On Wed, 20 Dec 2023 13:53:17 +0100
Christian Borntraeger <borntraeger@xxxxxxxxxxxxx> wrote:
> Right now it is possible to see gmap->private being zero in
> kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the
> fact that we add gmap->private == kvm after creation:
>
> static int acquire_gmap_shadow(struct kvm_vcpu *vcpu,
> struct vsie_page *vsie_page)
> {
> [...]
> gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);
> if (IS_ERR(gmap))
> return PTR_ERR(gmap);
> gmap->private = vcpu->kvm;
>
> Let children inherit the private field of the parent.
>
> Reported-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxx>
> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization")
> Cc: <stable@xxxxxxxxxxxxxxx>
> Cc: David Hildenbrand <david@xxxxxxxxxx>
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxxxxx>
Reviewed-by: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx>
> ---
> v1->v2: let the child inherit private from parent instead of accessing
> the parent in the notifier
> arch/s390/kvm/vsie.c | 1 -
> arch/s390/mm/gmap.c | 1 +
> 2 files changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
> index 8207a892bbe2..db9a180de65f 100644
> --- a/arch/s390/kvm/vsie.c
> +++ b/arch/s390/kvm/vsie.c
> @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu,
> gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);
> if (IS_ERR(gmap))
> return PTR_ERR(gmap);
> - gmap->private = vcpu->kvm;
> vcpu->kvm->stat.gmap_shadow_create++;
> WRITE_ONCE(vsie_page->gmap, gmap);
> return 0;
> diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c
> index 6f96b5a71c63..8da39deb56ca 100644
> --- a/arch/s390/mm/gmap.c
> +++ b/arch/s390/mm/gmap.c
> @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce,
> return ERR_PTR(-ENOMEM);
> new->mm = parent->mm;
> new->parent = gmap_get(parent);
> + new->private = parent->private;
> new->orig_asce = asce;
> new->edat_level = edat_level;
> new->initialized = false;
