On 07/03/2018 13:49, Cornelia Huck wrote:
> On Tue, 6 Mar 2018 14:19:15 +0100
> Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>> address_space_access_valid is calling address_space_to_flatview but it can
>> be called outside the RCU lock. To fix it, push the rcu_read_lock/unlock
>> pair up from flatview_access_valid to address_space_access_valid.
>>
>> Reviewed-by: Alexey Kardashevskiy <a...@ozlabs.ru>
>> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>> ---
>> exec.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> This one kills my s390x guests when running under tcg:
>
> qemu-system-s390x: /home/cohuck/git/qemu/include/qemu/rcu.h:89: void
> rcu_read_unlock(void): Assertion `p_rcu_reader->depth != 0' failed.
>
> Easy to reproduce with the moon buggy image from the QEMU Advent
> Calendar:
>
> s390x-softmmu/qemu-system-s390x -M s390-ccw-virtio -nographic -smp 2 -kernel
> ~/Downloads/s390-moon-buggy/s390-bb.kernel -initrd
> ~/Downloads/s390-moon-buggy/s390-moon-buggy.initrd
This is the fix for all of these:
diff --git a/exec.c b/exec.c
index 604f03c535..a9181e6417 100644
--- a/exec.c
+++ b/exec.c
@@ -3393,7 +3393,6 @@ static bool flatview_access_valid(FlatView *fv,
hwaddr addr, int len,
if (!memory_access_is_direct(mr, is_write)) {
l = memory_access_size(mr, l, addr);
if (!memory_region_access_valid(mr, xlat, l, is_write)) {
- rcu_read_unlock();
return false;
}
}
Paolo
