| Message ID | 1401892553-20150-2-git-send-email-stefano.stabellini@eu.citrix.com |
|---|---|
| State | New |
| Headers | show |
Hi Stefano, You removed the bits to make ITARGET read-only. Why? With this patch series, Xen doesn't validate ITARGET and a malicious guest could crash Xen... On 06/04/2014 03:35 PM, Stefano Stabellini wrote: > Export vgic_get_target_vcpu. > Use vgic_get_target_vcpu to retrieve the target vcpu from do_IRQ. > Route guest irqs to vcpu0 initially. > Remove in-code comments about missing implementation of SGI delivery to > vcpus other than 0. > > Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > --- > xen/arch/arm/gic.c | 3 +-- > xen/arch/arm/irq.c | 7 +++---- > xen/arch/arm/vgic.c | 2 +- > xen/include/asm-arm/gic.h | 2 ++ > 4 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c > index 08ae23b..125ff36 100644 > --- a/xen/arch/arm/gic.c > +++ b/xen/arch/arm/gic.c > @@ -287,8 +287,7 @@ void gic_route_irq_to_guest(struct domain *d, struct irq_desc *desc, > gic_set_irq_properties(desc->irq, level, cpumask_of(smp_processor_id()), > GIC_PRI_IRQ); > > - /* TODO: do not assume delivery to vcpu0 */ > - p = irq_to_pending(d->vcpu[0], desc->irq); > + p = irq_to_pending(d->vcpu[cpumask_first(cpu_mask)], desc->irq); Hrmmm... you misused the mask here. cpumask contains a list a physical CPU not Virtual CPU... [..] > @@ -342,8 +341,8 @@ int route_dt_irq_to_guest(struct domain *d, const struct dt_irq *irq, > goto out; > > level = dt_irq_is_level_triggered(irq); > - gic_route_irq_to_guest(d, desc, level, cpumask_of(smp_processor_id()), > - GIC_PRI_IRQ); > + /* route to vcpu0 initially */ > + gic_route_irq_to_guest(d, desc, level, cpumask_of(0), GIC_PRI_IRQ); That makes the comment here wrong. Regards,
diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c index 08ae23b..125ff36 100644 --- a/xen/arch/arm/gic.c +++ b/xen/arch/arm/gic.c @@ -287,8 +287,7 @@ void gic_route_irq_to_guest(struct domain *d, struct irq_desc *desc, gic_set_irq_properties(desc->irq, level, cpumask_of(smp_processor_id()), GIC_PRI_IRQ); - /* TODO: do not assume delivery to vcpu0 */ - p = irq_to_pending(d->vcpu[0], desc->irq); + p = irq_to_pending(d->vcpu[cpumask_first(cpu_mask)], desc->irq); p->desc = desc; } diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c index a33c797..f886155 100644 --- a/xen/arch/arm/irq.c +++ b/xen/arch/arm/irq.c @@ -175,8 +175,7 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq) desc->status |= IRQ_INPROGRESS; desc->arch.eoi_cpu = smp_processor_id(); - /* XXX: inject irq into all guest vcpus */ - vgic_vcpu_inject_irq(d->vcpu[0], irq); + vgic_vcpu_inject_irq(vgic_get_target_vcpu(d->vcpu[0], irq), irq); goto out_no_end; } @@ -342,8 +341,8 @@ int route_dt_irq_to_guest(struct domain *d, const struct dt_irq *irq, goto out; level = dt_irq_is_level_triggered(irq); - gic_route_irq_to_guest(d, desc, level, cpumask_of(smp_processor_id()), - GIC_PRI_IRQ); + /* route to vcpu0 initially */ + gic_route_irq_to_guest(d, desc, level, cpumask_of(0), GIC_PRI_IRQ); spin_unlock_irqrestore(&desc->lock, flags); return 0; diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c index 7614c2f..6a9c7f0 100644 --- a/xen/arch/arm/vgic.c +++ b/xen/arch/arm/vgic.c @@ -377,7 +377,7 @@ read_as_zero: return 1; } -static struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int irq) +struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int irq) { int target; struct vgic_irq_rank *rank; diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h index bf6fb1e..bd40628 100644 --- a/xen/include/asm-arm/gic.h +++ b/xen/include/asm-arm/gic.h @@ -227,6 +227,8 @@ int gic_irq_xlate(const u32 *intspec, unsigned int intsize, unsigned int *out_hwirq, unsigned int *out_type); void gic_clear_lrs(struct vcpu *v); +struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int irq); + #endif /* __ASSEMBLY__ */ #endif
Export vgic_get_target_vcpu. Use vgic_get_target_vcpu to retrieve the target vcpu from do_IRQ. Route guest irqs to vcpu0 initially. Remove in-code comments about missing implementation of SGI delivery to vcpus other than 0. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> --- xen/arch/arm/gic.c | 3 +-- xen/arch/arm/irq.c | 7 +++---- xen/arch/arm/vgic.c | 2 +- xen/include/asm-arm/gic.h | 2 ++ 4 files changed, 7 insertions(+), 7 deletions(-)