From: Marc Zyngier <marc.zyngier@arm.com>
To: Christoffer Dall <cdall@linaro.org>
Cc: kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org
Subject: Re: [PATCH v3 9/9] KVM: arm/arm64: Don't assume initialized vgic when setting PMU IRQ
Date: Thu, 08 Jun 2017 15:35:05 +0100 [thread overview]
Message-ID: <87y3t2h7ja.fsf@arm.com> (raw)
In-Reply-To: <20170608133446.3875-10-cdall@linaro.org> (Christoffer Dall's message of "Thu, 8 Jun 2017 15:34:46 +0200")
On Thu, Jun 08 2017 at 3:34:46 pm BST, Christoffer Dall <cdall@linaro.org> wrote:
> The PMU IRQ number is set through the VCPU device's KVM_SET_DEVICE_ATTR
> ioctl handler for the KVM_ARM_VCPU_PMU_V3_IRQ attribute, but there is no
> enforced or stated requirement that this must happen after initializing
> the VGIC. As a result, calling vgic_valid_spi() which relies on the
> nr_spis being set during the VGIC init can incorrectly fail.
>
> Introduce irq_is_spi, which determines if an IRQ number is within the
> SPI range without verifying it against the actual VGIC properties.
>
> Signed-off-by: Christoffer Dall <cdall@linaro.org>
> ---
> include/kvm/arm_vgic.h | 2 ++
> virt/kvm/arm/pmu.c | 2 +-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
> index 131668f..a2ae9d2 100644
> --- a/include/kvm/arm_vgic.h
> +++ b/include/kvm/arm_vgic.h
> @@ -39,6 +39,8 @@
> #define KVM_IRQCHIP_NUM_PINS (1020 - 32)
>
> #define irq_is_ppi(irq) ((irq) >= VGIC_NR_SGIS && (irq) < VGIC_NR_PRIVATE_IRQS)
> +#define irq_is_spi(irq) ((irq) >= VGIC_NR_PRIVATE_IRQS && \
> + (irq) <= VGIC_MAX_SPI)
>
> enum vgic_type {
> VGIC_V2, /* Good ol' GICv2 */
> diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c
> index 26a42a9..87cb325 100644
> --- a/virt/kvm/arm/pmu.c
> +++ b/virt/kvm/arm/pmu.c
> @@ -547,7 +547,7 @@ int kvm_arm_pmu_v3_set_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr)
> return -EFAULT;
>
> /* The PMU overflow interrupt can be a PPI or a valid SPI. */
> - if (!(irq_is_ppi(irq) || vgic_valid_spi(vcpu->kvm, irq)))
> + if (!(irq_is_ppi(irq) || irq_is_spi(irq)))
> return -EINVAL;
>
> if (!pmu_irq_is_valid(vcpu->kvm, irq))
Does it mean that we can now fail an injection if the SPI is out of the
range of configured SPIs?
If that's the case, the WARN_ON() in kvm_pmu_update_state() is going to
fire badly, and that's going to be ugly. Should we add a check for this
case in kvm_arm_pmu_v3_init()?
Thanks,
M.
--
Jazz is not dead, it just smell funny.
WARNING: multiple messages have this Message-ID (diff)
From: marc.zyngier@arm.com (Marc Zyngier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 9/9] KVM: arm/arm64: Don't assume initialized vgic when setting PMU IRQ
Date: Thu, 08 Jun 2017 15:35:05 +0100 [thread overview]
Message-ID: <87y3t2h7ja.fsf@arm.com> (raw)
In-Reply-To: <20170608133446.3875-10-cdall@linaro.org> (Christoffer Dall's message of "Thu, 8 Jun 2017 15:34:46 +0200")
On Thu, Jun 08 2017 at 3:34:46 pm BST, Christoffer Dall <cdall@linaro.org> wrote:
> The PMU IRQ number is set through the VCPU device's KVM_SET_DEVICE_ATTR
> ioctl handler for the KVM_ARM_VCPU_PMU_V3_IRQ attribute, but there is no
> enforced or stated requirement that this must happen after initializing
> the VGIC. As a result, calling vgic_valid_spi() which relies on the
> nr_spis being set during the VGIC init can incorrectly fail.
>
> Introduce irq_is_spi, which determines if an IRQ number is within the
> SPI range without verifying it against the actual VGIC properties.
