Hi,
commit in $Subject breaks my kvm guest on AMD host, causing it to do the
following below. Mouse doesn't work anymore in the guest, network is
gone too.
Reverting it fixes the issue.
---
...
[ 4.849095] Freeing unused kernel memory: 2972K (ffffffff81aee000 - ffffffff81dd5000)
[ 7.016259] random: nonblocking pool is initialized
[ 7.323793] udevd[861]: starting version 175
[ 7.592220] usb 1-1: New USB device found, idVendor=0627, idProduct=0001
[ 7.595710] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=5
[ 7.621394] usb 1-1: Product: QEMU USB Tablet
[ 7.623522] usb 1-1: Manufacturer: QEMU
[ 7.623525] usb 1-1: SerialNumber: 42
[ 9.577403] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input3
[ 9.613569] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Pointer [QEMU QEMU USB Tablet] on usb-0000:00:01.2-1/input0
[ 9.626452] WARNING! power/level is deprecated; use power/control instead
[ 11.260824] Adding 917500k swap on /dev/sda2. Priority:-1 extents:1 across:917500k
[ 12.004418] EXT3-fs (sda1): using internal journal
[ 26.336196] 8139cp 0000:00:03.0 eth0: link up, 100Mbps, full-duplex, lpa 0x05E1
[ 28.773323] mtrr: no MTRR for fc000000,100000 found
[ 32.816498] ------------[ cut here ]------------
[ 32.819112] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:303 dev_watchdog+0x247/0x250()
[ 32.823695] NETDEV WATCHDOG: eth0 (8139cp): transmit queue 0 timed out
[ 32.827693] Modules linked in:
[ 32.829830] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.18.0 #11
[ 32.832562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 32.835844] 0000000000000009 ffff88007c403d18 ffffffff816fbc75 0000000000000000
[ 32.838565] ffff88007c403d68 ffff88007c403d58 ffffffff8105822c ffff88007c403d38
[ 32.841197] 0000000000000000 0000000000000001 ffff88007bf5a680 ffff88007b4c6000
[ 32.843733] Call Trace:
[ 32.844510] <IRQ> [<ffffffff816fbc75>] dump_stack+0x4f/0x7c
[ 32.846476] [<ffffffff8105822c>] warn_slowpath_common+0x8c/0xc0
[ 32.848476] [<ffffffff810582a6>] warn_slowpath_fmt+0x46/0x50
[ 32.850279] [<ffffffff815f3427>] dev_watchdog+0x247/0x250
[ 32.851950] [<ffffffff815f31e0>] ? dev_graft_qdisc+0x90/0x90
[ 32.853930] [<ffffffff810cfbed>] call_timer_fn+0xbd/0x500
[ 32.856086] [<ffffffff810cfb35>] ? call_timer_fn+0x5/0x500
[ 32.858996] [<ffffffff815f31e0>] ? dev_graft_qdisc+0x90/0x90
[ 32.861821] [<ffffffff815f31e0>] ? dev_graft_qdisc+0x90/0x90
[ 32.864966] [<ffffffff810d08e4>] run_timer_softirq+0x2b4/0x4c0
[ 32.867724] [<ffffffff8105cee7>] __do_softirq+0x167/0x6c0
[ 32.869367] [<ffffffff8105d5f6>] irq_exit+0x96/0xc0
[ 32.870782] [<ffffffff817078ba>] smp_apic_timer_interrupt+0x4a/0x60
[ 32.872654] [<ffffffff81705d4f>] apic_timer_interrupt+0x6f/0x80
[ 32.874408] <EOI> [<ffffffff81046916>] ? native_safe_halt+0x6/0x10
[ 32.876354] [<ffffffff810a58bd>] ? trace_hardirqs_on+0xd/0x10
[ 32.878247] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 32.880167] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 32.882518] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 32.885022] [<ffffffff81703ce3>] ? _raw_spin_unlock_irqrestore+0x53/0xa0
[ 32.888341] [<ffffffff810e087c>] ? clockevents_register_device+0xbc/0x120
[ 32.891748] [<ffffffff81039493>] start_secondary+0x193/0x1a0
[ 32.893524] ---[ end trace 1bcb92948e89c39f ]---
[ 32.895203] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 4 80ff
[ 44.816516] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 4 80ff
[ 56.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 4 80ff
