From patchwork Mon May  4 01:52:22 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shannon Zhao <shannon.zhao@linaro.org>
X-Patchwork-Id: 47965
Return-Path: <patchwork-forward+bncBCOL5N4BVYCBBGVDTOVAKGQELRX2CPA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-lb0-f198.google.com (mail-lb0-f198.google.com
 [209.85.217.198])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B62CE2121F
 for <linaro@patches.linaro.org>; Mon,  4 May 2015 01:55:39 +0000 (UTC)
Received: by lbos2 with SMTP id s2sf38743110lbo.2
 for <linaro@patches.linaro.org>; Sun, 03 May 2015 18:55:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=xb85F2TJo2WGAFwImPluWdpnjO4Pk4O56f8yq5538xU=;
 b=THrE8pIuee2R8YOzTtAdjnExBwUOgxcHhrpeg7s/YmQmPeMIrnsmOSVC8IggmSXw6O
 KQHWdnyhP8dxN3L/hMDtjYU3PdzrpkTRk1ZTwTOG/F8HDPrxDZkd1xSbTUCzrngkm1pq
 mOiTxogkojmMBdV7keyrW8ElE5YNb13PEpajfNhpH4jrRYgXGW0YUhyevihxCzGys6Yh
 GYny1kwV/u6y0qGEEOhOZvp3HXU+kPNA4YHJjsZtJFCFZ149Tdw0mrortNn2q0XcoA0W
 3jgHidcAQDTUYIRpaARPasj0A2UiQNBXQmKJ+yBQZkQCrLvmh91sC9vY75WtO3Rh43kX
 neXw==
X-Gm-Message-State: ALoCoQk3b7JRQ+9odk8mi8xnUlNXsquGKRejkHhlbGZ6YS08XUUIOTbAP5TnBbmg7spEPU2a0IAU
X-Received: by 10.194.5.229 with SMTP id v5mr16974342wjv.0.1430704538703;
 Sun, 03 May 2015 18:55:38 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.206.43 with SMTP id ll11ls721546lac.12.gmail; Sun, 03 May
 2015 18:55:38 -0700 (PDT)
X-Received: by 10.152.9.66 with SMTP id x2mr17576700laa.36.1430704538399;
 Sun, 03 May 2015 18:55:38 -0700 (PDT)
Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com.
 [209.85.217.181]) by mx.google.com with ESMTPS id
 q16si9102933laa.25.2015.05.03.18.55.38
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 03 May 2015 18:55:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.181 as permitted sender) client-ip=209.85.217.181; 
Received: by lbbqq2 with SMTP id qq2so95599585lbb.3
 for <patchwork-forward@linaro.org>;
 Sun, 03 May 2015 18:55:38 -0700 (PDT)
X-Received: by 10.152.27.1 with SMTP id p1mr17276689lag.112.1430704538322;
 Sun, 03 May 2015 18:55:38 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.67.65 with SMTP id l1csp1412986lbt;
 Sun, 3 May 2015 18:55:37 -0700 (PDT)
X-Received: by 10.70.96.65 with SMTP id dq1mr38449150pdb.79.1430704536614;
 Sun, 03 May 2015 18:55:36 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 ix6si17838787pac.46.2015.05.03.18.55.35; 
 Sun, 03 May 2015 18:55:36 -0700 (PDT)
Received-SPF: none (google.com: stable-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1751953AbbEDBzf (ORCPT <rfc822;shannon.zhao@linaro.org>
 + 2 others); Sun, 3 May 2015 21:55:35 -0400
Received: from mail-pa0-f46.google.com ([209.85.220.46]:34473 "EHLO
 mail-pa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1751948AbbEDBzf (ORCPT
 <rfc822;stable@vger.kernel.org>); Sun, 3 May 2015 21:55:35 -0400
Received: by pacyx8 with SMTP id yx8so147798320pac.1
 for <stable@vger.kernel.org>; Sun, 03 May 2015 18:55:34 -0700 (PDT)
X-Received: by 10.70.33.134 with SMTP id r6mr37753936pdi.152.1430704534455; 
 Sun, 03 May 2015 18:55:34 -0700 (PDT)
Received: from localhost ([180.150.153.1]) by mx.google.com with ESMTPSA id
 to6sm11023108pbc.19.2015.05.03.18.55.32
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Sun, 03 May 2015 18:55:33 -0700 (PDT)
From: shannon.zhao@linaro.org
To: stable@vger.kernel.org
Cc: gregkh@linuxfoundation.org, christoffer.dall@linaro.org,
 shannon.zhao@linaro.org, Marc Zyngier <marc.zyngier@arm.com>
Subject: [PATCH for 3.14.y stable 27/47] KVM: ARM: vgic: plug irq injection
 race
Date: Mon,  4 May 2015 09:52:22 +0800
Message-Id: <1430704362-6292-28-git-send-email-shannon.zhao@linaro.org>
X-Mailer: git-send-email 1.9.5.msysgit.1
In-Reply-To: <1430704362-6292-1-git-send-email-shannon.zhao@linaro.org>
References: <1430704362-6292-1-git-send-email-shannon.zhao@linaro.org>
Sender: stable-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: stable@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: shannon.zhao@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.181 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

From: Marc Zyngier <marc.zyngier@arm.com>

commit 71afaba4a2e98bb7bdeba5078370ab43d46e67a1 upstream.

As it stands, nothing prevents userspace from injecting an interrupt
before the guest's GIC is actually initialized.

This goes unnoticed so far (as everything is pretty much statically
allocated), but ends up exploding in a spectacular way once we switch
to a more dynamic allocation (the GIC data structure isn't there yet).

The fix is to test for the "ready" flag in the VGIC distributor before
trying to inject the interrupt. Note that in order to avoid breaking
userspace, we have to ignore what is essentially an error.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
---
 virt/kvm/arm/vgic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index 1316e55..2187318 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1387,7 +1387,8 @@ out:
 int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
 			bool level)
 {
-	if (vgic_update_irq_state(kvm, cpuid, irq_num, level))
+	if (likely(vgic_initialized(kvm)) &&
+	    vgic_update_irq_state(kvm, cpuid, irq_num, level))
 		vgic_kick_vcpus(kvm);
 
 	return 0;