You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem comes from the new KVM_DEBUG_FS feature, which was absent of the latest stable kernel for nitro (v4.5.x)
This is the debugfs_remove_recursive function:
647voiddebugfs_remove_recursive(structdentry*dentry)
648 {
649structdentry*child, *parent;
650651if (IS_ERR_OR_NULL(dentry))
652return;
653654parent=dentry;
655 down:
656inode_lock(d_inode(parent));
657 loop:
658/*659 * The parent->d_subdirs is protected by the d_lock. Outside that660 * lock, the child can be unlinked and set to be freed which can661 * use the d_u.d_child as the rcu head and corrupt this list.662 */663spin_lock(&parent->d_lock);
664list_for_each_entry(child, &parent->d_subdirs, d_child) {
665if (!simple_positive(child))
666continue;
667668/* perhaps simple_empty(child) makes more sense */669if (!list_empty(&child->d_subdirs)) {
670spin_unlock(&parent->d_lock);
671inode_unlock(d_inode(parent));
672parent=child;
673 goto down;
674 }
675676spin_unlock(&parent->d_lock);
677678if (!__debugfs_remove(child, parent))
679simple_release_fs(&debugfs_mount, &debugfs_mount_count);
680681/*682 * The parent->d_lock protects agaist child from unlinking683 * from d_subdirs. When releasing the parent->d_lock we can684 * no longer trust that the next pointer is valid.685 * Restart the loop. We'll skip this one with the686 * simple_positive() check.687 */688 goto loop;
689 }
690spin_unlock(&parent->d_lock);
691692inode_unlock(d_inode(parent));
693child=parent;
694parent=parent->d_parent;
695inode_lock(d_inode(parent));
696697if (child!=dentry)
698/* go up */699 goto loop;
700701if (!__debugfs_remove(child, parent))
702simple_release_fs(&debugfs_mount, &debugfs_mount_count);
703inode_unlock(d_inode(parent));
704705synchronize_srcu(&debugfs_srcu);
706 }
707EXPORT_SYMBOL_GPL(debugfs_remove_recursive);
And apparently, during a call to inode_lock, it makes a call to down_write with a bad pointer
So i found a solution by disabling every call to debugfs in kvm/virt/kvm_main.c
For an unknown reason, the config option CONFIG_KVM_DEBUG_FS is available in the kernel, but never used anywhere in the code.
the call to debugfs_* function in the kvm code are mandatory.
Currently, the branch
linux-vmi
is based on the latest stable linux kernelv4.9
.However running nitro on this kernel causes the kernel to crash because of a
kernel NULL pointer dereference
, triggered at the end of the execution.The stack trace shown in
dmesg
is the following:The problem comes from the new
KVM_DEBUG_FS
feature, which was absent of the latest stable kernel for nitro (v4.5.x
)This is the
debugfs_remove_recursive
function:And apparently, during a call to
inode_lock
, it makes a call todown_write
with a bad pointerOf course, this problem appears only at the end of a nitro run, be it when
main.py
ortest_nitro.py
calls theirat_exit
cleanup.One thing that troubles me is that i check my kernel configuration, and the symbol
KVM_DEBUG_FS
was not enabledN
...Any ideas ?
The text was updated successfully, but these errors were encountered: