lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87twwbcf4h.fsf@vitty.brq.redhat.com>
Date:	Mon, 20 Apr 2015 11:39:58 +0200
From:	Vitaly Kuznetsov <vkuznets@...hat.com>
To:	"K. Y. Srinivasan" <kys@...rosoft.com>
Cc:	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	devel@...uxdriverproject.org, olaf@...fle.de, apw@...onical.com,
	jasowang@...hat.com
Subject: Re: [PATCH 5/5] Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state

"K. Y. Srinivasan" <kys@...rosoft.com> writes:

> Implement the protocol for tearing down the monitor state established with
> the host.
>
> Signed-off-by: K. Y. Srinivasan <kys@...rosoft.com>

Unfortunatelly this patch leads to the following crash:

pre-udev:/# modprobe hv_vmbus
modprobe hv_vmbus
[   14.832334] hv_vmbus: Hyper-V Host Build:9600-6.3-17-0.17039; Vmbus version:3.0
[   14.834179] hv_vmbus: CPU offlining is not supported by hypervisor
pre-udev:/# modprobe -r hv_vmbus
modprobe -r hv_vmbus
[   20.640893] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   20.641104] IP: [<          (null)>]           (null)
[   20.641104] PGD 3037b067 PUD 2f41c067 PMD 0 
[   20.641104] Oops: 0010 [#1] SMP DEBUG_PAGEALLOC KASAN
[   20.641104] Modules linked in: hv_vmbus(-)
[   20.641104] CPU: 4 PID: 296 Comm: modprobe Not tainted 4.0.0-rc5_vmbus_acpi_remove2+ #583
[   20.641104] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012
[   20.641104] task: ffff88002f47e360 ti: ffff88002f618000 task.ti: ffff88002f618000
[   20.641104] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
[   20.641104] RSP: 0018:ffff88002f61fe60  EFLAGS: 00010246
[   20.641104] RAX: 0000000030374000 RBX: ffff880030374000 RCX: 000000000000005c
[   20.641104] RDX: 0000000030374000 RSI: ffff88002f61fee0 RDI: ffff880030374000
[   20.641104] RBP: ffff88002f61fe88 R08: 0000000000000000 R09: ffff88002f61fed8
[   20.641104] R10: ffff880034008240 R11: 0000000000000010 R12: 0000000000000014
[   20.641104] R13: 0000000000000008 R14: ffff88002f61fed8 R15: 0000000000000000
[   20.641104] FS:  00007fc1ffdaa700(0000) GS:ffff880034500000(0000) knlGS:0000000000000000
[   20.641104] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   20.641104] CR2: 0000000000000000 CR3: 000000002f4ec000 CR4: 00000000001407e0
[   20.641104] Stack:
[   20.641104]  ffffffffa00016c7 0000000000000000 00000000b7f74867 ffffffffa0005ec9
[   20.641104]  0000000000000001 ffff88002f61fec8 ffffffffa000209c ffff88002f61fec8
[   20.641104]  0000000000000200 ffffffff8210ccc0 0000000000000001 0000000001c7d460
[   20.641104] Call Trace:
[   20.641104]  [<ffffffffa00016c7>] ? hv_post_message+0x87/0xb0 [hv_vmbus]
[   20.641104]  [<ffffffffa000209c>] vmbus_post_msg+0x3c/0xc0 [hv_vmbus]
[   20.641104]  [<ffffffffa00045b5>] vmbus_initiate_unload+0x65/0x90 [hv_vmbus]
[   20.641104]  [<ffffffffa0001d7e>] vmbus_disconnect+0xe/0x80 [hv_vmbus]
[   20.641104]  [<ffffffffa0004dd1>] vmbus_exit+0xe9/0x318 [hv_vmbus]
[   20.641104]  [<ffffffff8110704c>] SyS_delete_module+0x1ac/0x230
[   20.641104]  [<ffffffff81aa83f6>] ? int_with_check+0x27/0x69
[   20.641104]  [<ffffffff81aa8209>] system_call_fastpath+0x12/0x17
[   20.641104] Code:  Bad RIP value.
[   20.641104] RIP  [<          (null)>]           (null)
[   20.641104]  RSP <ffff88002f61fe60>
[   20.641104] CR2: 0000000000000000
[   20.708666] ---[ end trace 76d9daf92f0e3af8 ]---
[   20.709944] Kernel panic - not syncing: Fatal exception
[   20.710933] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
[   20.710933] ---[ end Kernel panic - not syncing: Fatal exception

I'll try to investigate.

> ---
>  drivers/hv/channel_mgmt.c |   25 +++++++++++++++++++++++++
>  drivers/hv/connection.c   |    5 +++++
>  drivers/hv/hyperv_vmbus.h |    2 ++
>  include/linux/hyperv.h    |    1 +
>  4 files changed, 33 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
> index 865a3af..4b9d89a 100644
> --- a/drivers/hv/channel_mgmt.c
> +++ b/drivers/hv/channel_mgmt.c
> @@ -422,6 +422,30 @@ static void init_vp_index(struct vmbus_channel *channel, const uuid_le *type_gui
>  }
>
>  /*
> + * vmbus_unload_response - Handler for the unload response.
> + */
> +static void vmbus_unload_response(struct vmbus_channel_message_header *hdr)
> +{
> +	/*
> +	 * This is a global event; just wakeup the waiting thread.
> +	 * Once we successfully unload, we can cleanup the monitor state.
> +	 */
> +	complete(&vmbus_connection.unload_event);
> +}
> +
> +void vmbus_initiate_unload(void)
> +{
> +	struct vmbus_channel_message_header hdr;
> +
> +	init_completion(&vmbus_connection.unload_event);
> +	memset(&hdr, 0, sizeof(struct vmbus_channel_message_header));
> +	hdr.msgtype = CHANNELMSG_UNLOAD;
> +	vmbus_post_msg(&hdr, sizeof(struct vmbus_channel_message_header));
> +
> +	wait_for_completion(&vmbus_connection.unload_event);
> +}
> +
> +/*
>   * vmbus_onoffer - Handler for channel offers from vmbus in parent partition.
>   *
>   */
> @@ -717,6 +741,7 @@ struct vmbus_channel_message_table_entry
>  	{CHANNELMSG_INITIATE_CONTACT,		0, NULL},
>  	{CHANNELMSG_VERSION_RESPONSE,		1, vmbus_onversion_response},
>  	{CHANNELMSG_UNLOAD,			0, NULL},
> +	{CHANNELMSG_UNLOAD_RESPONSE,		1, vmbus_unload_response},
>  };
>
>  /*
> diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
> index b27220a..acd50e9 100644
> --- a/drivers/hv/connection.c
> +++ b/drivers/hv/connection.c
> @@ -227,6 +227,11 @@ cleanup:
>
>  void vmbus_disconnect(void)
>  {
> +	/*
> +	 * First send the unload request to the host.
> +	 */
> +	vmbus_initiate_unload();
> +
>  	if (vmbus_connection.work_queue) {
>  		drain_workqueue(vmbus_connection.work_queue);
>  		destroy_workqueue(vmbus_connection.work_queue);
> diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
> index 138d663..cddc0c9 100644
> --- a/drivers/hv/hyperv_vmbus.h
> +++ b/drivers/hv/hyperv_vmbus.h
> @@ -647,6 +647,7 @@ struct vmbus_connection {
>
>  	atomic_t next_gpadl_handle;
>
> +	struct completion  unload_event;
>  	/*
>  	 * Represents channel interrupts. Each bit position represents a
>  	 * channel.  When a channel sends an interrupt via VMBUS, it finds its
> @@ -741,6 +742,7 @@ void hv_vss_onchannelcallback(void *);
>  int hv_fcopy_init(struct hv_util_service *);
>  void hv_fcopy_deinit(void);
>  void hv_fcopy_onchannelcallback(void *);
> +void vmbus_initiate_unload(void);
>
>  static inline void hv_poll_channel(struct vmbus_channel *channel,
>  				   void (*cb)(void *))
> diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h
> index e29ccdd..ea93486 100644
> --- a/include/linux/hyperv.h
> +++ b/include/linux/hyperv.h
> @@ -389,6 +389,7 @@ enum vmbus_channel_message_type {
>  	CHANNELMSG_INITIATE_CONTACT		= 14,
>  	CHANNELMSG_VERSION_RESPONSE		= 15,
>  	CHANNELMSG_UNLOAD			= 16,
> +	CHANNELMSG_UNLOAD_RESPONSE		= 17,
>  	CHANNELMSG_COUNT
>  };

-- 
  Vitaly
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