From patchwork Thu Mar 20 16:47:15 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 26740 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-ob0-f200.google.com (mail-ob0-f200.google.com [209.85.214.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 2D92820534 for ; Thu, 20 Mar 2014 16:48:12 +0000 (UTC) Received: by mail-ob0-f200.google.com with SMTP id gq1sf4319807obb.7 for ; Thu, 20 Mar 2014 09:48:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id:cc :precedence:list-id:list-unsubscribe:list-archive:list-post :list-help:list-subscribe:mime-version:sender:errors-to :x-original-sender:x-original-authentication-results:mailing-list :content-type:content-transfer-encoding; bh=WToaDwFIwG/TIrIDXWs1/o5LqdvR2vI3d9oGjhvaM6M=; b=UVbI9sqULICzrvLfCS7hYmxamqTjFzbmi9Syx9hI34n8+FfliVuvSIsMWmpjoMtY2J WIX/mx+oF+XXypJ7HqPZJWd3grJYRom7Khwv+RQ9mU/K6sM+rGZ6o8dSpnzP8OPS6pEG Rf+bePPYAfe/mmJULdGMTxA1eGpotrCO9VWt1X4RtJHABGzuV/WOhz8qnRxNYUl1ARTz UlQz+m/zCkqhNIEicP7Ke/kqFVEmCb3WH6SXf65BhBxn4WLhQXIADQWRKK3p1IMgdRKB sQ7DbhcNRr4p9wXsKOIe8tGFkJ2s0p4TAAkn3dLhtUuyyO6ublX7dDC2RKf5G4IYUsG8 3yBg== X-Gm-Message-State: ALoCoQlE+YmljdSb7NBFbZttmyCBurcpMgLZ3OBBSpldNQUT3QvDp6WfSbgNJDOSrR4iYLjCaUF0 X-Received: by 10.50.33.101 with SMTP id q5mr1687203igi.3.1395334091658; Thu, 20 Mar 2014 09:48:11 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.90.80 with SMTP id w74ls307174qgd.95.gmail; Thu, 20 Mar 2014 09:48:11 -0700 (PDT) X-Received: by 10.58.200.168 with SMTP id jt8mr5183065vec.30.1395334091526; Thu, 20 Mar 2014 09:48:11 -0700 (PDT) Received: from mail-vc0-f170.google.com (mail-vc0-f170.google.com [209.85.220.170]) by mx.google.com with ESMTPS id w5si536425vcn.134.2014.03.20.09.48.11 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 20 Mar 2014 09:48:11 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.220.170 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.220.170; Received: by mail-vc0-f170.google.com with SMTP id hu19so1278960vcb.15 for ; Thu, 20 Mar 2014 09:48:11 -0700 (PDT) X-Received: by 10.58.84.230 with SMTP id c6mr643837vez.65.1395334091406; Thu, 20 Mar 2014 09:48:11 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.78.9 with SMTP id i9csp403220vck; Thu, 20 Mar 2014 09:48:10 -0700 (PDT) X-Received: by 10.180.205.130 with SMTP id lg2mr3997415wic.59.1395334089561; Thu, 20 Mar 2014 09:48:09 -0700 (PDT) Received: from casper.infradead.org (casper.infradead.org. [2001:770:15f::2]) by mx.google.com with ESMTPS id v2si15067110wix.2.2014.03.20.09.48.08 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Mar 2014 09:48:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:770:15f::2 as permitted sender) client-ip=2001:770:15f::2; Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WQg8K-0007tN-1X; Thu, 20 Mar 2014 16:47:56 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WQg8H-0007zV-Ly; Thu, 20 Mar 2014 16:47:53 +0000 Received: from fw-tnat.austin.arm.com ([217.140.110.23] helo=collaborate-mta1.arm.com) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WQg8E-0007yO-He for linux-arm-kernel@lists.infradead.org; Thu, 20 Mar 2014 16:47:51 +0000 Received: from e102391-lin.cambridge.arm.com (e102391-lin.cambridge.arm.com [10.1.209.166]) by collaborate-mta1.arm.com (Postfix) with ESMTP id 38BB713F6EA; Thu, 20 Mar 2014 11:47:16 -0500 (CDT) From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu Subject: [PATCH v2] KVM: ARM: vgic: plug irq injection race Date: Thu, 20 Mar 2014 16:47:15 +0000 Message-Id: <1395334035-15454-1-git-send-email-marc.zyngier@arm.com> X-Mailer: git-send-email 1.8.3.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20140320_124750_647718_F6A4212F X-CRM114-Status: GOOD ( 10.34 ) X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Cc: Christoffer Dall X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: marc.zyngier@arm.com X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.220.170 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 As it stands, nothing prevents userspace from injecting an interrupt before the guest's GIC is actually initialized. This goes unnoticed so far (as everything is pretty much statically allocated), but ends up exploding in a spectacular way once we switch to a more dynamic allocation (the GIC data structure isn't there yet). The fix is to test for the "ready" flag in the VGIC distributor before trying to inject the interrupt. Note that in order to avoid breaking userspace, we have to ignore what is essentially an error. Also, move the setting of the flag out of the critical section, which will ensure the visibility of the initialized data-structure before the flag is actually set. Signed-off-by: Marc Zyngier Acked-by: Christoffer Dall --- virt/kvm/arm/vgic.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c index f29761b..4850e87 100644 --- a/virt/kvm/arm/vgic.c +++ b/virt/kvm/arm/vgic.c @@ -1431,7 +1431,8 @@ out: int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num, bool level) { - if (vgic_update_irq_state(kvm, cpuid, irq_num, level)) + if (likely(vgic_initialized(kvm)) && + vgic_update_irq_state(kvm, cpuid, irq_num, level)) vgic_kick_vcpus(kvm); return 0; @@ -1581,9 +1582,10 @@ int kvm_vgic_init(struct kvm *kvm) for (i = VGIC_NR_PRIVATE_IRQS; i < VGIC_NR_IRQS; i += 4) vgic_set_target_reg(kvm, 0, i); - kvm->arch.vgic.ready = true; out: mutex_unlock(&kvm->lock); + if (!ret) + kvm->arch.vgic.ready = true; return ret; }