On Fri, 2022-03-25 at 19:57 +0000, David Woodhouse wrote:
> On Fri, 2022-03-25 at 19:19 +0100, Paolo Bonzini wrote:
> > I am absolutely not sure that this series is the culprit in any way, but
> > anyway I'll try to reproduce (it happened at the end of a RHEL7.2
> > installation) and let you know. If not, it is something that already
> > made its way to Linus.
> >
>
> Hrm.... could it be a double/multiple free? This will come from
> __release_gpc() which is called from the end of
> kvm_gfn_to_pfn_cache_refresh() and which releases the *old* PFN.
>
> How could we get there without... oh... could it be this?
>
> --- a/virt/kvm/pfncache.c
> +++ b/virt/kvm/pfncache.c
> @@ -176,6 +176,7 @@ int kvm_gfn_to_pfn_cache_refresh(struct kvm *kvm, struct gfn_to_pfn_cache *gpc,
> gpc->uhva = gfn_to_hva_memslot(gpc->memslot, gfn);
>
> if (kvm_is_error_hva(gpc->uhva)) {
> + gpc->pfn = KVM_PFN_ERR_FAULT;
> ret = -EFAULT;
> goto out;
> }
>
>
If you're going to try to reproduce, better to do it like this instead I suppose:
--- a/virt/kvm/pfncache.c
+++ b/virt/kvm/pfncache.c
@@ -176,6 +176,7 @@ int kvm_gfn_to_pfn_cache_refresh(struct kvm *kvm, struct gfn_to_pfn_cache *gpc,
gpc->uhva = gfn_to_hva_memslot(gpc->memslot, gfn);
if (kvm_is_error_hva(gpc->uhva)) {
+ printk("Imma free PFN %llx again later. Oops!\n", gpc->pfn);
ret = -EFAULT;
goto out;
}
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
