Hi Paolo,
On 3/25/22 19:50, Paolo Bonzini wrote:
On 3/25/22 17:38, Pavel Skripkin wrote:
Syzbot reported GPF in kvm_mmu_uninit_tdp_mmu(), which is caused by
passing NULL pointer to flush_workqueue().
tdp_mmu_zap_wq is allocated via alloc_workqueue() which may fail. There
is no error hanling and kvm_mmu_uninit_tdp_mmu() return value is simply
ignored. Even all kvm_*_init_vm() functions are void, so the easiest
solution is to check that tdp_mmu_zap_wq is valid pointer before passing
it somewhere.
Thanks for the analysis, but not scheduling the work item in
tdp_mmu_schedule_zap_root is broken; you can't just let the roots
survive (KVM uses its own workqueue because it needs to work item to
complete has to flush it before kvm_mmu_zap_all_fast returns).
Ah, I see, thanks for explanation.
I thought about propagating an error up to callers, but
kvm_mmu_uninit_tdp_mmu() returns false with config disabled, so I
decided to implement easiest fix w/o digging into details
sorry about that
With regards,
Pavel Skripkin