[ 68.816513] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 80.816510] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 92.816513] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 104.816513] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 116.816512] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 128.816512] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 140.816508] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 152.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 164.816518] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 176.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 188.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 200.816514] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 212.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 224.816514] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 236.816514] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 248.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 260.816512] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 272.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 284.816512] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 296.816515] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 308.816512] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 308.820283]
[ 308.820283] ======================================================
[ 308.820283] [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ]
[ 308.820283] 3.18.0 #11 Tainted: G W
[ 308.820283] ------------------------------------------------------
[ 308.820283] swapper/1/0 [HC0[0]:SC1[1]:HE0:SE0] is trying to acquire:
[ 308.820283] (&(&list->lock)->rlock){+.-...}, at: [<ffffffff815ba868>] skb_dequeue+0x28/0x80
[ 308.820283]
[ 308.820283] and this task is already holding:
[ 308.820283] (&(&cp->lock)->rlock){-.-...}, at: [<ffffffff81494b65>] cp_tx_timeout+0x75/0x1c0
[ 308.820283] which would create a new lock dependency:
[ 308.820283] (&(&cp->lock)->rlock){-.-...} -> (&(&list->lock)->rlock){+.-...}
[ 308.820283]
[ 308.820283] but this new dependency connects a HARDIRQ-irq-safe lock:
[ 308.820283] (&(&cp->lock)->rlock){-.-...}
... which became HARDIRQ-irq-safe at:
[ 308.820283] [<ffffffff810a8581>] __lock_acquire+0xb01/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703841>] _raw_spin_lock+0x41/0x80
[ 308.820283] [<ffffffff8149413c>] cp_interrupt+0x3c/0x460
[ 308.820283] [<ffffffff810bf521>] handle_irq_event_percpu+0x71/0x560
[ 308.820283] [<ffffffff810bfa58>] handle_irq_event+0x48/0x70
[ 308.820283] [<ffffffff810c271b>] handle_fasteoi_irq+0xcb/0x170
[ 308.820283] [<ffffffff810059d2>] handle_irq+0x22/0x40
[ 308.820283] [<ffffffff817077c8>] do_IRQ+0x68/0x110
[ 308.820283] [<ffffffff8170596f>] ret_from_intr+0x0/0x1a
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff816f6a2f>] rest_init+0x12f/0x140
[ 308.820283] [<ffffffff81cc3f0f>] start_kernel+0x430/0x43d
[ 308.820283] [<ffffffff81cc3488>] x86_64_start_reservations+0x2a/0x2c
[ 308.820283] [<ffffffff81cc35cd>] x86_64_start_kernel+0x143/0x152
[ 308.820283]
[ 308.820283] to a HARDIRQ-irq-unsafe lock:
[ 308.820283] (&(&list->lock)->rlock){+.-...}
... which became HARDIRQ-irq-unsafe at:
[ 308.820283] ... [<ffffffff810a833c>] __lock_acquire+0x8bc/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff817038c5>] _raw_spin_lock_bh+0x45/0x80
[ 308.820283] [<ffffffff8163a2dd>] first_packet_length+0x5d/0x290
[ 308.820283] [<ffffffff8163c54d>] udp_ioctl+0x3d/0x90
[ 308.820283] [<ffffffff8168cf4f>] inet6_ioctl+0xaf/0xc0
[ 308.820283] [<ffffffff815b03f1>] sock_do_ioctl.constprop.47+0x21/0x60
[ 308.820283] [<ffffffff815b089d>] sock_ioctl+0x1cd/0x290
[ 308.820283] [<ffffffff811b30f8>] do_vfs_ioctl+0x2d8/0x4f0
[ 308.820283] [<ffffffff811b335c>] SyS_ioctl+0x4c/0x90
[ 308.820283] [<ffffffff81704cad>] system_call_fastpath+0x16/0x1b
[ 308.820283]
[ 308.820283] other info that might help us debug this:
[ 308.820283]
[ 308.820283] Possible interrupt unsafe locking scenario:
[ 308.820283]
[ 308.820283] CPU0 CPU1
[ 308.820283] ---- ----
[ 308.820283] lock(&(&list->lock)->rlock);
[ 308.820283] local_irq_disable();
[ 308.820283] lock(&(&cp->lock)->rlock);
[ 308.820283] lock(&(&list->lock)->rlock);
[ 308.820283] <Interrupt>
[ 308.820283] lock(&(&cp->lock)->rlock);
[ 308.820283]
[ 308.820283] *** DEADLOCK ***
[ 308.820283]
[ 308.820283] 3 locks held by swapper/1/0:
[ 308.820283] #0: (((&dev->watchdog_timer))){+.-...}, at: [<ffffffff810cfb35>] call_timer_fn+0x5/0x500
[ 308.820283] #1: (&(&dev->tx_global_lock)->rlock){+.-...}, at: [<ffffffff815f320c>] dev_watchdog+0x2c/0x250
