,
>  	if (kthread)
>  		use_mm(kvm->mm);
>  
> +	idx = srcu_read_lock(&kvm->srcu);
>  	ret = write ? kvm_write_guest(kvm, gpa, buf, len) :
>  		      kvm_read_guest(kvm, gpa, buf, len);
> +	srcu_read_unlock(&kvm->srcu, idx);
>  
>  	if (kthread)
>  		unuse_mm(kvm->mm);
> -- 
> 2.7.4
> 
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev

-- 
Open Source Technology Center, Intel ltd.

$gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/intel-gvt-dev/attachments/20170313/0db03d7e/attachment.sig>