Add details about test cases Create a guest named guest1 in KVM, In the host machine, run the following command. #create share-device.xml and write the following text (host) qemu-img create -f qcow2 /root/share-device.qcow2 20G #create share-device.xml with following message(hosts) <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='writeback' io='threads'/> <source file='/root/share-device.qcow2'/> <target dev='vdb' bus='virtio'/> </disk> #attach device to guest1(hosts) virsh attach-device guest1 share-device.xml --config --live #detach device to guest1(hosts) virsh detach-device guest1 share-device.xml --config --live Before patch, guest1 crashed [ 64.432236] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 64.432734] #PF: supervisor instruction fetch in kernel mode [ 64.433142] #PF: error_code(0x0010) - not-present page [ 64.433497] PGD 0 P4D 0 [ 64.433686] Oops: 0010 [#1] PREEMPT SMP PTI [ 64.433977] CPU: 3 PID: 85 Comm: kworker/u16:1 Not tainted 6.8.0+ #3 [ 64.434417] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 64.434818] Workqueue: kacpi_hotplug acpi_hotplug_work_fn [ 64.435221] RIP: 0010:0x0 [ 64.435427] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 64.435916] RSP: 0018:ffffaf80003e3bd8 EFLAGS: 00010206 [ 64.436260] RAX: 0000000000000000 RBX: ffff9dd8c26e4800 RCX: 0000000000000000 [ 64.436662] RDX: 0000000080000000 RSI: 0000000000000000 RDI: ffff9dd8c26e4800 [ 64.437061] RBP: ffff9dd8c4bdc900 R08: 0000000000000000 R09: 0000000000000000 [ 64.437459] R10: 0000000000000020 R11: 000000000000000f R12: ffff9dd8c26e4b10 [ 64.437860] R13: ffff9dd8c26e4b10 R14: ffff9dd8c26e4810 R15: 0000000000000000 [ 64.438263] FS: 0000000000000000(0000) GS:ffff9dd9f7d80000(0000) knlGS:0000000000000000 [ 64.438706] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.439033] CR2: ffffffffffffffd6 CR3: 0000000103d96002 CR4: 00000000003706f0 [ 64.439430] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.439825] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.440227] Call Trace: [ 64.440373] <TASK> [ 64.440499] ? __die_body+0x1b/0x60 [ 64.440705] ? page_fault_oops+0x158/0x4f0 [ 64.440954] ? __mod_zone_page_state+0x6e/0xb0 [ 64.441236] ? exc_page_fault+0x69/0x150 [ 64.441455] ? asm_exc_page_fault+0x22/0x30 [ 64.441721] vp_del_vqs+0x6b/0x280 [virtio_pci] [ 64.441977] virtblk_remove+0x57/0x80 [virtio_blk] [ 64.442249] virtio_dev_remove+0x3a/0x90 [virtio] [ 64.442516] device_release_driver_internal+0xaa/0x140 [ 64.442835] bus_remove_device+0xbf/0x130 [ 64.443062] device_del+0x156/0x3a0 [ 64.443265] device_unregister+0x13/0x60 [ 64.443497] unregister_virtio_device+0x11/0x20 [virtio] [ 64.443806] virtio_pci_remove+0x3d/0x80 [virtio_pci] [ 64.444112] pci_device_remove+0x33/0xa0 [ 64.444380] device_release_driver_internal+0xaa/0x140 [ 64.444676] pci_stop_bus_device+0x6c/0x90 [ 64.444914] pci_stop_and_remove_bus_device+0xe/0x20 [ 64.445192] disable_slot+0x49/0x90 [ 64.445421] acpiphp_disable_and_eject_slot+0x15/0x90 [ 64.445749] acpiphp_hotplug_notify+0x14f/0x2a0 [ 64.446017] ? __pfx_acpiphp_hotplug_notify+0x10/0x10 [ 64.446318] acpi_device_hotplug+0xc1/0x4a0 [ 64.446556] acpi_hotplug_work_fn+0x1a/0x30 [ 64.446795] process_one_work+0x158/0x370 [ 64.447023] ? __pfx_worker_thread+0x10/0x10 [ 64.447272] process_scheduled_works+0x42/0x60 [ 64.447527] worker_thread+0x110/0x270 [ 64.447739] ? __pfx_worker_thread+0x10/0x10 [ 64.447985] kthread+0xeb/0x120 [ 64.448174] ? __pfx_kthread+0x10/0x10 [ 64.448388] ret_from_fork+0x2d/0x50 [ 64.448595] ? __pfx_kthread+0x10/0x10 [ 64.448812] ret_from_fork_asm+0x1a/0x30 [ 64.449079] </TASK> [ 64.449210] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_nat iptable_mangle iptable_security iptable_raw nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nfnetlink rfkill ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc intel_rapl_msr intel_rapl_common crct10dif_pclmul crc32_pclmul ghash_clmulni_intel sha512_ssse3 aesni_intel crypto_simd virtio_rng cryptd virtio_balloon sg pcspkr joydev floppy i2c_piix4 ip_tables xfs libcrc32c sr_mod cdrom virtio_net net_failover ata_generic failover virtio_blk virtio_console pata_acpi virtio_pci virtio ata_piix virtio_pci_legacy_dev virtio_pci_modern_dev crc32c_intel libata serio_raw virtio_ring dm_mirror dm_region_hash dm_log dm_mod fuse [ 64.453398] CR2: 0000000000000000 [ 64.453587] ---[ end trace 0000000000000000 ]--- [ 64.453869] RIP: 0010:0x0 [ 64.454018] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 64.454405] RSP: 0018:ffffaf80003e3bd8 EFLAGS: 00010206 [ 64.454719] RAX: 0000000000000000 RBX: ffff9dd8c26e4800 RCX: 0000000000000000 [ 64.455109] RDX: 0000000080000000 RSI: 0000000000000000 RDI: ffff9dd8c26e4800 [ 64.455523] RBP: ffff9dd8c4bdc900 R08: 0000000000000000 R09: 0000000000000000 [ 64.455938] R10: 0000000000000020 R11: 000000000000000f R12: ffff9dd8c26e4b10 [ 64.456330] R13: ffff9dd8c26e4b10 R14: ffff9dd8c26e4810 R15: 0000000000000000 [ 64.456753] FS: 0000000000000000(0000) GS:ffff9dd9f7d80000(0000) knlGS:0000000000000000 [ 64.457222] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.457535] CR2: ffffffffffffffd6 CR3: 0000000103d96002 CR4: 00000000003706f0 [ 64.457951] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.458340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.458761] Kernel panic - not syncing: Fatal exception [ 64.459396] Kernel Offset: 0x22400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 64.459988] ---[ end Kernel panic - not syncing: Fatal exception ]--- But after applying the patch, everything seems to be normal. Li Zhang <zhanglikernel@xxxxxxxxx> 于2024年3月16日周六 13:26写道: > > [bug] > In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved > to determine whether it is admin virtqueue, but this function vp_dev->is_avq > may be empty. For installations, virtio_pci_legacy does not assign a value > to vp_dev->is_avq. > > [fix] > Check whether it is vp_dev->is_avq before use. > > [test] > Test with virsh Attach device > Before this patch, the following command would crash the guest system > > After applying the patch, everything seems to be working fine. > > Signed-off-by: Li Zhang <zhanglikernel@xxxxxxxxx> > --- > drivers/virtio/virtio_pci_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c > index b655fcc..3c18fc1 100644 > --- a/drivers/virtio/virtio_pci_common.c > +++ b/drivers/virtio/virtio_pci_common.c > @@ -236,7 +236,7 @@ void vp_del_vqs(struct virtio_device *vdev) > int i; > > list_for_each_entry_safe(vq, n, &vdev->vqs, list) { > - if (vp_dev->is_avq(vdev, vq->index)) > + if (vp_dev->is_avq && vp_dev->is_avq(vdev, vq->index)) > continue; > > if (vp_dev->per_vq_vectors) { > -- > 1.8.3.1 >