[ 308.820283] #2: (&(&cp->lock)->rlock){-.-...}, at: [<ffffffff81494b65>] cp_tx_timeout+0x75/0x1c0
[ 308.820283]
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[ 308.820283] -> (&(&cp->lock)->rlock){-.-...} ops: 242 {
[ 308.820283] IN-HARDIRQ-W at:
[ 308.820283] [<ffffffff810a8581>] __lock_acquire+0xb01/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703841>] _raw_spin_lock+0x41/0x80
[ 308.820283] [<ffffffff8149413c>] cp_interrupt+0x3c/0x460
[ 308.820283] [<ffffffff810bf521>] handle_irq_event_percpu+0x71/0x560
[ 308.820283] [<ffffffff810bfa58>] handle_irq_event+0x48/0x70
[ 308.820283] [<ffffffff810c271b>] handle_fasteoi_irq+0xcb/0x170
[ 308.820283] [<ffffffff810059d2>] handle_irq+0x22/0x40
[ 308.820283] [<ffffffff817077c8>] do_IRQ+0x68/0x110
[ 308.820283] [<ffffffff8170596f>] ret_from_intr+0x0/0x1a
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff816f6a2f>] rest_init+0x12f/0x140
[ 308.820283] [<ffffffff81cc3f0f>] start_kernel+0x430/0x43d
[ 308.820283] [<ffffffff81cc3488>] x86_64_start_reservations+0x2a/0x2c
[ 308.820283] [<ffffffff81cc35cd>] x86_64_start_kernel+0x143/0x152
[ 308.820283] IN-SOFTIRQ-W at:
[ 308.820283] [<ffffffff810a830d>] __lock_acquire+0x88d/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff81494d6f>] cp_start_xmit+0x2f/0x980
[ 308.820283] [<ffffffff815d096a>] dev_hard_start_xmit+0x1ea/0x850
[ 308.820283] [<ffffffff815f37dd>] sch_direct_xmit+0xed/0x220
[ 308.820283] [<ffffffff815d125f>] __dev_queue_xmit+0x28f/0x980
[ 308.820283] [<ffffffff815d1960>] dev_queue_xmit+0x10/0x20
[ 308.820283] [<ffffffff815dc6cf>] neigh_resolve_output+0x1af/0x2c0
[ 308.820283] [<ffffffff8168ec8c>] ip6_finish_output2+0x36c/0x790
[ 308.820283] [<ffffffff81693028>] ip6_finish_output+0x98/0x1a0
[ 308.820283] [<ffffffff81693188>] ip6_output+0x58/0x170
[ 308.820283] [<ffffffff816b7e17>] mld_sendpack+0x1d7/0x470
[ 308.820283] [<ffffffff816b8c54>] mld_ifc_timer_expire+0x194/0x2d0
[ 308.820283] [<ffffffff810cfbed>] call_timer_fn+0xbd/0x500
[ 308.820283] [<ffffffff810d08e4>] run_timer_softirq+0x2b4/0x4c0
[ 308.820283] [<ffffffff8105cee7>] __do_softirq+0x167/0x6c0
[ 308.820283] [<ffffffff8105d5f6>] irq_exit+0x96/0xc0
[ 308.820283] [<ffffffff817078ba>] smp_apic_timer_interrupt+0x4a/0x60
[ 308.820283] [<ffffffff81705d4f>] apic_timer_interrupt+0x6f/0x80
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff81039493>] start_secondary+0x193/0x1a0
[ 308.820283] INITIAL USE at:
[ 308.820283] [<ffffffff810a7ea9>] __lock_acquire+0x429/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff814936f7>] cp_get_stats+0x27/0x80
[ 308.820283] [<ffffffff815c6476>] dev_get_stats+0x86/0x110
[ 308.820283] [<ffffffff815e0d0a>] rtnl_fill_ifinfo+0x49a/0xb40
[ 308.820283] [<ffffffff815e142d>] rtmsg_ifinfo+0x7d/0x100
[ 308.820283] [<ffffffff815d3089>] register_netdevice+0x489/0x630
[ 308.820283] [<ffffffff815d324f>] register_netdev+0x1f/0x30
[ 308.820283] [<ffffffff81496329>] cp_init_one+0x389/0x510
[ 308.820283] [<ffffffff81354d0c>] pci_device_probe+0x9c/0x100
[ 308.820283] [<ffffffff8141c26c>] driver_probe_device+0x8c/0x260
[ 308.820283] [<ffffffff8141c54b>] __driver_attach+0xab/0xb0
[ 308.820283] [<ffffffff8141a24b>] bus_for_each_dev+0x6b/0xb0
[ 308.820283] [<ffffffff8141bd5e>] driver_attach+0x1e/0x20
[ 308.820283] [<ffffffff8141b9c8>] bus_add_driver+0x188/0x230
[ 308.820283] [<ffffffff8141d3f0>] driver_register+0x60/0xe0
[ 308.820283] [<ffffffff813543b4>] __pci_register_driver+0x64/0x70
[ 308.820283] [<ffffffff81cfabb2>] cp_driver_init+0x19/0x1b
[ 308.820283] [<ffffffff810002f0>] do_one_initcall+0xa0/0x200
[ 308.820283] [<ffffffff81cc4036>] kernel_init_freeable+0x11a/0x1a2
[ 308.820283] [<ffffffff816f6a4e>] kernel_init+0xe/0xe0
[ 308.820283] [<ffffffff81704bfc>] ret_from_fork+0x7c/0xb0
[ 308.820283] }
[ 308.820283] ... key at: [<ffffffff82d78a1c>] __key.48318+0x0/0x8
[ 308.820283] ... acquired at:
[ 308.820283] [<ffffffff810a4ccc>] check_irq_usage+0x5c/0xd0
[ 308.820283] [<ffffffff810a9370>] __lock_acquire+0x18f0/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff815ba868>] skb_dequeue+0x28/0x80
