Re: [Bug 217247] New: BUG: kernel NULL pointer dereference, address: 000000000000000c / speculation_ctrl_update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+tglx

On Sat, Mar 25, 2023, bugzilla-daemon@xxxxxxxxxx wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=217247
> 
>             Bug ID: 217247
>            Summary: BUG: kernel NULL pointer dereference, address:
>                     000000000000000c / speculation_ctrl_update
>            Product: Virtualization
>            Version: unspecified
>     Kernel Version: 6.1.20
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: kvm
>           Assignee: virtualization_kvm@xxxxxxxxxxxxxxxxxxxx
>           Reporter: hvtaifwkbgefbaei@xxxxxxxxx
>         Regression: No
> 
> Created attachment 304023
>   --> https://bugzilla.kernel.org/attachment.cgi?id=304023&action=edit
> kernel config
> 
> This is 6.1.20 with only ZFS 2.1.9 module added.
> I booted kernel with acpi=off because this old Ryzen 1600X system is getting
> unreliable (so only one CPU is online with acpi=off, and it has been reliable
> before this splat).
> 
> 2023-03-25T13:28:40,794781+02:00 BUG: kernel NULL pointer dereference, address:
> 000000000000000c
> 2023-03-25T13:28:40,794786+02:00 #PF: supervisor read access in kernel mode
> 2023-03-25T13:28:40,794788+02:00 #PF: error_code(0x0000) - not-present page
> 2023-03-25T13:28:40,794790+02:00 PGD 0 P4D 0 
> 2023-03-25T13:28:40,794793+02:00 Oops: 0000 [#1] PREEMPT SMP NOPTI
> 2023-03-25T13:28:40,794795+02:00 CPU: 0 PID: 917598 Comm: qemu-kvm Tainted: P  
>      W  O       6.1.20+ #12
> 2023-03-25T13:28:40,794798+02:00 Hardware name: To Be Filled By O.E.M. To Be
> Filled By O.E.M./X370 Taichi, BIOS P6.20 01/03/2020
> 2023-03-25T13:28:40,794800+02:00 RIP: 0010:do_raw_spin_lock+0x6/0xb0

This looks like amd_set_core_ssb_state() explodes when it tries to acquire
ssb_state.shared_state.lock.

Aha!  With acpi=off, I assume __apic_intr_mode_select() will return
APIC_VIRTUAL_WIRE_NO_CONFIG:

	/* Check MP table or ACPI MADT configuration */
	if (!smp_found_config) {
		disable_ioapic_support();
		if (!acpi_lapic) {
			pr_info("APIC: ACPI MADT or MP tables are not detected\n");
			return APIC_VIRTUAL_WIRE_NO_CONFIG;
		}
		return APIC_VIRTUAL_WIRE;
	}

Which will cause native_smp_prepare_cpus() to bail early and not run through
speculative_store_bypass_ht_init(), leaving a NULL ssb_state.shared_state:

	switch (apic_intr_mode) {
	case APIC_PIC:
	case APIC_VIRTUAL_WIRE_NO_CONFIG:
		disable_smp();
		return;
	case APIC_SYMMETRIC_IO_NO_ROUTING:
		disable_smp();
		/* Setup local timer */
		x86_init.timers.setup_percpu_clockev();
		return;
	case APIC_VIRTUAL_WIRE:
	case APIC_SYMMETRIC_IO:
		break;
	}

I believe this will remedy your problem.  I don't see anything that will obviously
break in native_smp_prepare_cpus() by continuing on with a "bad" APIC.  Hopefully
Thomas can weigh in on whether or not it's a sane change.

---
 arch/x86/kernel/smpboot.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 9013bb28255a..ff69f8e3c392 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1409,22 +1409,17 @@ void __init native_smp_prepare_cpus(unsigned int max_cpus)
 	case APIC_PIC:
 	case APIC_VIRTUAL_WIRE_NO_CONFIG:
 		disable_smp();
-		return;
+		break;
 	case APIC_SYMMETRIC_IO_NO_ROUTING:
 		disable_smp();
-		/* Setup local timer */
-		x86_init.timers.setup_percpu_clockev();
-		return;
+		fallthrough;
 	case APIC_VIRTUAL_WIRE:
 	case APIC_SYMMETRIC_IO:
+		x86_init.timers.setup_percpu_clockev();
+		smp_get_logical_apicid();
 		break;
 	}
 
