From patchwork Fri Feb 14 14:28:06 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marc Zyngier <marc.zyngier@arm.com>
X-Patchwork-Id: 24650
Return-Path: <patchwork-forward+bncBCPZR5X4TYBBBPWQ7CLQKGQEK2LI2JA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-ig0-f199.google.com (mail-ig0-f199.google.com
 [209.85.213.199])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id A592E2055D
 for <linaro@patches.linaro.org>; Fri, 14 Feb 2014 14:29:19 +0000 (UTC)
Received: by mail-ig0-f199.google.com with SMTP id c10sf2351793igq.2
 for <linaro@patches.linaro.org>; Fri, 14 Feb 2014 06:29:18 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id:cc
 :precedence:list-id:list-unsubscribe:list-archive:list-post
 :list-help:list-subscribe:mime-version:sender:errors-to
 :x-original-sender:x-original-authentication-results:mailing-list
 :content-type:content-transfer-encoding;
 bh=mDdOuk6tcy2oCJAtRTwebcSBFHivldfZRMdssNUSbUk=;
 b=jpcS+CdBuZH1uYfu5ui2rvzyHNcViWfwG4ty8DMs92uRSJt7IP7BYcy1rurthefxiF
 iP/vkF6J0vm41ib0BWVMQ9qZepIgmj9RexZlNrExHJ42z4wiGe7OLZ1/ldKq6vuWmq/8
 KKXuKjp1TUWBrq9IANZ7norfQMgTdSLrNb8C2LFKrU4mUzCVXIFCY1Fz4mUoXpqPUYdL
 iYjbLwrtsa2RcrnOHFHw/Iz56ohAt2kb59gl1hhTEshOTsbl8GuZ3c3HfVNwKfsp2csf
 sjf+2InuEf4FOHZ0QHb1sgvtPfksBw4YGTE7mVUAlDjROLlNC7mSNniCHeWQ7GVHHUAv
 9xEg==
X-Gm-Message-State: ALoCoQmF400s5n15wc93Edf7vgmMoXx82SoxHUOTQAxe30AhCQKuPN5kEmo+ceOwu0QQVgRBleXl
X-Received: by 10.42.123.139 with SMTP id s11mr2714688icr.15.1392388158890; 
 Fri, 14 Feb 2014 06:29:18 -0800 (PST)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.30.201 with SMTP id d67ls76048qgd.62.gmail; Fri, 14 Feb
 2014 06:29:18 -0800 (PST)
X-Received: by 10.52.61.168 with SMTP id q8mr1184905vdr.40.1392388158793;
 Fri, 14 Feb 2014 06:29:18 -0800 (PST)
Received: from mail-vc0-f169.google.com (mail-vc0-f169.google.com
 [209.85.220.169]) by mx.google.com with ESMTPS id
 x16si1961824vct.105.2014.02.14.06.29.18
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 14 Feb 2014 06:29:18 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.220.169 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.220.169; 
Received: by mail-vc0-f169.google.com with SMTP id hq11so9395602vcb.14
 for <patchwork-forward@linaro.org>;
 Fri, 14 Feb 2014 06:29:18 -0800 (PST)
X-Received: by 10.221.29.137 with SMTP id ry9mr5706067vcb.6.1392388158711;
 Fri, 14 Feb 2014 06:29:18 -0800 (PST)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.174.196 with SMTP id u4csp113432vcz;
 Fri, 14 Feb 2014 06:29:18 -0800 (PST)
X-Received: by 10.180.12.43 with SMTP id v11mr2454058wib.33.1392388157543;
 Fri, 14 Feb 2014 06:29:17 -0800 (PST)
Received: from casper.infradead.org (casper.infradead.org. [2001:770:15f::2])
 by mx.google.com with ESMTPS id
 vo5si4003747wjc.58.2014.02.14.06.29.17 for <patch@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 14 Feb 2014 06:29:17 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:770:15f::2 as permitted sender)
 client-ip=2001:770:15f::2; 
Received: from merlin.infradead.org ([2001:4978:20e::2])
 by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WEJkt-0003XM-L3; Fri, 14 Feb 2014 14:28:39 +0000
Received: from localhost ([::1] helo=merlin.infradead.org)
 by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WEJkq-0002iP-Ix; Fri, 14 Feb 2014 14:28:36 +0000
Received: from fw-tnat.austin.arm.com ([217.140.110.23]
 helo=collaborate-mta1.arm.com)
 by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WEJkn-0002gW-Fl for linux-arm-kernel@lists.infradead.org;
 Fri, 14 Feb 2014 14:28:34 +0000
Received: from e102391-lin.cambridge.arm.com (e102391-lin.cambridge.arm.com
 [10.1.209.166])
 by collaborate-mta1.arm.com (Postfix) with ESMTP id 2EC2013F6EA;
 Fri, 14 Feb 2014 08:28:07 -0600 (CST)
From: Marc Zyngier <marc.zyngier@arm.com>
To: kvmarm@lists.cs.columbia.edu,
	linux-arm-kernel@lists.infradead.org
Subject: [PATCH] KVM: ARM: vgic: plug irq injection race
Date: Fri, 14 Feb 2014 14:28:06 +0000
Message-Id: <1392388086-24730-1-git-send-email-marc.zyngier@arm.com>
X-Mailer: git-send-email 1.8.3.4
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20140214_092833_578229_7B31266F
X-CRM114-Status: UNSURE (   9.11  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary:
 Content analysis details:   (-2.6 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay
 domain
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
Cc: Christoffer Dall <christoffer.dall@linaro.org>
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: marc.zyngier@arm.com
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.220.169 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

As it stands, nothing prevents userspace from injecting an interrupt
before the guest's GIC is actually initialized.

This goes unnoticed so far (as everything is pretty much statically
allocated), but ends up exploding in a spectacular way once we switch
to a more dynamic allocation (the GIC data structure isn't there yet).

The fix is to test for the "ready" flag in the VGIC distributor before
trying to inject the interrupt. Note that in order to avoid breaking
userspace, we have to ignore what is essentially an error.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
 virt/kvm/arm/vgic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index be456ce..d40fe61 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1386,7 +1386,8 @@ out:
 int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
 			bool level)
 {
-	if (vgic_update_irq_state(kvm, cpuid, irq_num, level))
+	if (likely(vgic_initialized(kvm)) &&
+	    vgic_update_irq_state(kvm, cpuid, irq_num, level))
 		vgic_kick_vcpus(kvm);
 
 	return 0;