[ 308.820283] [<ffffffff815bb8a8>] skb_queue_purge+0x28/0x40
[ 308.820283] [<ffffffff816db9fd>] packet_sock_destruct+0x1d/0x90
[ 308.820283] [<ffffffff815b624d>] __sk_free+0x1d/0x150
[ 308.820283] [<ffffffff815b6b90>] sock_wfree+0x50/0x80
[ 308.820283] [<ffffffff815b8a88>] skb_release_head_state+0x58/0xf0
[ 308.820283] [<ffffffff815bb3c6>] skb_release_all+0x16/0x30
[ 308.820283] [<ffffffff815bbbfe>] consume_skb+0x5e/0x230
[ 308.820283] [<ffffffff814946cd>] cp_clean_rings+0x11d/0x230
[ 308.820283] [<ffffffff81494b78>] cp_tx_timeout+0x88/0x1c0
[ 308.820283] [<ffffffff815f33f3>] dev_watchdog+0x213/0x250
[ 308.820283] [<ffffffff810cfbed>] call_timer_fn+0xbd/0x500
[ 308.820283] [<ffffffff810d08e4>] run_timer_softirq+0x2b4/0x4c0
[ 308.820283] [<ffffffff8105cee7>] __do_softirq+0x167/0x6c0
[ 308.820283] [<ffffffff8105d5f6>] irq_exit+0x96/0xc0
[ 308.820283] [<ffffffff817078ba>] smp_apic_timer_interrupt+0x4a/0x60
[ 308.820283] [<ffffffff81705d4f>] apic_timer_interrupt+0x6f/0x80
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff81039493>] start_secondary+0x193/0x1a0
[ 308.820283]
[ 308.820283]
the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock:
[ 308.820283] -> (&(&list->lock)->rlock){+.-...} ops: 2465 {
[ 308.820283] HARDIRQ-ON-W at:
[ 308.820283] [<ffffffff810a833c>] __lock_acquire+0x8bc/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff817038c5>] _raw_spin_lock_bh+0x45/0x80
[ 308.820283] [<ffffffff8163a2dd>] first_packet_length+0x5d/0x290
[ 308.820283] [<ffffffff8163c54d>] udp_ioctl+0x3d/0x90
[ 308.820283] [<ffffffff8168cf4f>] inet6_ioctl+0xaf/0xc0
[ 308.820283] [<ffffffff815b03f1>] sock_do_ioctl.constprop.47+0x21/0x60
[ 308.820283] [<ffffffff815b089d>] sock_ioctl+0x1cd/0x290
[ 308.820283] [<ffffffff811b30f8>] do_vfs_ioctl+0x2d8/0x4f0
[ 308.820283] [<ffffffff811b335c>] SyS_ioctl+0x4c/0x90
[ 308.820283] [<ffffffff81704cad>] system_call_fastpath+0x16/0x1b
[ 308.820283] IN-SOFTIRQ-W at:
[ 308.820283] [<ffffffff810a830d>] __lock_acquire+0x88d/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff815ba9cb>] skb_queue_tail+0x2b/0x60
[ 308.820283] [<ffffffff815f920b>] __netlink_sendskb+0x3b/0x60
[ 308.820283] [<ffffffff815f9880>] netlink_broadcast_filtered+0x190/0x350
[ 308.820283] [<ffffffff815f9a5d>] netlink_broadcast+0x1d/0x20
[ 308.820283] [<ffffffff815fc6ad>] nlmsg_notify+0xbd/0xd0
[ 308.820283] [<ffffffff815dfb1b>] rtnl_notify+0x3b/0x40
[ 308.820283] [<ffffffff816a4b94>] inet6_rt_notify+0xe4/0x160
[ 308.820283] [<ffffffff816a6d08>] fib6_del+0x248/0x550
[ 308.820283] [<ffffffff816a70a0>] fib6_clean_node+0x90/0x120
[ 308.820283] [<ffffffff816a4f7e>] fib6_walk_continue+0x19e/0x1c0
[ 308.820283] [<ffffffff816a505d>] fib6_walk+0x2d/0x50
[ 308.820283] [<ffffffff816a50c3>] fib6_clean_tree+0x43/0x50
[ 308.820283] [<ffffffff816a5179>] __fib6_clean_all+0xa9/0x170
[ 308.820283] [<ffffffff816a71a0>] fib6_run_gc+0x50/0xf0
[ 308.820283] [<ffffffff816a7258>] fib6_gc_timer_cb+0x18/0x20
[ 308.820283] [<ffffffff810cfbed>] call_timer_fn+0xbd/0x500
[ 308.820283] [<ffffffff810d08e4>] run_timer_softirq+0x2b4/0x4c0
[ 308.820283] [<ffffffff8105cee7>] __do_softirq+0x167/0x6c0
[ 308.820283] [<ffffffff8105d5f6>] irq_exit+0x96/0xc0
[ 308.820283] [<ffffffff817078ba>] smp_apic_timer_interrupt+0x4a/0x60
[ 308.820283] [<ffffffff81705d4f>] apic_timer_interrupt+0x6f/0x80
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff81039493>] start_secondary+0x193/0x1a0
[ 308.820283] INITIAL USE at:
[ 308.820283] [<ffffffff810a7ea9>] __lock_acquire+0x429/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff815ba9cb>] skb_queue_tail+0x2b/0x60
[ 308.820283] [<ffffffff815f920b>] __netlink_sendskb+0x3b/0x60
[ 308.820283] [<ffffffff815f9880>] netlink_broadcast_filtered+0x190/0x350
[ 308.820283] [<ffffffff8131841a>] kobject_uevent_env+0x39a/0x540
[ 308.820283] [<ffffffff813185cb>] kobject_uevent+0xb/0x10
[ 308.820283] [<ffffffff814187fd>] uevent_store+0x5d/0x70
[ 308.820283] [<ffffffff81417288>] dev_attr_store+0x18/0x30
[ 308.820283] [<ffffffff81219500>] sysfs_kf_write+0x50/0x70
