Re: [syzbot] kernel BUG in vhost_get_vq_desc

From: Michael S. Tsirkin
Date: Mon Feb 21 2022 - 06:13:59 EST

Next message: Christophe Leroy: "Re: [PATCH v6 09/13] module: Move kallsyms support into a separate file"
Previous message: Geert Uytterhoeven: "Re: Build regressions/improvements in v5.17-rc5"
In reply to: Michael S. Tsirkin: "Re: [syzbot] kernel BUG in vhost_get_vq_desc"
Next in thread: syzbot: "Re: [syzbot] kernel BUG in vhost_get_vq_desc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 21, 2022 at 06:15:38PM +0800, Hillf Danton wrote:
> On Mon, 21 Feb 2022 04:17:02 -0500 Michael S. Tsirkin wrote:
> > On Mon, Feb 21, 2022 at 04:52:27PM +0800, Hillf Danton wrote:
> > > Another round of attempts to quiesce the
> > > WARNING: CPU: 1 PID: 4069 at drivers/vhost/vhost.c:715 after the
> > > BUG at drivers/vhost/vhost.c:2337 went home.
> >
> > Could you pls clarify what do you mean by "went home" here?
>
> The reproducer failed to trigger it.
>
> Hillf

You mean this patch?

@@ -2207,7 +2209,10 @@ int vhost_get_vq_desc(struct vhost_virtq
__virtio16 avail_idx;
__virtio16 ring_head;
int ret, access;
+ bool was_set = !!(vq->used_flags & VRING_USED_F_NO_NOTIFY);

+ if (!was_set)
+ return -EINVAL;
/* Check it isn't doing very strange things with descriptor numbers. */
last_avail_idx = vq->last_avail_idx;

However, I do not understand how do we enter vhost_get_vq_desc
with vq->used_flags & VRING_USED_F_NO_NOTIFY being clear.
Do you?

Next message: Christophe Leroy: "Re: [PATCH v6 09/13] module: Move kallsyms support into a separate file"
Previous message: Geert Uytterhoeven: "Re: Build regressions/improvements in v5.17-rc5"
In reply to: Michael S. Tsirkin: "Re: [syzbot] kernel BUG in vhost_get_vq_desc"
Next in thread: syzbot: "Re: [syzbot] kernel BUG in vhost_get_vq_desc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]