From patchwork Fri Apr 24 05:27:45 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Zhao X-Patchwork-Id: 47532 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f199.google.com (mail-wi0-f199.google.com [209.85.212.199]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 28E2B20553 for ; Fri, 24 Apr 2015 05:34:05 +0000 (UTC) Received: by wixv7 with SMTP id v7sf1585033wix.0 for ; Thu, 23 Apr 2015 22:34:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe; bh=BDVjtN+U86n1ouQxiixbW8bynsGd4/H0pnc7J2gAeCI=; b=fcWNfPN9natcON+3nhswUJfhPI9vSjhK6L81niGG5wshAZG4l9Gswux/HNZCRECz47 T8OrWgYQTy7E2iJJLIlK/K+J9qZVWRyh4bsmcpB/53zndgod/uyocNJmaAp9mNrujtM5 cZgDZLg0o3dzPpSAorL/0nRgRY7wR1s/QWaYAHm2osL2wgQTqFL1R1eh8theJUrIwWJc wGYCdcrjOJLAcP+C3iJvmZq8fyb4crt6gaxqYUf8TG90VeGzyUSeuyykS7e+lIVBysGc qVEgcwTsumlbKjmJSaDGrH9Ht7kcFLg8mdO+SXPMrImtogO7BjPwq083RdELkfThg7em R1Ng== X-Gm-Message-State: ALoCoQmWolttxhqjo4CohUekDU4K9Rsx5E6DRigbAbBzwlt4UNmDqucLa7sqGB/pRSogsaaP3ylT X-Received: by 10.112.29.39 with SMTP id g7mr3197551lbh.1.1429853644482; Thu, 23 Apr 2015 22:34:04 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.204.69 with SMTP id kw5ls417981lac.86.gmail; Thu, 23 Apr 2015 22:34:04 -0700 (PDT) X-Received: by 10.112.210.2 with SMTP id mq2mr5410472lbc.17.1429853644339; Thu, 23 Apr 2015 22:34:04 -0700 (PDT) Received: from mail-la0-f45.google.com (mail-la0-f45.google.com. [209.85.215.45]) by mx.google.com with ESMTPS id yq7si7462820lab.133.2015.04.23.22.34.04 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Apr 2015 22:34:04 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.45 as permitted sender) client-ip=209.85.215.45; Received: by lagv1 with SMTP id v1so27554527lag.3 for ; Thu, 23 Apr 2015 22:34:04 -0700 (PDT) X-Received: by 10.112.219.70 with SMTP id pm6mr5351262lbc.41.1429853644247; Thu, 23 Apr 2015 22:34:04 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.67.65 with SMTP id l1csp978651lbt; Thu, 23 Apr 2015 22:34:03 -0700 (PDT) X-Received: by 10.66.193.228 with SMTP id hr4mr11849097pac.48.1429853642515; Thu, 23 Apr 2015 22:34:02 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bd10si15800741pdb.178.2015.04.23.22.34.01; Thu, 23 Apr 2015 22:34:02 -0700 (PDT) Received-SPF: none (google.com: stable-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754565AbbDXFeB (ORCPT + 2 others); Fri, 24 Apr 2015 01:34:01 -0400 Received: from mail-ob0-f175.google.com ([209.85.214.175]:35784 "EHLO mail-ob0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754559AbbDXFeA (ORCPT ); Fri, 24 Apr 2015 01:34:00 -0400 Received: by obcux3 with SMTP id ux3so30221129obc.2 for ; Thu, 23 Apr 2015 22:34:00 -0700 (PDT) X-Received: by 10.60.78.72 with SMTP id z8mr5691553oew.13.1429853640449; Thu, 23 Apr 2015 22:34:00 -0700 (PDT) Received: from localhost ([167.160.116.36]) by mx.google.com with ESMTPSA id y19sm6091407oie.13.2015.04.23.22.33.58 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 23 Apr 2015 22:33:59 -0700 (PDT) From: shannon.zhao@linaro.org To: stable@vger.kernel.org Cc: jslaby@suse.cz, christoffer.dall@linaro.org, shannon.zhao@linaro.org, Marc Zyngier Subject: [PATCH for 3.12.y stable 47/63] KVM: ARM: vgic: plug irq injection race Date: Fri, 24 Apr 2015 13:27:45 +0800 Message-Id: <1429853281-6136-48-git-send-email-shannon.zhao@linaro.org> X-Mailer: git-send-email 1.9.5.msysgit.1 In-Reply-To: <1429853281-6136-1-git-send-email-shannon.zhao@linaro.org> References: <1429853281-6136-1-git-send-email-shannon.zhao@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: stable@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: shannon.zhao@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.45 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Marc Zyngier commit 71afaba4a2e98bb7bdeba5078370ab43d46e67a1 upstream. As it stands, nothing prevents userspace from injecting an interrupt before the guest's GIC is actually initialized. This goes unnoticed so far (as everything is pretty much statically allocated), but ends up exploding in a spectacular way once we switch to a more dynamic allocation (the GIC data structure isn't there yet). The fix is to test for the "ready" flag in the VGIC distributor before trying to inject the interrupt. Note that in order to avoid breaking userspace, we have to ignore what is essentially an error. Signed-off-by: Marc Zyngier Acked-by: Christoffer Dall Signed-off-by: Shannon Zhao --- virt/kvm/arm/vgic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c index 91b5a9f..865a891 100644 --- a/virt/kvm/arm/vgic.c +++ b/virt/kvm/arm/vgic.c @@ -1226,7 +1226,8 @@ out: int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num, bool level) { - if (vgic_update_irq_state(kvm, cpuid, irq_num, level)) + if (likely(vgic_initialized(kvm)) && + vgic_update_irq_state(kvm, cpuid, irq_num, level)) vgic_kick_vcpus(kvm); return 0;