[ 308.820283] [<ffffffff81218805>] kernfs_fop_write+0x105/0x190
[ 308.820283] [<ffffffff8119ed5d>] vfs_write+0xbd/0x1d0
[ 308.820283] [<ffffffff8119f7c2>] SyS_write+0x52/0xc0
[ 308.820283] [<ffffffff81704cad>] system_call_fastpath+0x16/0x1b
[ 308.820283] }
[ 308.820283] ... key at: [<ffffffff82d7e4b0>] __key.24120+0x0/0x8
[ 308.820283] ... acquired at:
[ 308.820283] [<ffffffff810a4ccc>] check_irq_usage+0x5c/0xd0
[ 308.820283] [<ffffffff810a9370>] __lock_acquire+0x18f0/0x22e0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff815ba868>] skb_dequeue+0x28/0x80
[ 308.820283] [<ffffffff815bb8a8>] skb_queue_purge+0x28/0x40
[ 308.820283] [<ffffffff816db9fd>] packet_sock_destruct+0x1d/0x90
[ 308.820283] [<ffffffff815b624d>] __sk_free+0x1d/0x150
[ 308.820283] [<ffffffff815b6b90>] sock_wfree+0x50/0x80
[ 308.820283] [<ffffffff815b8a88>] skb_release_head_state+0x58/0xf0
[ 308.820283] [<ffffffff815bb3c6>] skb_release_all+0x16/0x30
[ 308.820283] [<ffffffff815bbbfe>] consume_skb+0x5e/0x230
[ 308.820283] [<ffffffff814946cd>] cp_clean_rings+0x11d/0x230
[ 308.820283] [<ffffffff81494b78>] cp_tx_timeout+0x88/0x1c0
[ 308.820283] [<ffffffff815f33f3>] dev_watchdog+0x213/0x250
[ 308.820283] [<ffffffff810cfbed>] call_timer_fn+0xbd/0x500
[ 308.820283] [<ffffffff810d08e4>] run_timer_softirq+0x2b4/0x4c0
[ 308.820283] [<ffffffff8105cee7>] __do_softirq+0x167/0x6c0
[ 308.820283] [<ffffffff8105d5f6>] irq_exit+0x96/0xc0
[ 308.820283] [<ffffffff817078ba>] smp_apic_timer_interrupt+0x4a/0x60
[ 308.820283] [<ffffffff81705d4f>] apic_timer_interrupt+0x6f/0x80
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff81039493>] start_secondary+0x193/0x1a0
[ 308.820283]
[ 308.820283]
[ 308.820283] stack backtrace:
[ 308.820283] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 3.18.0 #11
[ 308.820283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 308.820283] ffffffff825d4d00 ffff88007c403978 ffffffff816fbc75 0000000000000011
[ 308.820283] ffffffff825bac70 ffff88007c403a88 ffffffff810a4a7b 0000000000000001
[ 308.820283] 0000000000000000 ffff880000000000 ffff88007c5d3cd0 0000000000000000
[ 308.820283] Call Trace:
[ 308.820283] <IRQ> [<ffffffff816fbc75>] dump_stack+0x4f/0x7c
[ 308.820283] [<ffffffff810a4a7b>] check_usage+0x56b/0x760
[ 308.820283] [<ffffffff8108e98d>] ? sched_clock_local+0x1d/0x90
[ 308.820283] [<ffffffff810a4ccc>] check_irq_usage+0x5c/0xd0
[ 308.820283] [<ffffffff810a9370>] __lock_acquire+0x18f0/0x22e0
[ 308.820283] [<ffffffff81046624>] ? kvm_clock_read+0x24/0x40
[ 308.820283] [<ffffffff8108ebe0>] ? sched_clock_cpu+0xa0/0xf0
[ 308.820283] [<ffffffff810aa6b1>] lock_acquire+0xe1/0x2e0
[ 308.820283] [<ffffffff815ba868>] ? skb_dequeue+0x28/0x80
[ 308.820283] [<ffffffff81703a42>] ? _raw_spin_lock_irqsave+0x32/0xa0
[ 308.820283] [<ffffffff81703a70>] _raw_spin_lock_irqsave+0x60/0xa0
[ 308.820283] [<ffffffff815ba868>] ? skb_dequeue+0x28/0x80
[ 308.820283] [<ffffffff8133cdf7>] ? debug_smp_processor_id+0x17/0x20
[ 308.820283] [<ffffffff815ba868>] skb_dequeue+0x28/0x80
[ 308.820283] [<ffffffff815b4983>] ? sock_def_write_space+0x73/0x1d0
[ 308.820283] [<ffffffff815bb8a8>] skb_queue_purge+0x28/0x40
[ 308.820283] [<ffffffff816db9fd>] packet_sock_destruct+0x1d/0x90
[ 308.820283] [<ffffffff815b624d>] __sk_free+0x1d/0x150
[ 308.820283] [<ffffffff815b6b90>] sock_wfree+0x50/0x80
[ 308.820283] [<ffffffff815b8a88>] skb_release_head_state+0x58/0xf0
[ 308.820283] [<ffffffff815bb3c6>] skb_release_all+0x16/0x30
[ 308.820283] [<ffffffff815bbbfe>] consume_skb+0x5e/0x230
[ 308.820283] [<ffffffff814946cd>] cp_clean_rings+0x11d/0x230
[ 308.820283] [<ffffffff81494b78>] cp_tx_timeout+0x88/0x1c0
[ 308.820283] [<ffffffff815f33f3>] dev_watchdog+0x213/0x250
[ 308.820283] [<ffffffff815f31e0>] ? dev_graft_qdisc+0x90/0x90
[ 308.820283] [<ffffffff810cfbed>] call_timer_fn+0xbd/0x500
[ 308.820283] [<ffffffff810cfb35>] ? call_timer_fn+0x5/0x500
[ 308.820283] [<ffffffff815f31e0>] ? dev_graft_qdisc+0x90/0x90
[ 308.820283] [<ffffffff815f31e0>] ? dev_graft_qdisc+0x90/0x90
[ 308.820283] [<ffffffff810d08e4>] run_timer_softirq+0x2b4/0x4c0
