From: Wanpeng Li <[email protected]>
watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [warn_test:3089]
irq event stamp: 20532
hardirqs last enabled at (20531): [<ffffffff8e9b6908>] restore_regs_and_iret+0x0/0x1d
hardirqs last disabled at (20532): [<ffffffff8e9b7ae8>] apic_timer_interrupt+0x98/0xb0
softirqs last enabled at (8266): [<ffffffff8e9badc6>] __do_softirq+0x206/0x4c1
softirqs last disabled at (8253): [<ffffffff8e083918>] irq_exit+0xf8/0x100
CPU: 5 PID: 3089 Comm: warn_test Tainted: G OE 4.13.0-rc3+ #8
RIP: 0010:kvm_mmu_prepare_zap_page+0x72/0x4b0 [kvm]
Call Trace:
make_mmu_pages_available.isra.120+0x71/0xc0 [kvm]
kvm_mmu_load+0x1cf/0x410 [kvm]
kvm_arch_vcpu_ioctl_run+0x1316/0x1bf0 [kvm]
kvm_vcpu_ioctl+0x340/0x700 [kvm]
? kvm_vcpu_ioctl+0x340/0x700 [kvm]
? __fget+0xfc/0x210
do_vfs_ioctl+0xa4/0x6a0
? __fget+0x11d/0x210
SyS_ioctl+0x79/0x90
entry_SYSCALL_64_fastpath+0x23/0xc2
? __this_cpu_preempt_check+0x13/0x20
This can be reproduced readily by ept=N and running syzkaller tests since
many syzkaller testcases don't setup any memory regions. However, if ept=Y
rmode identity map will be created, then kvm_mmu_calculate_mmu_pages() will
extend the number of VM's mmu pages to at least KVM_MIN_ALLOC_MMU_PAGES
which just hide the issue.
I saw the scenario kvm->arch.n_max_mmu_pages == 0 && kvm->arch.n_used_mmu_pages == 1,
so there is one active mmu page on the list, kvm_mmu_prepare_zap_page() fails
to zap any pages, however prepare_zap_oldest_mmu_page() always returns true.
It incurs infinite loop in make_mmu_pages_available() which causes mmu->lock
softlockup.
This patch fixes it by setting the return value of prepare_zap_oldest_mmu_page()
according to whether or not there is mmu page zapped. In addition, we bail out
immediately if there is no available mmu page to alloc root page.
Cc: Paolo Bonzini <[email protected]>
Cc: Radim Krčmář <[email protected]>
Signed-off-by: Wanpeng Li <[email protected]>
---
arch/x86/kvm/mmu.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 9b1dd11..b9897e8 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2608,9 +2608,7 @@ static bool prepare_zap_oldest_mmu_page(struct kvm *kvm,
sp = list_last_entry(&kvm->arch.active_mmu_pages,
struct kvm_mmu_page, link);
- kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
-
- return true;
+ return kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
}
/*
@@ -3379,6 +3377,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
spin_lock(&vcpu->kvm->mmu_lock);
make_mmu_pages_available(vcpu);
+ if (!kvm_mmu_available_pages(vcpu->kvm)) {
+ spin_unlock(&vcpu->kvm->mmu_lock);
+ return 1;
+ }
sp = kvm_mmu_get_page(vcpu, 0, 0, PT64_ROOT_LEVEL, 1, ACC_ALL);
++sp->root_count;
spin_unlock(&vcpu->kvm->mmu_lock);
@@ -3390,6 +3392,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
MMU_WARN_ON(VALID_PAGE(root));
