From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Michael Ellerman <michael@ellerman.id.au>,
Avi Kivity <avi@redhat.com>
Subject: [ 39/52] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
Date: Thu, 10 May 2012 10:32:11 -0700 [thread overview]
Message-ID: <20120510173136.285214893@linuxfoundation.org> (raw)
In-Reply-To: <20120510173229.GA5678@kroah.com>
3.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Avi Kivity <avi@redhat.com>
(cherry picked from commit 3e515705a1f46beb1c942bb8043c16f8ac7b1e9e)
If some vcpus are created before KVM_CREATE_IRQCHIP, then
irqchip_in_kernel() and vcpu->arch.apic will be inconsistent, leading
to potential NULL pointer dereferences.
Fix by:
- ensuring that no vcpus are installed when KVM_CREATE_IRQCHIP is called
- ensuring that a vcpu has an apic if it is installed after KVM_CREATE_IRQCHIP
This is somewhat long winded because vcpu->arch.apic is created without
kvm->lock held.
Based on earlier patch by Michael Ellerman.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/ia64/kvm/kvm-ia64.c | 5 +++++
arch/x86/kvm/x86.c | 8 ++++++++
include/linux/kvm_host.h | 7 +++++++
virt/kvm/kvm_main.c | 4 ++++
4 files changed, 24 insertions(+)
--- a/arch/ia64/kvm/kvm-ia64.c
+++ b/arch/ia64/kvm/kvm-ia64.c
@@ -1169,6 +1169,11 @@ out:
#define PALE_RESET_ENTRY 0x80000000ffffffb0UL
+bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
+{
+ return irqchip_in_kernel(vcpu->kcm) == (vcpu->arch.apic != NULL);
+}
+
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
{
struct kvm_vcpu *v;
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3131,6 +3131,9 @@ long kvm_arch_vm_ioctl(struct file *filp
r = -EEXIST;
if (kvm->arch.vpic)
goto create_irqchip_unlock;
+ r = -EINVAL;
+ if (atomic_read(&kvm->online_vcpus))
+ goto create_irqchip_unlock;
r = -ENOMEM;
vpic = kvm_create_pic(kvm);
if (vpic) {
@@ -5956,6 +5959,11 @@ void kvm_arch_check_processor_compat(voi
kvm_x86_ops->check_processor_compatibility(rtn);
}
+bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
+{
+ return irqchip_in_kernel(vcpu->kvm) == (vcpu->arch.apic != NULL);
+}
+
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
{
struct page *page;
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -775,6 +775,13 @@ static inline bool kvm_vcpu_is_bsp(struc
{
return vcpu->kvm->bsp_vcpu_id == vcpu->vcpu_id;
}
+
+bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu);
+
+#else
+
+static inline bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu) { return true; }
+
#endif
#ifdef __KVM_HAVE_DEVICE_ASSIGNMENT
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1720,6 +1720,10 @@ static int kvm_vm_ioctl_create_vcpu(stru
goto vcpu_destroy;
mutex_lock(&kvm->lock);
+ if (!kvm_vcpu_compatible(vcpu)) {
+ r = -EINVAL;
+ goto unlock_vcpu_destroy;
+ }
if (atomic_read(&kvm->online_vcpus) == KVM_MAX_VCPUS) {
r = -EINVAL;
goto unlock_vcpu_destroy;
next prev parent reply other threads:[~2012-05-10 17:36 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-10 17:32 [ 00/52] 3.3.6-stable review Greg KH
2012-05-10 17:31 ` [ 01/52] drm/i915: enable dip before writing data on gen4 Greg KH
2012-05-10 17:31 ` [ 02/52] smsc95xx: mark link down on startup and let PHY interrupt deal with carrier changes Greg KH
2012-05-10 17:31 ` [ 03/52] e1000: fix vlan processing regression Greg KH
2012-05-10 17:31 ` [ 04/52] xen/pte: Fix crashes when trying to see non-existent PGD/PMD/PUD/PTEs Greg KH
2012-05-10 17:31 ` [ 05/52] xen/pci: dont use PCI BIOS service for configuration space accesses Greg KH
2012-05-10 17:31 ` [ 06/52] drm/i915: disable sdvo hotplug on i945g/gm Greg KH
2012-05-10 17:31 ` [ 07/52] drm/i915: Do no set Stencil Cache eviction LRA w/a on gen7+ Greg KH
2012-05-10 17:31 ` [ 08/52] ASoC: core: check of_property_count_strings failure Greg KH
2012-05-10 17:31 ` [ 09/52] ASoC: tlv312aic23: unbreak resume Greg KH
2012-05-10 17:31 ` [ 10/52] fs/cifs: fix parsing of dfs referrals Greg KH
2012-05-10 17:31 ` [ 11/52] x86, relocs: Remove an unused variable Greg KH
2012-05-10 17:31 ` [ 12/52] percpu, x86: dont use PMD_SIZE as embedded atom_size on 32bit Greg KH
2012-05-10 17:31 ` [ 13/52] asm-generic: Use __BITS_PER_LONG in statfs.h Greg KH
