From patchwork Mon May 11 11:16:31 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sasha Levin <sasha.levin@oracle.com>
X-Patchwork-Id: 48255
Return-Path: <patchwork-forward+bncBDPILVOKSELBBU5AYKVAKGQETT5WHNY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f71.google.com (mail-la0-f71.google.com
 [209.85.215.71])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 51BF821550
 for <linaro@patches.linaro.org>; Mon, 11 May 2015 11:19:48 +0000 (UTC)
Received: by labgx2 with SMTP id gx2sf40899267lab.1
 for <linaro@patches.linaro.org>; Mon, 11 May 2015 04:19:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=LUTXbhYfhHKUzccd7qLpIUT3iwwoa0/6kTrQEllJ4p4=;
 b=hxXb3RbFtHZDEDL6n8M1sySSGk8A32x3GWx8fY31oxFFWFi2i1UV1ZVwnQNW3kKFAt
 VU6mN8b/D82QTrZzlkpY63fcVLaoVS+LZGZkaPAidG+7QKEkMa0RB7lv8ew6rY7otsCr
 5Wx9hpDeYAZ4sUU2wmlSwlCa//ew4VvX8Pby2V3RiMg2fLqOTPnK9JJzuu2EPXP4aN3S
 D/hiiRjmohUVT9OjQbwvdCad/WSWeLFM312upg5eH3/9yZRV5nsSOIkgvmcUMEGzOiKs
 0EE4ECrOYMC8zwzh/L9M/0Gs+YigS/0q0fBdfVXMWcbDdlvN8iLZOvrv/MfnSXk6zrkA
 qb2w==
X-Gm-Message-State: ALoCoQlP6xhtN3aE2KJcRIAgI7krrDRWNjR2y+K1aGtcltfRrwz8j2DDfli0t0p7aMxF//YpSBwc
X-Received: by 10.180.96.6 with SMTP id do6mr7679933wib.4.1431343187269;
 Mon, 11 May 2015 04:19:47 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.19.231 with SMTP id i7ls571421lae.85.gmail; Mon, 11 May
 2015 04:19:47 -0700 (PDT)
X-Received: by 10.152.37.65 with SMTP id w1mr7576431laj.111.1431343187143;
 Mon, 11 May 2015 04:19:47 -0700 (PDT)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com.
 [209.85.215.49]) by mx.google.com with ESMTPS id
 a9si8162276laf.173.2015.05.11.04.19.47
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 11 May 2015 04:19:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.49 as permitted sender) client-ip=209.85.215.49; 
Received: by layy10 with SMTP id y10so90717027lay.0
 for <patchwork-forward@linaro.org>;
 Mon, 11 May 2015 04:19:47 -0700 (PDT)
X-Received: by 10.112.150.100 with SMTP id uh4mr7556248lbb.112.1431343187041; 
 Mon, 11 May 2015 04:19:47 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.108.230 with SMTP id hn6csp1444611lbb;
 Mon, 11 May 2015 04:19:45 -0700 (PDT)
X-Received: by 10.70.129.133 with SMTP id nw5mr17989655pdb.155.1431343184293; 
 Mon, 11 May 2015 04:19:44 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 z11si17550607pas.160.2015.05.11.04.19.43; 
 Mon, 11 May 2015 04:19:44 -0700 (PDT)
Received-SPF: none (google.com: stable-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1753987AbbEKLTl (ORCPT <rfc822;shannon.zhao@linaro.org>
 + 2 others); Mon, 11 May 2015 07:19:41 -0400
Received: from userp1040.oracle.com ([156.151.31.81]:35655 "EHLO
 userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1753536AbbEKLTh (ORCPT
 <rfc822;stable@vger.kernel.org>); Mon, 11 May 2015 07:19:37 -0400
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
 by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with
 ESMTP id t4BBJZX6010343
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Mon, 11 May 2015 11:19:35 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
 by userv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t4BBJZYT008661
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); 
 Mon, 11 May 2015 11:19:35 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15])
 by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id
 t4BBJZKb004543; Mon, 11 May 2015 11:19:35 GMT
Received: from lappy.hsd1.nh.comcast.net (/10.159.243.153)
 by default (Oracle Beehive Gateway v4.0)
 with ESMTP ; Mon, 11 May 2015 04:19:34 -0700
From: Sasha Levin <sasha.levin@oracle.com>
To: stable@vger.kernel.org, stable-commits@vger.kernel.org
Cc: Christoffer Dall <christoffer.dall@linaro.org>,
 Shannon Zhao <shannon.zhao@linaro.org>,
 Sasha Levin <sasha.levin@oracle.com>
Subject: [added to the 3.18 stable tree] arm/arm64: KVM: Don't allow
 creating VCPUs after vgic_initialized
Date: Mon, 11 May 2015 07:16:31 -0400
Message-Id: <1431343152-19437-10-git-send-email-sasha.levin@oracle.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: <1431343152-19437-1-git-send-email-sasha.levin@oracle.com>
References: <1431343152-19437-1-git-send-email-sasha.levin@oracle.com>
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Sender: stable-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: stable@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: patch@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.49 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

From: Christoffer Dall <christoffer.dall@linaro.org>

commit 716139df2517fbc3f2306dbe8eba0fa88dca0189 upstream.

When the vgic initializes its internal state it does so based on the
number of VCPUs available at the time.  If we allow KVM to create more
VCPUs after the VGIC has been initialized, we are likely to error out in
unfortunate ways later, perform buffer overflows etc.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
 arch/arm/kvm/arm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 448314b..546a12e 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -213,6 +213,11 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
 	int err;
 	struct kvm_vcpu *vcpu;
 
+	if (irqchip_in_kernel(kvm) && vgic_initialized(kvm)) {
+		err = -EBUSY;
+		goto out;
+	}
+
 	vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
 	if (!vcpu) {
 		err = -ENOMEM;