spin_lock(&vcpu->kvm->mmu_lock);
make_mmu_pages_available(vcpu);
+ if (!kvm_mmu_available_pages(vcpu->kvm)) {
+ spin_unlock(&vcpu->kvm->mmu_lock);
+ return 1;
+ }
sp = kvm_mmu_get_page(vcpu, i << (30 - PAGE_SHIFT),
i << 30, PT32_ROOT_LEVEL, 1, ACC_ALL);
root = __pa(sp->spt);
@@ -3427,6 +3433,10 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu)
spin_lock(&vcpu->kvm->mmu_lock);
make_mmu_pages_available(vcpu);
+ if (!kvm_mmu_available_pages(vcpu->kvm)) {
+ spin_unlock(&vcpu->kvm->mmu_lock);
+ return 1;
+ }
sp = kvm_mmu_get_page(vcpu, root_gfn, 0, PT64_ROOT_LEVEL,
0, ACC_ALL);
root = __pa(sp->spt);
--
2.7.4
On 10/08/2017 15:55, Wanpeng Li wrote:
> From: Wanpeng Li <[email protected]>
>
> watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [warn_test:3089]
> irq event stamp: 20532
> hardirqs last enabled at (20531): [<ffffffff8e9b6908>] restore_regs_and_iret+0x0/0x1d
> hardirqs last disabled at (20532): [<ffffffff8e9b7ae8>] apic_timer_interrupt+0x98/0xb0
> softirqs last enabled at (8266): [<ffffffff8e9badc6>] __do_softirq+0x206/0x4c1
> softirqs last disabled at (8253): [<ffffffff8e083918>] irq_exit+0xf8/0x100
> CPU: 5 PID: 3089 Comm: warn_test Tainted: G OE 4.13.0-rc3+ #8
> RIP: 0010:kvm_mmu_prepare_zap_page+0x72/0x4b0 [kvm]
> Call Trace:
> make_mmu_pages_available.isra.120+0x71/0xc0 [kvm]
> kvm_mmu_load+0x1cf/0x410 [kvm]
> kvm_arch_vcpu_ioctl_run+0x1316/0x1bf0 [kvm]
> kvm_vcpu_ioctl+0x340/0x700 [kvm]
> ? kvm_vcpu_ioctl+0x340/0x700 [kvm]
> ? __fget+0xfc/0x210
> do_vfs_ioctl+0xa4/0x6a0
> ? __fget+0x11d/0x210
> SyS_ioctl+0x79/0x90
> entry_SYSCALL_64_fastpath+0x23/0xc2
> ? __this_cpu_preempt_check+0x13/0x20
>
> This can be reproduced readily by ept=N and running syzkaller tests since
> many syzkaller testcases don't setup any memory regions. However, if ept=Y
> rmode identity map will be created, then kvm_mmu_calculate_mmu_pages() will
> extend the number of VM's mmu pages to at least KVM_MIN_ALLOC_MMU_PAGES
> which just hide the issue.
>
> I saw the scenario kvm->arch.n_max_mmu_pages == 0 && kvm->arch.n_used_mmu_pages == 1,
> so there is one active mmu page on the list, kvm_mmu_prepare_zap_page() fails
> to zap any pages, however prepare_zap_oldest_mmu_page() always returns true.
> It incurs infinite loop in make_mmu_pages_available() which causes mmu->lock
> softlockup.
>
> This patch fixes it by setting the return value of prepare_zap_oldest_mmu_page()
> according to whether or not there is mmu page zapped. In addition, we bail out
> immediately if there is no available mmu page to alloc root page.
Nice!
But I think all callers of make_mmu_pages_available should be handled
the same way. I'm committing the first hunk for now. In the meanwhile,
can you look into returning -ENOSPC from make_mmu_pages_available if
!kvm_mmu_available_pages after zapping the pages?
Thanks,
Paolo
> Cc: Paolo Bonzini <[email protected]>
> Cc: Radim Krčmář <[email protected]>
> Signed-off-by: Wanpeng Li <[email protected]>
> ---
> arch/x86/kvm/mmu.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index 9b1dd11..b9897e8 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2608,9 +2608,7 @@ static bool prepare_zap_oldest_mmu_page(struct kvm *kvm,
>
> sp = list_last_entry(&kvm->arch.active_mmu_pages,
> struct kvm_mmu_page, link);
> - kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
> -
> - return true;
> + return kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
> }
>
> /*
> @@ -3379,6 +3377,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
> if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
> spin_lock(&vcpu->kvm->mmu_lock);
> make_mmu_pages_available(vcpu);
> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
> + spin_unlock(&vcpu->kvm->mmu_lock);
> + return 1;
> + }
> sp = kvm_mmu_get_page(vcpu, 0, 0, PT64_ROOT_LEVEL, 1, ACC_ALL);
> ++sp->root_count;
> spin_unlock(&vcpu->kvm->mmu_lock);
> @@ -3390,6 +3392,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
> MMU_WARN_ON(VALID_PAGE(root));
> spin_lock(&vcpu->kvm->mmu_lock);
> make_mmu_pages_available(vcpu);
> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
> + spin_unlock(&vcpu->kvm->mmu_lock);
> + return 1;
> + }
> sp = kvm_mmu_get_page(vcpu, i << (30 - PAGE_SHIFT),
> i << 30, PT32_ROOT_LEVEL, 1, ACC_ALL);
> root = __pa(sp->spt);
> @@ -3427,6 +3433,10 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu)
>
> spin_lock(&vcpu->kvm->mmu_lock);
> make_mmu_pages_available(vcpu);
> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
> + spin_unlock(&vcpu->kvm->mmu_lock);
> + return 1;
> + }
> sp = kvm_mmu_get_page(vcpu, root_gfn, 0, PT64_ROOT_LEVEL,
> 0, ACC_ALL);
> root = __pa(sp->spt);
>
2017-08-10 22:36 GMT+08:00 Paolo Bonzini <[email protected]>:
> On 10/08/2017 15:55, Wanpeng Li wrote:
>> From: Wanpeng Li <[email protected]>
>>
>> watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [warn_test:3089]
>> irq event stamp: 20532
>> hardirqs last enabled at (20531): [<ffffffff8e9b6908>] restore_regs_and_iret+0x0/0x1d
>> hardirqs last disabled at (20532): [<ffffffff8e9b7ae8>] apic_timer_interrupt+0x98/0xb0
>> softirqs last enabled at (8266): [<ffffffff8e9badc6>] __do_softirq+0x206/0x4c1
>> softirqs last disabled at (8253): [<ffffffff8e083918>] irq_exit+0xf8/0x100
>> CPU: 5 PID: 3089 Comm: warn_test Tainted: G OE 4.13.0-rc3+ #8
>> RIP: 0010:kvm_mmu_prepare_zap_page+0x72/0x4b0 [kvm]
>> Call Trace:
>> make_mmu_pages_available.isra.120+0x71/0xc0 [kvm]
>> kvm_mmu_load+0x1cf/0x410 [kvm]
>> kvm_arch_vcpu_ioctl_run+0x1316/0x1bf0 [kvm]
>> kvm_vcpu_ioctl+0x340/0x700 [kvm]
>> ? kvm_vcpu_ioctl+0x340/0x700 [kvm]
>> ? __fget+0xfc/0x210
>> do_vfs_ioctl+0xa4/0x6a0
>> ? __fget+0x11d/0x210
>> SyS_ioctl+0x79/0x90
>> entry_SYSCALL_64_fastpath+0x23/0xc2
>> ? __this_cpu_preempt_check+0x13/0x20
>>
>> This can be reproduced readily by ept=N and running syzkaller tests since
>> many syzkaller testcases don't setup any memory regions. However, if ept=Y
>> rmode identity map will be created, then kvm_mmu_calculate_mmu_pages() will
>> extend the number of VM's mmu pages to at least KVM_MIN_ALLOC_MMU_PAGES
>> which just hide the issue.
>>
>> I saw the scenario kvm->arch.n_max_mmu_pages == 0 && kvm->arch.n_used_mmu_pages == 1,
>> so there is one active mmu page on the list, kvm_mmu_prepare_zap_page() fails
>> to zap any pages, however prepare_zap_oldest_mmu_page() always returns true.
>> It incurs infinite loop in make_mmu_pages_available() which causes mmu->lock
>> softlockup.