>
> Signed-off-by: Christoffer Dall <cdall@linaro.org>
> ---
> include/kvm/arm_vgic.h | 2 ++
> virt/kvm/arm/pmu.c | 2 +-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
> index 131668f..a2ae9d2 100644
> --- a/include/kvm/arm_vgic.h
> +++ b/include/kvm/arm_vgic.h
> @@ -39,6 +39,8 @@
> #define KVM_IRQCHIP_NUM_PINS (1020 - 32)
>
> #define irq_is_ppi(irq) ((irq) >= VGIC_NR_SGIS && (irq) < VGIC_NR_PRIVATE_IRQS)
> +#define irq_is_spi(irq) ((irq) >= VGIC_NR_PRIVATE_IRQS && \
> + (irq) <= VGIC_MAX_SPI)
>
> enum vgic_type {
> VGIC_V2, /* Good ol' GICv2 */
> diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c
> index 26a42a9..87cb325 100644
> --- a/virt/kvm/arm/pmu.c
> +++ b/virt/kvm/arm/pmu.c
> @@ -547,7 +547,7 @@ int kvm_arm_pmu_v3_set_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr)
> return -EFAULT;
>
> /* The PMU overflow interrupt can be a PPI or a valid SPI. */
> - if (!(irq_is_ppi(irq) || vgic_valid_spi(vcpu->kvm, irq)))
> + if (!(irq_is_ppi(irq) || irq_is_spi(irq)))
> return -EINVAL;
>
> if (!pmu_irq_is_valid(vcpu->kvm, irq))
Does it mean that we can now fail an injection if the SPI is out of the
range of configured SPIs?
If that's the case, the WARN_ON() in kvm_pmu_update_state() is going to
fire badly, and that's going to be ugly. Should we add a check for this
case in kvm_arm_pmu_v3_init()?
Thanks,
M.
--
Jazz is not dead, it just smell funny.
next prev parent reply other threads:[~2017-06-08 14:31 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-08 13:34 [PATCH v3 0/9] Userspace timer IRQ number control and PMU with userspace-gic Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 13:34 ` [PATCH v3 1/9] KVM: arm64: Allow creating the PMU without the in-kernel GIC Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 14:00 ` Marc Zyngier
2017-06-08 14:00 ` Marc Zyngier
2017-06-08 13:34 ` [PATCH v3 2/9] KVM: arm: Handle VCPU device attributes in guest.c Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 13:34 ` [PATCH v3 3/9] KVM: arm/arm64: Move irq_is_ppi() to header file Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 13:34 ` [PATCH v3 4/9] KVM: arm/arm64: Move timer IRQ default init to arch_timer.c Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 13:34 ` [PATCH v3 5/9] KVM: arm/arm64: Allow setting the timer IRQ numbers from userspace Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 13:34 ` [PATCH v3 6/9] KVM: arm/arm64: Introduce an allocator for in-kernel irq lines Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 14:07 ` Marc Zyngier
2017-06-08 14:07 ` Marc Zyngier
2017-06-08 14:59 ` Christoffer Dall
2017-06-08 14:59 ` Christoffer Dall
2017-06-08 15:09 ` Marc Zyngier
2017-06-08 15:09 ` Marc Zyngier
2017-06-08 13:34 ` [PATCH v3 7/9] KVM: arm/arm64: Check if irq lines to the GIC are already used Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 14:12 ` Marc Zyngier
2017-06-08 14:12 ` Marc Zyngier
2017-06-08 13:34 ` [PATCH v3 8/9] KVM: arm/arm64: Disallow userspace control of in-kernel IRQ lines Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 14:14 ` Marc Zyngier
2017-06-08 14:14 ` Marc Zyngier
2017-06-08 13:34 ` [PATCH v3 9/9] KVM: arm/arm64: Don't assume initialized vgic when setting PMU IRQ Christoffer Dall
2017-06-08 13:34 ` Christoffer Dall
2017-06-08 14:35 ` Marc Zyngier [this message]
2017-06-08 14:35 ` Marc Zyngier
2017-06-08 15:18 ` Christoffer Dall
2017-06-08 15:18 ` Christoffer Dall
2017-06-08 15:40 ` Marc Zyngier
2017-06-08 15:40 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3t2h7ja.fsf@arm.com \
--to=marc.zyngier@arm.com \
--cc=cdall@linaro.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.