2012-05-10 17:31 ` [ 14/52] Fix __read_seqcount_begin() to use ACCESS_ONCE for sequence value read Greg KH
2012-05-10 17:31 ` [ 15/52] ARM: 7410/1: Add extra clobber registers for assembly in kernel_execve Greg KH
2012-05-10 17:31 ` [ 16/52] ARM: 7411/1: audit: fix treatment of saved ip register during syscall tracing Greg KH
2012-05-10 17:31 ` [ 17/52] ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless of endianness Greg KH
2012-05-10 17:31 ` [ 18/52] ARM: 7414/1: SMP: prevent use of the console when using idmap_pgd Greg KH
2012-05-10 17:31 ` [ 19/52] regulator: Fix the logic to ensure new voltage setting in valid range Greg KH
2012-05-10 17:31 ` [ 20/52] ARM: orion5x: Fix GPIO enable bits for MPP9 Greg KH
2012-05-10 17:31 ` [ 21/52] ARM: OMAP: Revert "ARM: OMAP: ctrl: Fix CONTROL_DSIPHY register fields" Greg KH
2012-05-10 17:31 ` [ 22/52] asix: Fix tx transfer padding for full-speed USB Greg KH
2012-05-10 18:25 ` Mark Lord
2012-05-10 18:29 ` Mark Lord
2012-05-10 18:52 ` David Miller
2012-05-10 17:31 ` [ 23/52] netem: fix possible skb leak Greg KH
2012-05-10 17:31 ` [ 24/52] net: In unregister_netdevice_notifier unregister the netdevices Greg KH
2012-05-10 17:31 ` [ 25/52] net: l2tp: unlock socket lock before returning from l2tp_ip_sendmsg Greg KH
2012-05-10 17:31 ` [ 26/52] sky2: propogate rx hash when packet is copied Greg KH
2012-05-10 17:31 ` [ 27/52] sky2: fix receive length error in mixed non-VLAN/VLAN traffic Greg KH
2012-05-10 17:32 ` [ 28/52] sungem: Fix WakeOnLan Greg KH
2012-05-10 17:32 ` [ 29/52] tg3: Avoid panic from reserved statblk field access Greg KH
2012-05-10 17:32 ` [ 30/52] tcp: fix infinite cwnd in tcp_complete_cwr() Greg KH
2012-05-10 17:32 ` [ 31/52] tcp: change tcp_adv_win_scale and tcp_rmem[2] Greg KH
2012-05-10 17:32 ` [ 32/52] net: Add memory barriers to prevent possible race in byte queue limits Greg KH
2012-05-10 17:32 ` [ 33/52] net: Fix issue with netdev_tx_reset_queue not resetting queue from XOFF state Greg KH
2012-05-10 18:53 ` Alexander Duyck
2012-05-10 18:55 ` David Miller
2012-05-10 19:46 ` Jonathan Nieder
2012-05-10 20:35 ` Alexander Duyck
2012-05-10 20:51 ` David Miller
2012-05-10 22:03 ` Greg KH
2012-05-10 17:32 ` [ 34/52] KVM: s390: do store status after handling STOP_ON_STOP bit Greg KH
2012-05-10 17:32 ` [ 35/52] KVM: s390: Sanitize fpc registers for KVM_SET_FPU Greg KH
2012-05-10 17:32 ` [ 36/52] KVM: Fix write protection race during dirty logging Greg KH
2012-05-10 17:32 ` [ 37/52] KVM: mmu_notifier: Flush TLBs before releasing mmu_lock Greg KH
2012-05-10 17:32 ` [ 38/52] KVM: x86 emulator: correctly mask pmc index bits in RDPMC instruction emulation Greg KH
2012-05-10 17:32 ` Greg KH [this message]
2012-05-10 17:32 ` [ 40/52] KVM: VMX: Fix delayed load of shared MSRs Greg KH
2012-05-10 17:32 ` [ 41/52] KVM: nVMX: Fix erroneous exception bitmap check Greg KH
2012-05-10 17:32 ` [ 42/52] KVM: VMX: vmx_set_cr0 expects kvm->srcu locked Greg KH
2012-05-10 17:32 ` [ 43/52] KVM: VMX: Fix kvm_set_shared_msr() called in preemptible context Greg KH
2012-05-10 17:32 ` [ 44/52] KVM: lock slots_lock around device assignment Greg KH
2012-05-10 17:32 ` [ 45/52] sony-laptop: Enable keyboard backlight by default Greg KH
2012-05-10 17:32 ` [ 46/52] hugepages: fix use after free bug in "quota" handling Greg KH
2012-05-10 17:32 ` [ 47/52] mtip32xx: fix incorrect value set for drv_cleanup_done, and re-initialize and start port in mtip_restart_port() Greg KH
2012-05-10 17:32 ` [ 48/52] mtip32xx: fix error handling in mtip_init() Greg KH
2012-05-10 17:32 ` [ 49/52] block: mtip32xx: remove HOTPLUG_PCI_PCIE dependancy Greg KH
2012-05-10 17:32 ` [ 50/52] nfsd: dont fail unchecked creates of non-special files Greg KH
2012-05-10 17:32 ` [ 51/52] ARM: 7397/1: l2x0: only apply workaround for erratum #753970 on PL310 Greg KH
2012-05-10 17:32 ` [ 52/52] ARM: 7398/1: l2x0: only write to debug registers " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120510173136.285214893@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=avi@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=michael@ellerman.id.au \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.