[ 308.820283] [<ffffffff8105cee7>] __do_softirq+0x167/0x6c0
[ 308.820283] [<ffffffff8105d5f6>] irq_exit+0x96/0xc0
[ 308.820283] [<ffffffff817078ba>] smp_apic_timer_interrupt+0x4a/0x60
[ 308.820283] [<ffffffff81705d4f>] apic_timer_interrupt+0x6f/0x80
[ 308.820283] <EOI> [<ffffffff81046916>] ? native_safe_halt+0x6/0x10
[ 308.820283] [<ffffffff810a58bd>] ? trace_hardirqs_on+0xd/0x10
[ 308.820283] [<ffffffff8100e970>] default_idle+0x20/0x260
[ 308.820283] [<ffffffff8100f5cf>] arch_cpu_idle+0xf/0x20
[ 308.820283] [<ffffffff8109d4ef>] cpu_startup_entry+0x4ef/0x6a0
[ 308.820283] [<ffffffff81703ce3>] ? _raw_spin_unlock_irqrestore+0x53/0xa0
[ 308.820283] [<ffffffff810e087c>] ? clockevents_register_device+0xbc/0x120
[ 308.820283] [<ffffffff81039493>] start_secondary+0x193/0x1a0
[ 320.816142] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 332.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 344.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 356.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 368.816455] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 380.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 392.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 404.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 416.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 428.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 440.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 452.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 464.816455] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 476.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 488.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 500.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 512.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 524.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 536.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 548.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 560.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 572.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 584.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 596.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 608.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 620.816457] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 632.816455] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 644.816457] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 656.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 668.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 680.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 692.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 704.816455] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 716.816455] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 728.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 740.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 752.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 764.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 776.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 788.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 800.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 812.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 824.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 836.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 848.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 860.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 872.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 884.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 896.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 908.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 920.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 932.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 944.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 956.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 968.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 980.816455] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 992.