Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp6562894imb;
        Fri, 8 Mar 2019 23:23:30 -0800 (PST)
X-Google-Smtp-Source: APXvYqyMnjbNc4gsIXnt+hDfZvzqrHKVlNMiEBSwDD/9RMwGdxQxWCh4VLT7OdAX6N5wDiGn1MgH
X-Received: by 2002:a63:c04e:: with SMTP id z14mr20109722pgi.20.1552116210644;
        Fri, 08 Mar 2019 23:23:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1552116210; cv=none;
        d=google.com; s=arc-20160816;
        b=u2Sbscc/N0lMrc8dluY1JAfHdKdMnd5hnPudZDzfjBvCwTIaCpcD6hh60XLMdO+2/D
         /IB8z6ehAQ5mq//k1bFCj68bw2KSC1qb6Rfn2DcDV/5tlsb4UvobO6AT44nU+H2WYa1a
         zuRNuQMM4ExN9hlXUvx1vyDzyHHDifqn0tUV7bZOY97PXU20fqVeuisSJPMF1MN7KtxD
         HOYDXrN67XWyFXc3PrjB0pJpu38FlScO144ukFGABhzgR9KaVj4AP5/YwxwGG8zxmtjh
         WrskyIaHXOUwDD8kfaxnKoKq+QdDp6OYGtvBZEMjXJbb+0TlG1ZyOp9LqB3DdE4dlooq
         x53Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :content-language:accept-language:in-reply-to:references:message-id
         :date:thread-index:thread-topic:subject:cc:to:from;
        bh=ns/iRBGReFI+mWm8w6KXe2MGIiBF+QG5+g6/NmpfhTg=;
        b=rMz0oa2tA6WB8+6ETt/dAVAW2YXndLbIc892qEr5IzDGtuWg4KdDbWhTEYBZJBrmGc
         L03iCqRW1y5rYBk+PWnWC+R2OLBa8L27OaVfHeham6A+r4PaoI82vUvmqkoPevzdksT7
         eNYvRuk83q3yfQ6yj8zOKrN/o96zNi5zmVOmrMjDyhJcThY3jsR0PHKbe+mZSCKTD/1h
         0dQ8g0zsltYfHF8hBhKLQdxu/FgEZThhmh3mzyeMgIF6C3EkTsNtINigSc5qh4d0RlRW
         TlBmUa1qouX4cfsoysaYBxv0INlGTnNsIIN3p5pCTLgRwit1wOnQvP1UafjLBoYQ37NP
         lGhA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 34si3640994plm.221.2019.03.08.23.23.15;
        Fri, 08 Mar 2019 23:23:30 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726797AbfCIHVO convert rfc822-to-8bit (ORCPT
        <rfc822;zhangckid@gmail.com> + 99 others);
        Sat, 9 Mar 2019 02:21:14 -0500
Received: from szxga02-in.huawei.com ([45.249.212.188]:2510 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1725787AbfCIHVN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 9 Mar 2019 02:21:13 -0500
Received: from DGGEML403-HUB.china.huawei.com (unknown [172.30.72.55])
        by Forcepoint Email with ESMTP id A07D98D568A4C2C417F5;
        Sat,  9 Mar 2019 15:21:11 +0800 (CST)
Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.97]) by
 DGGEML403-HUB.china.huawei.com ([fe80::74d9:c659:fbec:21fa%31]) with mapi id
 14.03.0415.000; Sat, 9 Mar 2019 15:21:03 +0800
From:   "Gonglei (Arei)" <arei.gonglei@huawei.com>
To:     longpeng <longpeng2@huawei.com>, "mst@redhat.com" <mst@redhat.com>,
        "jasowang@redhat.com" <jasowang@redhat.com>
CC:     "virtualization@lists.linux-foundation.org" 
        <virtualization@lists.linux-foundation.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH] virtio_pci: fix a NULL pointer reference in vp_del_vqs
Thread-Topic: [PATCH] virtio_pci: fix a NULL pointer reference in vp_del_vqs
Thread-Index: AQHU1kg9AsziBYj2hk2nipAnPGHPf6YC5FZA
Date:   Sat, 9 Mar 2019 07:21:02 +0000
Message-ID: <33183CC9F5247A488A2544077AF19020DB286191@dggeml531-mbs.china.huawei.com>
References: <1552115860-328324-1-git-send-email-longpeng2@huawei.com>
In-Reply-To: <1552115860-328324-1-git-send-email-longpeng2@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.177.18.62]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8BIT
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> -----Original Message-----
> From: longpeng
> Sent: Saturday, March 09, 2019 3:18 PM
> To: mst@redhat.com; jasowang@redhat.com
> Cc: virtualization@lists.linux-foundation.org; linux-kernel@vger.kernel.org;
> longpeng <longpeng2@huawei.com>; Gonglei (Arei)
> <arei.gonglei@huawei.com>
> Subject: [PATCH] virtio_pci: fix a NULL pointer reference in vp_del_vqs
> 
> From: Longpeng <longpeng2@huawei.com>
> 
> If the msix_affinity_masks is alloced failed, then we'll
> try to free some resources in vp_free_vectors() that may
> access it directly.
> 
> We met the following stack in our production:
> [   29.296767] BUG: unable to handle kernel NULL pointer dereference at
> (null)
> [   29.311151] IP: [<ffffffffc04fe35a>] vp_free_vectors+0x6a/0x150 [virtio_pci]
> [   29.324787] PGD 0
> [   29.333224] Oops: 0000 [#1] SMP
> [...]
> [   29.425175] RIP: 0010:[<ffffffffc04fe35a>]  [<ffffffffc04fe35a>]
> vp_free_vectors+0x6a/0x150 [virtio_pci]
> [   29.441405] RSP: 0018:ffff9a55c2dcfa10  EFLAGS: 00010206
> [   29.453491] RAX: 0000000000000000 RBX: ffff9a55c322c400 RCX:
> 0000000000000000
> [   29.467488] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
> ffff9a55c322c400
> [   29.481461] RBP: ffff9a55c2dcfa20 R08: 0000000000000000 R09:
> ffffc1b6806ff020
> [   29.495427] R10: 0000000000000e95 R11: 0000000000aaaaaa R12:
> 0000000000000000
> [   29.509414] R13: 0000000000010000 R14: ffff9a55bd2d9e98 R15:
> ffff9a55c322c400
> [   29.523407] FS:  00007fdcba69f8c0(0000) GS:ffff9a55c2840000(0000)
> knlGS:0000000000000000
> [   29.538472] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   29.551621] CR2: 0000000000000000 CR3: 000000003ce52000 CR4:
> 00000000003607a0
> [   29.565886] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [   29.580055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [   29.594122] Call Trace:
> [   29.603446]  [<ffffffffc04fe8a2>] vp_request_msix_vectors+0xe2/0x260
> [virtio_pci]
> [   29.618017]  [<ffffffffc04fedc5>] vp_try_to_find_vqs+0x95/0x3b0
> [virtio_pci]
> [   29.632152]  [<ffffffffc04ff117>] vp_find_vqs+0x37/0xb0 [virtio_pci]
> [   29.645582]  [<ffffffffc057bf63>] init_vq+0x153/0x260 [virtio_blk]
> [   29.658831]  [<ffffffffc057c1e8>] virtblk_probe+0xe8/0x87f [virtio_blk]
> [...]
> 
> Cc: Gonglei <arei.gonglei@huawei.com>
> Signed-off-by: Longpeng <longpeng2@huawei.com>
> ---
>  drivers/virtio/virtio_pci_common.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 

Reviewed-by: Gonglei <arei.gonglei@huawei.com>

Thanks,
-Gonglei

> diff --git a/drivers/virtio/virtio_pci_common.c
> b/drivers/virtio/virtio_pci_common.c
> index d0584c0..7a0398b 100644
> --- a/drivers/virtio/virtio_pci_common.c
> +++ b/drivers/virtio/virtio_pci_common.c
> @@ -255,9 +255,11 @@ void vp_del_vqs(struct virtio_device *vdev)
>  	for (i = 0; i < vp_dev->msix_used_vectors; ++i)
>  		free_irq(pci_irq_vector(vp_dev->pci_dev, i), vp_dev);
> 
> -	for (i = 0; i < vp_dev->msix_vectors; i++)
> -		if (vp_dev->msix_affinity_masks[i])
> -			free_cpumask_var(vp_dev->msix_affinity_masks[i]);
> +	if (vp_dev->msix_affinity_masks) {
> +		for (i = 0; i < vp_dev->msix_vectors; i++)
> +			if (vp_dev->msix_affinity_masks[i])
> +				free_cpumask_var(vp_dev->msix_affinity_masks[i]);
> +	}
> 
>  	if (vp_dev->msix_enabled) {
>  		/* Disable the vector used for configuration */
> --
> 1.8.3.1
>