On 03/02/16 16:56, Andre Przywara wrote:
> Commit 4b4b4512da2a ("arm/arm64: KVM: Rework the arch timer to use
> level-triggered semantics") brought the virtual architected timer
> closer to the VGIC. There is one occasion were we don't properly
> check for the VGIC actually having been initialized before, but
> instead go on to check the active state of some IRQ number.
> If userland hasn't instantiated a virtual GIC, we end up with a
> kernel NULL pointer dereference:
> =========
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> pgd = ffffffc9745c5000
> [00000000] *pgd=00000009f631e003, *pud=00000009f631e003, *pmd=0000000000000000
> Internal error: Oops: 96000006 [#2] PREEMPT SMP
> Modules linked in:
> CPU: 0 PID: 2144 Comm: kvm_simplest-ar Tainted: G D 4.5.0-rc2+ #1300
> Hardware name: ARM Juno development board (r1) (DT)
> task: ffffffc976da8000 ti: ffffffc976e28000 task.ti: ffffffc976e28000
> PC is at vgic_bitmap_get_irq_val+0x78/0x90
> LR is at kvm_vgic_map_is_active+0xac/0xc8
> pc : [<ffffffc0000b7e28>] lr : [<ffffffc0000b972c>] pstate: 20000145
> ....
> =========
>
> Fix this by bailing out early of kvm_timer_flush_hwstate() if we don't
> have a VGIC at all.
>
> Reported-by: Cosmin Gorgovan <cosmin@xxxxxxxxxxxxxx>
> Signed-off-by: Andre Przywara <andre.przywara@xxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx> # 4.4.x
Nice catch, thanks.
Acked-by: Marc Zyngier <marc.zyngier@xxxxxxx>
M.
--
Jazz is not dead. It just smells funny...
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