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1004.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1016.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1028.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1040.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1052.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1064.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1076.816451] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1088.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1100.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1112.816452] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1124.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1136.816456] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1148.816195] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1160.816312] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1172.816454] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1184.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1196.819218] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
[ 1208.816453] 8139cp 0000:00:03.0 eth0: Transmit timeout, status d 3b 5 80ff
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
2015-02-25 17:00+0100, Borislav Petkov:
> Hi,
>
> commit in $Subject breaks my kvm guest on AMD host, causing it to do the
> following below. Mouse doesn't work anymore in the guest, network is
> gone too.
>
> Reverting it fixes the issue.
Thanks,
this patch should fix it.
---8<---
In commit b4eef9b36db4, we started to use hwapic_isr_update() != NULL
instead of kvm_apic_vid_enabled(vcpu->kvm). This didn't work because
SVM had it defined and "apicv" path in apic_{set,clear}_isr() does not
change apic->isr_count, because it should always be 1. The initial
value of apic->isr_count was based on kvm_apic_vid_enabled(vcpu->kvm),
which is always 0 for SVM, so KVM could have injected interrupts when it
shouldn't.
Fix it by setting SVM's hwapic_isr_update to NULL and make the initial
isr_count depend on hwapic_isr_update() for good measure.
Fixes: b4eef9b36db4 ("kvm: x86: vmx: NULL out hwapic_isr_update() in case of !enable_apicv")
Reported-by: Borislav Petkov <[email protected]>
Signed-off-by: Radim Krčmář <[email protected]>
---
arch/x86/kvm/lapic.c | 4 ++--
arch/x86/kvm/svm.c | 7 +------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index e55b5fc344eb..bd4e34de24c7 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -1572,7 +1572,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
apic_set_reg(apic, APIC_TMR + 0x10 * i, 0);
}
apic->irr_pending = kvm_apic_vid_enabled(vcpu->kvm);
- apic->isr_count = kvm_apic_vid_enabled(vcpu->kvm);
+ apic->isr_count = kvm_x86_ops->hwapic_isr_update ? 1 : 0;
apic->highest_isr_cache = -1;
update_divide_count(apic);
atomic_set(&apic->lapic_timer.pending, 0);
@@ -1782,7 +1782,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
update_divide_count(apic);
start_apic_timer(apic);
apic->irr_pending = true;
- apic->isr_count = kvm_apic_vid_enabled(vcpu->kvm) ?
+ apic->isr_count = kvm_x86_ops->hwapic_isr_update ?
1 : count_vectors(apic->regs + APIC_ISR);
apic->highest_isr_cache = -1;
if (kvm_x86_ops->hwapic_irr_update)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index d319e0c24758..54c7b36ad12d 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3649,11 +3649,6 @@ static void svm_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
return;
}
-static void svm_hwapic_isr_update(struct kvm *kvm, int isr)
-{
- return;
-}
-
static void svm_sync_pir_to_irr(struct kvm_vcpu *vcpu)
{
return;
@@ -4403,7 +4398,7 @@ static struct kvm_x86_ops svm_x86_ops = {
.set_virtual_x2apic_mode = svm_set_virtual_x2apic_mode,
.vm_has_apicv = svm_vm_has_apicv,
.load_eoi_exitmap = svm_load_eoi_exitmap,
- .hwapic_isr_update = svm_hwapic_isr_update,
+ .hwapic_isr_update = NULL,
.sync_pir_to_irr = svm_sync_pir_to_irr,
.set_tss_addr = svm_set_tss_addr,
On Wed, Feb 25, 2015 at 08:41:41PM +0100, Radim Krčmář wrote:
> this patch should fix it.
