Hello. Vadim Korschok wrote: > PAX: kvm:6209, uid/euid: 0/0, attempted to modify kernel code > BUG: unable to handle kernel paging request at ffffffff8059b040 > IP: [<ffffffffa00394d3>] intel_iommu_found+0x4d3/0x4075 [kvm_intel] I see. That function is not TOMOYO related. > Call Trace: > [<ffffffffa0016b9b>] ? kvm_arch_vcpu_put+0xe/0x218 [kvm] > [<ffffffffa001313d>] ? vcpu_put+0x9/0x9d [kvm] > [<ffffffffa00196d1>] ? kvm_arch_vcpu_ioctl_run+0x5df/0x5ea [kvm] > [<ffffffffa001474b>] ? kvm_resched+0x1c5/0x1048 [kvm] > [<ffffffff8034a8f1>] ? ccs_capable+0xe1/0x1a6 > [<ffffffff8028a2a6>] ? vfs_ioctl+0x46/0x8f > [<ffffffff8028a518>] ? do_vfs_ioctl+0x229/0x235 > [<ffffffff8028a575>] ? sys_ioctl+0x51/0x74 > [<ffffffff8020250b>] ? system_call_fastpath+0x16/0x1b But ccs_capable() in vfs_ioctl() may be triggering this problem. Will you backup /etc/ccs/profile.conf and /etc/ccs/domain_policy.conf in kvm environment and overwrite as shown below and reboot the kvm? # echo '0-COMMENT=dummy' > /etc/ccs/profile.conf # : > /etc/ccs/domain_policy.conf These configuration files will disable TOMOYO Linux. If above configuration files solve this problem, please also try below steps. ccs_capable() may sleep. I think it is safe to call function which may sleep inside vfs_ioctl(), for "f_op->poll is the only vfs operation which is not allowed to sleep". Please restore /etc/ccs/profile.conf and /etc/ccs/domain_policy.conf and apply below patch with "patch -p1 -R" and recompile and reboot. --- linux-2.6.27.10.orig/fs/ioctl.c +++ linux-2.6.27.10/fs/ioctl.c @@ -35,6 +38,10 @@ static long vfs_ioctl(struct file *filp, if (!filp->f_op) goto out; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(TOMOYO_SYS_IOCTL)) + return -EPERM; + /***** TOMOYO Linux end. *****/ if (filp->f_op->unlocked_ioctl) { error = filp->f_op->unlocked_ioctl(filp, cmd, arg); If ccs_capable() in vfs_ioctl() is the bug, this patch will solve the bug. Regards.