-	/* Setup local timer */
-	x86_init.timers.setup_percpu_clockev();
-
-	smp_get_logical_apicid();
-
 	pr_info("CPU0: ");
 	print_cpu_info(&cpu_data(0));
 

base-commit: b0d237087c674c43df76c1a0bc2737592f3038f4
-- 

> 2023-03-25T13:28:40,794805+02:00 Code: 05 00 00 48 8d 88 60 07 00 00 48 c7 c7
> 18 66 af 9e e8 49 a9 28 01 e9 4c 8d 32 01 66 0f 1f 84 00 00 00 00 00 0f 1f 44
> 00 00 53 <8b> 47 04 48 89 fb 3d ad 4e ad de 75 60 48 8b 53 10 65 48 8b 04 25
> 2023-03-25T13:28:40,794807+02:00 RSP: 0018:ffffa9110f3cbc58 EFLAGS: 00010046
> 2023-03-25T13:28:40,794809+02:00 RAX: 0000000000000000 RBX: 0000000000000020
> RCX: 0000000000000000
> 2023-03-25T13:28:40,794810+02:00 RDX: 0000000000000000 RSI: 0000000000000000
> RDI: 0000000000000008
> 2023-03-25T13:28:40,794812+02:00 RBP: 0000000000000000 R08: 0000000000000000
> R09: 0000000000000000
> 2023-03-25T13:28:40,794813+02:00 R10: 0000000000000000 R11: 0000000000000000
> R12: 0000000000000002
> 2023-03-25T13:28:40,794814+02:00 R13: 0206800000000010 R14: ffff9ceffe81fba0
> R15: 0000000000000400
> 2023-03-25T13:28:40,794816+02:00 FS:  000074963adfd6c0(0000)
> GS:ffff9ceffe800000(0000) knlGS:0000000000000000
> 2023-03-25T13:28:40,794818+02:00 CS:  0010 DS: 0000 ES: 0000 CR0:
> 0000000080050033
> 2023-03-25T13:28:40,794819+02:00 CR2: 000000000000000c CR3: 00000005227da000
> CR4: 00000000003506f0
> 2023-03-25T13:28:40,794821+02:00 Call Trace:
> 2023-03-25T13:28:40,794823+02:00  <TASK>
> 2023-03-25T13:28:40,794826+02:00  speculation_ctrl_update+0xe2/0x1e0
> 2023-03-25T13:28:40,794830+02:00  svm_vcpu_run+0x4db/0x790 [kvm_amd]
> 2023-03-25T13:28:40,794838+02:00  kvm_arch_vcpu_ioctl_run+0x8f0/0x1730 [kvm]
> 2023-03-25T13:28:40,794876+02:00  ? kvm_vm_ioctl+0x386/0x1260 [kvm]
> 2023-03-25T13:28:40,794907+02:00  kvm_vcpu_ioctl+0x22b/0x670 [kvm]
> 2023-03-25T13:28:40,794937+02:00  ? kvm_vm_ioctl_irq_line+0x23/0x50 [kvm]
> 2023-03-25T13:28:40,794971+02:00  ? _copy_to_user+0x21/0x40
> 2023-03-25T13:28:40,794974+02:00  ? kvm_vm_ioctl+0x386/0x1260 [kvm]
> 2023-03-25T13:28:40,795004+02:00  ? do_iter_readv_writev+0xdf/0x150
> 2023-03-25T13:28:40,795008+02:00  __x64_sys_ioctl+0x1b3/0x930
> 2023-03-25T13:28:40,795012+02:00  ? exit_to_user_mode_prepare+0x1e/0x110
> 2023-03-25T13:28:40,795015+02:00  do_syscall_64+0x5b/0x90
> 2023-03-25T13:28:40,795019+02:00  ? exit_to_user_mode_prepare+0x1e/0x110
> 2023-03-25T13:28:40,795021+02:00  ? syscall_exit_to_user_mode+0x25/0x50
> 2023-03-25T13:28:40,795023+02:00  ? do_syscall_64+0x67/0x90
> 2023-03-25T13:28:40,795025+02:00  ? do_syscall_64+0x67/0x90
> 2023-03-25T13:28:40,795027+02:00  ? exit_to_user_mode_prepare+0x101/0x110
> 2023-03-25T13:28:40,795029+02:00  ? syscall_exit_to_user_mode+0x25/0x50
> 2023-03-25T13:28:40,795031+02:00  ? do_syscall_64+0x67/0x90
> 2023-03-25T13:28:40,795033+02:00  entry_SYSCALL_64_after_hwframe+0x63/0xcd



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux