Bug 1627 - SIOV - Host panic due to invalid guest page request via mdev passthrough in DWQ mode
Summary: SIOV - Host panic due to invalid guest page request via mdev passthrough in D...
Status: CONFIRMED
Alias: None
Product: ANCK 5.10 Dev
Classification: ANCK
Component: virt (show other bugs) virt
Version: unspecified
Hardware: All Linux
: P3-Medium S2-major
Target Milestone: ---
Assignee: Guanjun
QA Contact: shuming
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-06 09:52 UTC by AubreyLi
Modified: 2022-07-13 20:50 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description AubreyLi intel_group 2022-07-06 09:52:37 UTC 
on Anolis OS with SIOV supported,
- start a VM with DSA mdev passthrough in DWQ mode
- send an invalid page request from Guest

This will change the host DSA device into halt state

[  517.758690] Unexpected page request in Privilege Mode
[  517.758693] Unexpected page request in Privilege Mode
[  517.758697] Unexpected page request in Privilege Mode
[  517.758814] idxd 0000:6a:01.0: idxd halted, need FLR.

Any other DSA ops will timeout after that.
And reboot the guest trigger a host panic.

[  574.479486] BUG: kernel NULL pointer dereference, address: 00000000000003d0
[  574.493099] #PF: supervisor read access in kernel mode
[  574.498926] #PF: error_code(0x0000) - not-present page
[  574.504784] PGD 0
[  574.507154] Oops: 0000 [#1] SMP NOPTI
[  574.511358] CPU: 82 PID: 5179 Comm: qemu-system-x86 Not tainted 5.10.112-ioasid #1
[  574.519921] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.SYS.0077.D01.2203211346 03/21/2022
[  574.531809] RIP: 0010:vidxd_mmio_init+0xc4/0x1e0 [idxd_mdev]
[  574.538245] Code: 0f 84 27 01 00 00 83 c8 02 88 85 6e 22 00 00 8b 85 78 22 00 00 25 00 00 fc ff 83 c8 01 89 85 78 22 00 00 48 8b 86 a0 04 00 00 <8b> 80 d0 03 00 00 88 85 80 22 00 00 48 8b 82 98 03 00 00 8b 40 08
[  574.559312] RSP: 0018:ff68b7d90f3ffde0 EFLAGS: 00010202
[  574.565277] RAX: 0000000000000000 RBX: ff4ec05ebb7f0000 RCX: 0000000000000000
[  574.573337] RDX: ff4ec05e1303e000 RSI: ff4ec05e1303f000 RDI: ff4ec05ebb7f4248
[  574.581416] RBP: ff4ec05ebb7f0000 R08: 0000000000000000 R09: ff4ec05ebb7f2248
[  574.589495] R10: ff4ec05e75241600 R11: 0000000000000001 R12: ff4ec05e1303e000
[  574.597575] R13: ff4ec05edfcbfa28 R14: ff4ec06d8704c520 R15: ff4ec05e9cc80f90
[  574.605658] FS:  0000000000000000(0000) GS:ff4ec07d2ea80000(0000) knlGS:0000000000000000
[  574.614777] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  574.621290] CR2: 00000000000003d0 CR3: 00000015ac00c004 CR4: 0000000000773ee0
[  574.629360] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  574.637418] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[  574.645482] PKRU: 55555554
[  574.648601] Call Trace:
[  574.651462]  idxd_vdcm_init+0x11a/0x1a0 [idxd_mdev]
[  574.657028]  idxd_vdcm_close+0x131/0x150 [idxd_mdev]
[  574.662686]  vfio_device_fops_release+0x4a/0x80
[  574.667877]  __fput+0x8e/0x240
[  574.671407]  task_work_run+0x5f/0x90
[  574.675521]  do_exit+0x364/0xb70
[  574.679246]  do_group_exit+0x3d/0xa0
[  574.683356]  __x64_sys_exit_group+0x14/0x20
[  574.688157]  do_syscall_64+0x33/0x40
[  574.692259]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  574.698033] RIP: 0033:0x7f1c5b3b1ed1
[  574.702123] Code: Unable to access opcode bytes at RIP 0x7f1c5b3b1ea7.
[  574.709517] RSP: 002b:00007ffd43019ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  574.718078] RAX: ffffffffffffffda RBX: 00007f1c5b4de6d0 RCX: 00007f1c5b3b1ed1
[  574.726147] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[  574.734228] RBP: 0000000000000000 R08: fffffffffffffba8 R09: 0000000000000001
[  574.742305] R10: 0000000000000010 R11: 0000000000000246 R12: 00007f1c5b4de6d0
[  574.750385] R13: 0000000000000000 R14: 00007f1c5b4deba8 R15: 00007f1c5b4debc0