>>
>> This patch fixes it by setting the return value of prepare_zap_oldest_mmu_page()
>> according to whether or not there is mmu page zapped. In addition, we bail out
>> immediately if there is no available mmu page to alloc root page.
>
> Nice!
>
> But I think all callers of make_mmu_pages_available should be handled
> the same way. I'm committing the first hunk for now. In the meanwhile,
> can you look into returning -ENOSPC from make_mmu_pages_available if
> !kvm_mmu_available_pages after zapping the pages?
Good point. :)
Regards,
Wanpeng Li
>
> Thanks,
>
> Paolo
>> Cc: Paolo Bonzini <[email protected]>
>> Cc: Radim Krčmář <[email protected]>
>> Signed-off-by: Wanpeng Li <[email protected]>
>> ---
>> arch/x86/kvm/mmu.c | 16 +++++++++++++---
>> 1 file changed, 13 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
>> index 9b1dd11..b9897e8 100644
>> --- a/arch/x86/kvm/mmu.c
>> +++ b/arch/x86/kvm/mmu.c
>> @@ -2608,9 +2608,7 @@ static bool prepare_zap_oldest_mmu_page(struct kvm *kvm,
>>
>> sp = list_last_entry(&kvm->arch.active_mmu_pages,
>> struct kvm_mmu_page, link);
>> - kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
>> -
>> - return true;
>> + return kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
>> }
>>
>> /*
>> @@ -3379,6 +3377,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
>> if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
>> spin_lock(&vcpu->kvm->mmu_lock);
>> make_mmu_pages_available(vcpu);
>> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
>> + spin_unlock(&vcpu->kvm->mmu_lock);
>> + return 1;
>> + }
>> sp = kvm_mmu_get_page(vcpu, 0, 0, PT64_ROOT_LEVEL, 1, ACC_ALL);
>> ++sp->root_count;
>> spin_unlock(&vcpu->kvm->mmu_lock);
>> @@ -3390,6 +3392,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
>> MMU_WARN_ON(VALID_PAGE(root));
>> spin_lock(&vcpu->kvm->mmu_lock);
>> make_mmu_pages_available(vcpu);
>> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
>> + spin_unlock(&vcpu->kvm->mmu_lock);
>> + return 1;
>> + }
>> sp = kvm_mmu_get_page(vcpu, i << (30 - PAGE_SHIFT),
>> i << 30, PT32_ROOT_LEVEL, 1, ACC_ALL);
>> root = __pa(sp->spt);
>> @@ -3427,6 +3433,10 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu)
>>
>> spin_lock(&vcpu->kvm->mmu_lock);
>> make_mmu_pages_available(vcpu);
>> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
>> + spin_unlock(&vcpu->kvm->mmu_lock);
>> + return 1;
>> + }
>> sp = kvm_mmu_get_page(vcpu, root_gfn, 0, PT64_ROOT_LEVEL,
>> 0, ACC_ALL);
>> root = __pa(sp->spt);
>>
>
2017-08-10 22:36 GMT+08:00 Paolo Bonzini <[email protected]>:
> On 10/08/2017 15:55, Wanpeng Li wrote:
>> From: Wanpeng Li <[email protected]>
>>
>> watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [warn_test:3089]
>> irq event stamp: 20532
>> hardirqs last enabled at (20531): [<ffffffff8e9b6908>] restore_regs_and_iret+0x0/0x1d
>> hardirqs last disabled at (20532): [<ffffffff8e9b7ae8>] apic_timer_interrupt+0x98/0xb0
>> softirqs last enabled at (8266): [<ffffffff8e9badc6>] __do_softirq+0x206/0x4c1
>> softirqs last disabled at (8253): [<ffffffff8e083918>] irq_exit+0xf8/0x100
>> CPU: 5 PID: 3089 Comm: warn_test Tainted: G OE 4.13.0-rc3+ #8
>> RIP: 0010:kvm_mmu_prepare_zap_page+0x72/0x4b0 [kvm]
>> Call Trace:
>> make_mmu_pages_available.isra.120+0x71/0xc0 [kvm]
>> kvm_mmu_load+0x1cf/0x410 [kvm]
>> kvm_arch_vcpu_ioctl_run+0x1316/0x1bf0 [kvm]
>> kvm_vcpu_ioctl+0x340/0x700 [kvm]
>> ? kvm_vcpu_ioctl+0x340/0x700 [kvm]
>> ? __fget+0xfc/0x210
>> do_vfs_ioctl+0xa4/0x6a0
>> ? __fget+0x11d/0x210
>> SyS_ioctl+0x79/0x90
>> entry_SYSCALL_64_fastpath+0x23/0xc2
>> ? __this_cpu_preempt_check+0x13/0x20
>>
>> This can be reproduced readily by ept=N and running syzkaller tests since
>> many syzkaller testcases don't setup any memory regions. However, if ept=Y
>> rmode identity map will be created, then kvm_mmu_calculate_mmu_pages() will
>> extend the number of VM's mmu pages to at least KVM_MIN_ALLOC_MMU_PAGES
>> which just hide the issue.
>>
>> I saw the scenario kvm->arch.n_max_mmu_pages == 0 && kvm->arch.n_used_mmu_pages == 1,
>> so there is one active mmu page on the list, kvm_mmu_prepare_zap_page() fails
>> to zap any pages, however prepare_zap_oldest_mmu_page() always returns true.
>> It incurs infinite loop in make_mmu_pages_available() which causes mmu->lock
>> softlockup.
>>
>> This patch fixes it by setting the return value of prepare_zap_oldest_mmu_page()
>> according to whether or not there is mmu page zapped. In addition, we bail out
>> immediately if there is no available mmu page to alloc root page.
>
> Nice!
>
> But I think all callers of make_mmu_pages_available should be handled
> the same way. I'm committing the first hunk for now. In the meanwhile,
I saw the commit "KVM: MMU: Fix softlockup due to infinite loop" is
lost from kvm/queue?
Regards,
Wanpeng Li
> can you look into returning -ENOSPC from make_mmu_pages_available if
> !kvm_mmu_available_pages after zapping the pages?
>
> Thanks,
>
> Paolo
>> Cc: Paolo Bonzini <[email protected]>
>> Cc: Radim Krčmář <[email protected]>
>> Signed-off-by: Wanpeng Li <[email protected]>
>> ---
>> arch/x86/kvm/mmu.c | 16 +++++++++++++---
>> 1 file changed, 13 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
>> index 9b1dd11..b9897e8 100644
>> --- a/arch/x86/kvm/mmu.c
>> +++ b/arch/x86/kvm/mmu.c
>> @@ -2608,9 +2608,7 @@ static bool prepare_zap_oldest_mmu_page(struct kvm *kvm,
>>
>> sp = list_last_entry(&kvm->arch.active_mmu_pages,
>> struct kvm_mmu_page, link);
>> - kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
>> -
>> - return true;
>> + return kvm_mmu_prepare_zap_page(kvm, sp, invalid_list);
>> }
>>
>> /*
>> @@ -3379,6 +3377,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
>> if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
>> spin_lock(&vcpu->kvm->mmu_lock);
>> make_mmu_pages_available(vcpu);
>> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
>> + spin_unlock(&vcpu->kvm->mmu_lock);
>> + return 1;
>> + }
>> sp = kvm_mmu_get_page(vcpu, 0, 0, PT64_ROOT_LEVEL, 1, ACC_ALL);
>> ++sp->root_count;
>> spin_unlock(&vcpu->kvm->mmu_lock);
>> @@ -3390,6 +3392,10 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu)
>> MMU_WARN_ON(VALID_PAGE(root));
>> spin_lock(&vcpu->kvm->mmu_lock);
>> make_mmu_pages_available(vcpu);
>> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
>> + spin_unlock(&vcpu->kvm->mmu_lock);
>> + return 1;
>> + }
>> sp = kvm_mmu_get_page(vcpu, i << (30 - PAGE_SHIFT),
>> i << 30, PT32_ROOT_LEVEL, 1, ACC_ALL);
>> root = __pa(sp->spt);
>> @@ -3427,6 +3433,10 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu)
>>
>> spin_lock(&vcpu->kvm->mmu_lock);
>> make_mmu_pages_available(vcpu);
>> + if (!kvm_mmu_available_pages(vcpu->kvm)) {