Yap, seems so :-)
> ---8<---
> In commit b4eef9b36db4, we started to use hwapic_isr_update() != NULL
> instead of kvm_apic_vid_enabled(vcpu->kvm). This didn't work because
> SVM had it defined and "apicv" path in apic_{set,clear}_isr() does not
> change apic->isr_count, because it should always be 1. The initial
> value of apic->isr_count was based on kvm_apic_vid_enabled(vcpu->kvm),
> which is always 0 for SVM, so KVM could have injected interrupts when it
> shouldn't.
>
> Fix it by setting SVM's hwapic_isr_update to NULL and make the initial
> isr_count depend on hwapic_isr_update() for good measure.
>
> Fixes: b4eef9b36db4 ("kvm: x86: vmx: NULL out hwapic_isr_update() in case of !enable_apicv")
> Reported-by: Borislav Petkov <[email protected]>
Reported-and-tested-by: Borislav Petkov <[email protected]>
> Signed-off-by: Radim Krčmář <[email protected]>
Thanks.
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
On 25/02/2015 20:41, Radim Krčmář wrote:
> 2015-02-25 17:00+0100, Borislav Petkov:
>> Hi,
>>
>> commit in $Subject breaks my kvm guest on AMD host, causing it to do the
>> following below. Mouse doesn't work anymore in the guest, network is
>> gone too.
>>
>> Reverting it fixes the issue.
>
> Thanks,
>
> this patch should fix it.
>
> ---8<---
> In commit b4eef9b36db4, we started to use hwapic_isr_update() != NULL
> instead of kvm_apic_vid_enabled(vcpu->kvm). This didn't work because
> SVM had it defined and "apicv" path in apic_{set,clear}_isr() does not
> change apic->isr_count, because it should always be 1. The initial
> value of apic->isr_count was based on kvm_apic_vid_enabled(vcpu->kvm),
> which is always 0 for SVM, so KVM could have injected interrupts when it
> shouldn't.
>
> Fix it by setting SVM's hwapic_isr_update to NULL and make the initial
> isr_count depend on hwapic_isr_update() for good measure.
>
> Fixes: b4eef9b36db4 ("kvm: x86: vmx: NULL out hwapic_isr_update() in case of !enable_apicv")
> Reported-by: Borislav Petkov <[email protected]>
> Signed-off-by: Radim Krčmář <[email protected]>
> ---
> arch/x86/kvm/lapic.c | 4 ++--
> arch/x86/kvm/svm.c | 7 +------
> 2 files changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> index e55b5fc344eb..bd4e34de24c7 100644
> --- a/arch/x86/kvm/lapic.c
> +++ b/arch/x86/kvm/lapic.c
> @@ -1572,7 +1572,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
> apic_set_reg(apic, APIC_TMR + 0x10 * i, 0);
> }
> apic->irr_pending = kvm_apic_vid_enabled(vcpu->kvm);
> - apic->isr_count = kvm_apic_vid_enabled(vcpu->kvm);
> + apic->isr_count = kvm_x86_ops->hwapic_isr_update ? 1 : 0;
> apic->highest_isr_cache = -1;
> update_divide_count(apic);
> atomic_set(&apic->lapic_timer.pending, 0);
> @@ -1782,7 +1782,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
> update_divide_count(apic);
> start_apic_timer(apic);
> apic->irr_pending = true;
> - apic->isr_count = kvm_apic_vid_enabled(vcpu->kvm) ?
> + apic->isr_count = kvm_x86_ops->hwapic_isr_update ?
> 1 : count_vectors(apic->regs + APIC_ISR);
> apic->highest_isr_cache = -1;
> if (kvm_x86_ops->hwapic_irr_update)
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index d319e0c24758..54c7b36ad12d 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -3649,11 +3649,6 @@ static void svm_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
> return;
> }
>
> -static void svm_hwapic_isr_update(struct kvm *kvm, int isr)
> -{
> - return;
> -}
> -
> static void svm_sync_pir_to_irr(struct kvm_vcpu *vcpu)
> {
> return;
> @@ -4403,7 +4398,7 @@ static struct kvm_x86_ops svm_x86_ops = {
> .set_virtual_x2apic_mode = svm_set_virtual_x2apic_mode,
> .vm_has_apicv = svm_vm_has_apicv,
> .load_eoi_exitmap = svm_load_eoi_exitmap,
> - .hwapic_isr_update = svm_hwapic_isr_update,
> + .hwapic_isr_update = NULL,
Please remove the line altogether.
Paolo