From patchwork Tue Jun 2 14:48:07 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Zhao X-Patchwork-Id: 49387 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f70.google.com (mail-la0-f70.google.com [209.85.215.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B570E20BD1 for ; Tue, 2 Jun 2015 14:50:17 +0000 (UTC) Received: by laboh3 with SMTP id oh3sf38621972lab.0 for ; Tue, 02 Jun 2015 07:50:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe; bh=xb85F2TJo2WGAFwImPluWdpnjO4Pk4O56f8yq5538xU=; b=F8k7u9QyFM2vfXjOgb1qgcV4bIpEzN0mzxgt52WwNdd8k1W7EWcW6TBQNpCfuvO3B/ T7zoW4Orw5Z1yq0PV+xe7ygegDQp5Tx9/rtb0WPB5iQodNwolBwntsbU14OwOIi2heIp Ra30fHhdE7ebtYfRazg45cZ0l61lbVQKp1y8/6sSxQOX8Jx3fNzCEPYe4b1YfH8ugrGS VtOCHms8ZkkDB+Z6EOuj2b025xkWzSgVwiCurQDq7ZhIGUIm7TylWusWnTzDdJQdlGAD mHkSUF+cv1UVGhyoqJU+l9UP9e81AKMsI2gf2Y+s62PGDMLXeDe0T5lI7zQnkLk1z3YP 8mIA== X-Gm-Message-State: ALoCoQkVuF4E0sNjwnGd4ZTUJA6Fjm0RhIqOyisPMiwes5NtKJl67V3VICTcUe/T5wcCabtYPVrZ X-Received: by 10.112.42.236 with SMTP id r12mr26117883lbl.2.1433256616606; Tue, 02 Jun 2015 07:50:16 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.198.229 with SMTP id jf5ls733275lac.56.gmail; Tue, 02 Jun 2015 07:50:16 -0700 (PDT) X-Received: by 10.152.23.38 with SMTP id j6mr3862032laf.47.1433256616453; Tue, 02 Jun 2015 07:50:16 -0700 (PDT) Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com. [209.85.217.181]) by mx.google.com with ESMTPS id o2si15264051lao.112.2015.06.02.07.50.16 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2015 07:50:16 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) client-ip=209.85.217.181; Received: by lbcue7 with SMTP id ue7so106079059lbc.0 for ; Tue, 02 Jun 2015 07:50:16 -0700 (PDT) X-Received: by 10.112.150.167 with SMTP id uj7mr19048493lbb.112.1433256616211; Tue, 02 Jun 2015 07:50:16 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp3128900lbb; Tue, 2 Jun 2015 07:50:15 -0700 (PDT) X-Received: by 10.70.33.67 with SMTP id p3mr50547059pdi.126.1433256614237; Tue, 02 Jun 2015 07:50:14 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id hv8si26697315pdb.173.2015.06.02.07.50.12; Tue, 02 Jun 2015 07:50:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759128AbbFBOuL (ORCPT + 2 others); Tue, 2 Jun 2015 10:50:11 -0400 Received: from mail-oi0-f53.google.com ([209.85.218.53]:35449 "EHLO mail-oi0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759174AbbFBOuK (ORCPT ); Tue, 2 Jun 2015 10:50:10 -0400 Received: by oihd6 with SMTP id d6so127406443oih.2 for ; Tue, 02 Jun 2015 07:50:10 -0700 (PDT) X-Received: by 10.202.242.212 with SMTP id q203mr13845584oih.52.1433256609960; Tue, 02 Jun 2015 07:50:09 -0700 (PDT) Received: from localhost ([167.160.116.34]) by mx.google.com with ESMTPSA id h128sm9621837oic.0.2015.06.02.07.50.07 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 02 Jun 2015 07:50:08 -0700 (PDT) From: shannon.zhao@linaro.org To: stable@vger.kernel.org Cc: gregkh@linuxfoundation.org, christoffer.dall@linaro.org, shannon.zhao@linaro.org, Marc Zyngier Subject: [PATCH for 3.14.y stable 12/32] KVM: ARM: vgic: plug irq injection race Date: Tue, 2 Jun 2015 22:48:07 +0800 Message-Id: <1433256507-7856-13-git-send-email-shannon.zhao@linaro.org> X-Mailer: git-send-email 1.9.5.msysgit.1 In-Reply-To: <1433256507-7856-1-git-send-email-shannon.zhao@linaro.org> References: <1433256507-7856-1-git-send-email-shannon.zhao@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: stable@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: shannon.zhao@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Marc Zyngier commit 71afaba4a2e98bb7bdeba5078370ab43d46e67a1 upstream. As it stands, nothing prevents userspace from injecting an interrupt before the guest's GIC is actually initialized. This goes unnoticed so far (as everything is pretty much statically allocated), but ends up exploding in a spectacular way once we switch to a more dynamic allocation (the GIC data structure isn't there yet). The fix is to test for the "ready" flag in the VGIC distributor before trying to inject the interrupt. Note that in order to avoid breaking userspace, we have to ignore what is essentially an error. Signed-off-by: Marc Zyngier Acked-by: Christoffer Dall Signed-off-by: Shannon Zhao --- virt/kvm/arm/vgic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c index 1316e55..2187318 100644 --- a/virt/kvm/arm/vgic.c +++ b/virt/kvm/arm/vgic.c @@ -1387,7 +1387,8 @@ out: int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num, bool level) { - if (vgic_update_irq_state(kvm, cpuid, irq_num, level)) + if (likely(vgic_initialized(kvm)) && + vgic_update_irq_state(kvm, cpuid, irq_num, level)) vgic_kick_vcpus(kvm); return 0;