>> + spin_unlock(&vcpu->kvm->mmu_lock);
>> + return 1;
>> + }
>> sp = kvm_mmu_get_page(vcpu, root_gfn, 0, PT64_ROOT_LEVEL,
>> 0, ACC_ALL);
>> root = __pa(sp->spt);
>>
>
2017-08-12 05:51+0800, Wanpeng Li:
> 2017-08-10 22:36 GMT+08:00 Paolo Bonzini <[email protected]>:
> > On 10/08/2017 15:55, Wanpeng Li wrote:
> >> From: Wanpeng Li <[email protected]>
> >>
> >> watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [warn_test:3089]
> >> irq event stamp: 20532
> >> hardirqs last enabled at (20531): [<ffffffff8e9b6908>] restore_regs_and_iret+0x0/0x1d
> >> hardirqs last disabled at (20532): [<ffffffff8e9b7ae8>] apic_timer_interrupt+0x98/0xb0
> >> softirqs last enabled at (8266): [<ffffffff8e9badc6>] __do_softirq+0x206/0x4c1
> >> softirqs last disabled at (8253): [<ffffffff8e083918>] irq_exit+0xf8/0x100
> >> CPU: 5 PID: 3089 Comm: warn_test Tainted: G OE 4.13.0-rc3+ #8
> >> RIP: 0010:kvm_mmu_prepare_zap_page+0x72/0x4b0 [kvm]
> >> Call Trace:
> >> make_mmu_pages_available.isra.120+0x71/0xc0 [kvm]
> >> kvm_mmu_load+0x1cf/0x410 [kvm]
> >> kvm_arch_vcpu_ioctl_run+0x1316/0x1bf0 [kvm]
> >> kvm_vcpu_ioctl+0x340/0x700 [kvm]
> >> ? kvm_vcpu_ioctl+0x340/0x700 [kvm]
> >> ? __fget+0xfc/0x210
> >> do_vfs_ioctl+0xa4/0x6a0
> >> ? __fget+0x11d/0x210
> >> SyS_ioctl+0x79/0x90
> >> entry_SYSCALL_64_fastpath+0x23/0xc2
> >> ? __this_cpu_preempt_check+0x13/0x20
> >>
> >> This can be reproduced readily by ept=N and running syzkaller tests since
> >> many syzkaller testcases don't setup any memory regions. However, if ept=Y
> >> rmode identity map will be created, then kvm_mmu_calculate_mmu_pages() will
> >> extend the number of VM's mmu pages to at least KVM_MIN_ALLOC_MMU_PAGES
> >> which just hide the issue.
> >>
> >> I saw the scenario kvm->arch.n_max_mmu_pages == 0 && kvm->arch.n_used_mmu_pages == 1,
> >> so there is one active mmu page on the list, kvm_mmu_prepare_zap_page() fails
> >> to zap any pages, however prepare_zap_oldest_mmu_page() always returns true.
> >> It incurs infinite loop in make_mmu_pages_available() which causes mmu->lock
> >> softlockup.
> >>
> >> This patch fixes it by setting the return value of prepare_zap_oldest_mmu_page()
> >> according to whether or not there is mmu page zapped. In addition, we bail out
> >> immediately if there is no available mmu page to alloc root page.
> >
> > Nice!
> >
> > But I think all callers of make_mmu_pages_available should be handled
> > the same way. I'm committing the first hunk for now. In the meanwhile,
>
> I saw the commit "KVM: MMU: Fix softlockup due to infinite loop" is
> lost from kvm/queue?
Ah, I found it on an old snapshot. Paolo made changes to the commit
message and the same code change is now called
"KVM: MMU: Fix softlockup due to mmu_lock is held too long".