From patchwork Sun May 17 01:02:31 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sasha Levin <sasha.levin@oracle.com>
X-Patchwork-Id: 48620
Return-Path: <patchwork-forward+bncBDPILVOKSELBBJWT36VAKGQEXFW45AY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f70.google.com (mail-la0-f70.google.com
 [209.85.215.70])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 313B521411
 for <linaro@patches.linaro.org>; Sun, 17 May 2015 01:06:48 +0000 (UTC)
Received: by laed2 with SMTP id d2sf19491423lae.0
 for <linaro@patches.linaro.org>; Sat, 16 May 2015 18:06:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=LUTXbhYfhHKUzccd7qLpIUT3iwwoa0/6kTrQEllJ4p4=;
 b=Pk424jc5zkNV/7W8lkFKVlC/k414SNZlgYz8LSnJ2SMP6j5c8DT8/6eAVkLCFngMq9
 Kj354eMIFw8VAtV0++XtP3Wu5OtC+396ENpSZMesh8/IYLF3W7vibkaguES0OmY7SBcI
 BFlL4DGa29czROsh7PzaHs3ec07rFLr/wH0KwgNP+mNiGzZ4pbsZNiOLsu8yasfr9ByY
 FO7bgA8dI1GNU/m5F1FeWLZWNvZ8F2CGArSI5KrltoExCF8zeHpxB2haItQ8gnLhq6Aa
 m3PJaZqDAyVnneiLv/C6MvCAclKnMqm0t2ckPIFv12hEtIvqMxbW+XmjsxHS3RHvCoBk
 oVyQ==
X-Gm-Message-State: ALoCoQl63Z4FimdZyERk3HfHjkiVBN0BBJtYYn9v+V2G1U3piPuiW9TXULZm3TG1zH2FhRTqQoob
X-Received: by 10.152.184.73 with SMTP id es9mr12555789lac.4.1431824806501; 
 Sat, 16 May 2015 18:06:46 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.153.7.167 with SMTP id dd7ls544985lad.28.gmail; Sat, 16 May
 2015 18:06:46 -0700 (PDT)
X-Received: by 10.152.121.66 with SMTP id li2mr8836507lab.65.1431824806373; 
 Sat, 16 May 2015 18:06:46 -0700 (PDT)
Received: from mail-la0-f43.google.com (mail-la0-f43.google.com.
 [209.85.215.43])
 by mx.google.com with ESMTPS id u8si3913273laz.27.2015.05.16.18.06.46
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 16 May 2015 18:06:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.43 as permitted sender) client-ip=209.85.215.43; 
Received: by labbd9 with SMTP id bd9so172860549lab.2
 for <patchwork-forward@linaro.org>;
 Sat, 16 May 2015 18:06:46 -0700 (PDT)
X-Received: by 10.152.6.69 with SMTP id y5mr5210545lay.72.1431824806278;
 Sat, 16 May 2015 18:06:46 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.108.230 with SMTP id hn6csp3022201lbb;
 Sat, 16 May 2015 18:06:45 -0700 (PDT)
X-Received: by 10.68.250.229 with SMTP id zf5mr32034472pbc.158.1431824787607; 
 Sat, 16 May 2015 18:06:27 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 h13si9275368pdm.194.2015.05.16.18.06.26; 
 Sat, 16 May 2015 18:06:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1751004AbbEQBGV (ORCPT <rfc822;shannon.zhao@linaro.org>
 + 2 others); Sat, 16 May 2015 21:06:21 -0400
Received: from aserp1040.oracle.com ([141.146.126.69]:22609 "EHLO
 aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1750914AbbEQBGU (ORCPT
 <rfc822;stable@vger.kernel.org>); Sat, 16 May 2015 21:06:20 -0400
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
 by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2)
 with ESMTP id t4H16Kq5017168
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Sun, 17 May 2015 01:06:20 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
 by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t4H16KuP011167
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); 
 Sun, 17 May 2015 01:06:20 GMT
Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18])
 by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id
 t4H16KFR027763; Sun, 17 May 2015 01:06:20 GMT
Received: from lappy.hsd1.nh.comcast.net (/10.159.157.103)
 by default (Oracle Beehive Gateway v4.0)
 with ESMTP ; Sat, 16 May 2015 18:06:19 -0700
From: Sasha Levin <sasha.levin@oracle.com>
To: stable@vger.kernel.org, stable-commits@vger.kernel.org
Cc: sasha.levin@oracle.com
Subject: [PATCH 3.18 010/222] arm/arm64: KVM: Don't allow creating VCPUs
 after vgic_initialized
Date: Sat, 16 May 2015 21:02:31 -0400
Message-Id: <1431824764-20044-11-git-send-email-sasha.levin@oracle.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: <1431824764-20044-1-git-send-email-sasha.levin@oracle.com>
References: <1431824764-20044-1-git-send-email-sasha.levin@oracle.com>
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Sender: stable-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: stable@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: patch@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.43 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

From: Christoffer Dall <christoffer.dall@linaro.org>

commit 716139df2517fbc3f2306dbe8eba0fa88dca0189 upstream.

When the vgic initializes its internal state it does so based on the
number of VCPUs available at the time.  If we allow KVM to create more
VCPUs after the VGIC has been initialized, we are likely to error out in
unfortunate ways later, perform buffer overflows etc.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
 arch/arm/kvm/arm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 448314b..546a12e 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -213,6 +213,11 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
 	int err;
 	struct kvm_vcpu *vcpu;
 
+	if (irqchip_in_kernel(kvm) && vgic_initialized(kvm)) {
+		err = -EBUSY;
+		goto out;
+	}
+
 	vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
 	if (!vcpu) {
 		err = -ENOMEM;