# git rev-parse -q --verify 1d0c32ec3b860a32df593a22bad0d1dbc5546a59^{commit}
1d0c32ec3b860a32df593a22bad0d1dbc5546a59
already have revision, skipping fetch
# git checkout -q -f -B kisskb 1d0c32ec3b860a32df593a22bad0d1dbc5546a59
# git clean -qxdf
# < git log -1
# commit 1d0c32ec3b860a32df593a22bad0d1dbc5546a59
# Author: Greg Kurz <groug@kaod.org>
# Date:   Wed Mar 18 18:43:30 2020 +0100
# 
#     KVM: PPC: Fix kernel crash with PR KVM
#     
#     With PR KVM, shutting down a VM causes the host kernel to crash:
#     
#     [  314.219284] BUG: Unable to handle kernel data access on read at 0xc00800000176c638
#     [  314.219299] Faulting instruction address: 0xc008000000d4ddb0
#     cpu 0x0: Vector: 300 (Data Access) at [c00000036da077a0]
#         pc: c008000000d4ddb0: kvmppc_mmu_pte_flush_all+0x68/0xd0 [kvm_pr]
#         lr: c008000000d4dd94: kvmppc_mmu_pte_flush_all+0x4c/0xd0 [kvm_pr]
#         sp: c00000036da07a30
#        msr: 900000010280b033
#        dar: c00800000176c638
#      dsisr: 40000000
#       current = 0xc00000036d4c0000
#       paca    = 0xc000000001a00000   irqmask: 0x03   irq_happened: 0x01
#         pid   = 1992, comm = qemu-system-ppc
#     Linux version 5.6.0-master-gku+ (greg@palmb) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #17 SMP Wed Mar 18 13:49:29 CET 2020
#     enter ? for help
#     [c00000036da07ab0] c008000000d4fbe0 kvmppc_mmu_destroy_pr+0x28/0x60 [kvm_pr]
#     [c00000036da07ae0] c0080000009eab8c kvmppc_mmu_destroy+0x34/0x50 [kvm]
#     [c00000036da07b00] c0080000009e50c0 kvm_arch_vcpu_destroy+0x108/0x140 [kvm]
#     [c00000036da07b30] c0080000009d1b50 kvm_vcpu_destroy+0x28/0x80 [kvm]
#     [c00000036da07b60] c0080000009e4434 kvm_arch_destroy_vm+0xbc/0x190 [kvm]
#     [c00000036da07ba0] c0080000009d9c2c kvm_put_kvm+0x1d4/0x3f0 [kvm]
#     [c00000036da07c00] c0080000009da760 kvm_vm_release+0x38/0x60 [kvm]
#     [c00000036da07c30] c000000000420be0 __fput+0xe0/0x310
#     [c00000036da07c90] c0000000001747a0 task_work_run+0x150/0x1c0
#     [c00000036da07cf0] c00000000014896c do_exit+0x44c/0xd00
#     [c00000036da07dc0] c0000000001492f4 do_group_exit+0x64/0xd0
#     [c00000036da07e00] c000000000149384 sys_exit_group+0x24/0x30
#     [c00000036da07e20] c00000000000b9d0 system_call+0x5c/0x68
#     
#     This is caused by a use-after-free in kvmppc_mmu_pte_flush_all()
#     which dereferences vcpu->arch.book3s which was previously freed by
#     kvmppc_core_vcpu_free_pr(). This happens because kvmppc_mmu_destroy()
#     is called after kvmppc_core_vcpu_free() since commit ff030fdf5573
#     ("KVM: PPC: Move kvm_vcpu_init() invocation to common code").
#     
#     The kvmppc_mmu_destroy() helper calls one of the following depending
#     on the KVM backend:
#     
#     - kvmppc_mmu_destroy_hv() which does nothing (Book3s HV)
#     
#     - kvmppc_mmu_destroy_pr() which undoes the effects of
#       kvmppc_mmu_init() (Book3s PR 32-bit)
#     
#     - kvmppc_mmu_destroy_pr() which undoes the effects of
#       kvmppc_mmu_init() (Book3s PR 64-bit)
#     
#     - kvmppc_mmu_destroy_e500() which does nothing (BookE e500/e500mc)
#     
#     It turns out that this is only relevant to PR KVM actually. And both
#     32 and 64 backends need vcpu->arch.book3s to be valid when calling
#     kvmppc_mmu_destroy_pr(). So instead of calling kvmppc_mmu_destroy()
#     from kvm_arch_vcpu_destroy(), call kvmppc_mmu_destroy_pr() at the
#     beginning of kvmppc_core_vcpu_free_pr(). This is consistent with
#     kvmppc_mmu_init() being the last call in kvmppc_core_vcpu_create_pr().
#     
#     For the same reason, if kvmppc_core_vcpu_create_pr() returns an
#     error then this means that kvmppc_mmu_init() was either not called
#     or failed, in which case kvmppc_mmu_destroy() should not be called.
#     Drop the line in the error path of kvm_arch_vcpu_create().
#     
#     Fixes: ff030fdf5573 ("KVM: PPC: Move kvm_vcpu_init() invocation to common code")
#     Signed-off-by: Greg Kurz <groug@kaod.org>
#     Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
#     Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
#     Link: https://lore.kernel.org/r/158455341029.178873.15248663726399374882.stgit@bahia.lan
# < /opt/cross/kisskb/korg/gcc-4.9.4-nolibc/mips-linux/bin/mips-linux-gcc --version
# < /opt/cross/kisskb/korg/gcc-4.9.4-nolibc/mips-linux/bin/mips-linux-ld --version
# < git log --format=%s --max-count=1 1d0c32ec3b860a32df593a22bad0d1dbc5546a59
# < make -s -j 24 ARCH=mips O=/kisskb/build/powerpc-fixes_mips-defconfig_mips-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/mips-linux/bin/mips-linux-  defconfig
# < make -s -j 24 ARCH=mips O=/kisskb/build/powerpc-fixes_mips-defconfig_mips-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/mips-linux/bin/mips-linux-  help
# make -s -j 24 ARCH=mips O=/kisskb/build/powerpc-fixes_mips-defconfig_mips-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/mips-linux/bin/mips-linux-  olddefconfig
# make -s -j 24 ARCH=mips O=/kisskb/build/powerpc-fixes_mips-defconfig_mips-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/mips-linux/bin/mips-linux-  
FIT description: Linux 5.6.0-rc2-g1d0c32ec3b86
Created:         Fri Mar 20 17:19:56 2020
 Image 0 (kernel@0)
  Description:  Linux 5.6.0-rc2-g1d0c32ec3b86
  Created:      Fri Mar 20 17:19:56 2020
  Type:         Kernel Image
  Compression:  gzip compressed
  Data Size:    4906272 Bytes = 4791.28 KiB = 4.68 MiB
  Architecture: MIPS
  OS:           Linux
  Load Address: 0x80100000
  Entry Point:  0x808ffe70
  Hash algo:    sha1
  Hash value:   096a96af3afc97d7044e7932baa49512abe55658
 Image 1 (fdt@boston)
  Description:  img,boston Device Tree
  Created:      Fri Mar 20 17:19:56 2020
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    3793 Bytes = 3.70 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   4799f50d688573234da6e9d7701234d394759ef4
 Image 2 (fdt@ni169445)
  Description:  NI 169445 device tree
  Created:      Fri Mar 20 17:19:56 2020
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    1871 Bytes = 1.83 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   51b89b31605ee62038c8468c429af091dfc75ec7
 Image 3 (fdt@ocelot_pcb123)
  Description:  MSCC Ocelot PCB123 Device Tree
  Created:      Fri Mar 20 17:19:56 2020
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    4639 Bytes = 4.53 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   018897896b42c41c943aca35a20e4300dba250c8
 Image 4 (fdt@ocelot_pcb120)
  Description:  MSCC Ocelot PCB120 Device Tree
  Created:      Fri Mar 20 17:19:56 2020
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    5198 Bytes = 5.08 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   36c7bd0bd79cfc2f7dd6acda6c7996294f4967e6
 Image 5 (fdt@xilfpga)
  Description:  MIPSfpga (xilfpga) Device Tree
  Created:      Fri Mar 20 17:19:56 2020
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    2708 Bytes = 2.64 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   63d058b780f65e22da30f0a183433765f1807f1d
 Default Configuration: 'conf@default'
 Configuration 0 (conf@default)
  Description:  Generic Linux kernel
  Kernel:       kernel@0
 Configuration 1 (conf@boston)
  Description:  Boston Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@boston
 Configuration 2 (conf@ni169445)
  Description:  NI 169445 Linux Kernel
  Kernel:       kernel@0
  FDT:          fdt@ni169445
 Configuration 3 (conf@ocelot_pcb123)
  Description:  Ocelot Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@ocelot_pcb123
 Configuration 4 (conf@ocelot_pcb120)
  Description:  Ocelot Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@ocelot_pcb120
 Configuration 5 (conf@xilfpga)
  Description:  MIPSfpga Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@xilfpga
Completed OK
# rm -rf /kisskb/build/powerpc-fixes_mips-defconfig_mips-gcc4.9
# Build took: 0:02:02.521089