From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Avi Kivity <avi@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>
Subject: [88/98] KVM: Fix race between APIC TMR and IRR
Date: Tue, 26 Jan 2010 15:34:54 -0800 [thread overview]
Message-ID: <20100126233932.416222630@mini.kroah.org> (raw)
In-Reply-To: <20100126233950.GA5372@kroah.com>
2.6.32-stable review patch. If anyone has any objections, please let us know.
------------------
From: Avi Kivity <avi@redhat.com>
commit a5d36f82c4f3e852b61fdf1fee13463c8aa91b90 upstream.
When we queue an interrupt to the local apic, we set the IRR before the TMR.
The vcpu can pick up the IRR and inject the interrupt before setting the TMR,
and perhaps even EOI it, causing incorrect behaviour.
The race is really insignificant since it can only occur on the first
interrupt (usually following interrupts will not change TMR), but it's better
closed than open.
Fixed by reordering setting the TMR vs IRR.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kvm/lapic.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -374,6 +374,12 @@ static int __apic_accept_irq(struct kvm_
if (unlikely(!apic_enabled(apic)))
break;
+ if (trig_mode) {
+ apic_debug("level trig mode for vector %d", vector);
+ apic_set_vector(vector, apic->regs + APIC_TMR);
+ } else
+ apic_clear_vector(vector, apic->regs + APIC_TMR);
+
result = !apic_test_and_set_irr(vector, apic);
trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,
trig_mode, vector, !result);
@@ -384,11 +390,6 @@ static int __apic_accept_irq(struct kvm_
break;
}
- if (trig_mode) {
- apic_debug("level trig mode for vector %d", vector);
- apic_set_vector(vector, apic->regs + APIC_TMR);
- } else
- apic_clear_vector(vector, apic->regs + APIC_TMR);
kvm_vcpu_kick(vcpu);
break;
next prev parent reply other threads:[~2010-01-26 23:44 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-26 23:39 [00/98] 2.6.32.7-stable review Greg KH
2010-01-26 23:33 ` [01/98] clockevent: Dont remove broadcast device when cpu is dead Greg KH
2010-01-26 23:33 ` [02/98] clockevents: Add missing include to pacify sparse Greg KH
2010-01-26 23:33 ` [03/98] ACPI: dont cond_resched if irq is disabled Greg KH
2010-01-26 23:33 ` [04/98] sfc: Fix DMA mapping cleanup in case of an error in TSO Greg KH
2010-01-26 23:33 ` [05/98] be2net: Add support for next generation of BladeEngine device Greg KH
2010-01-26 23:33 ` [06/98] be2net: Add the new PCI IDs to PCI_DEVICE_TABLE Greg KH
2010-01-26 23:33 ` [07/98] [SCSI] mpt2sas: New device SAS2208 support is added Greg KH
2010-01-26 23:33 ` [08/98] ar9170: Add support for D-Link DWA 160 A2 Greg KH
2010-01-26 23:33 ` [09/98] [stable] [PATCH] powerpc/fsl: Add PCI device ids for new QoirQ chips Greg KH
2010-01-26 23:33 ` [10/98] davinci: dm646x: Add support for 3.x silicon revision Greg KH
2010-01-26 23:33 ` [11/98] Input: ALPS - add interleaved protocol support (Dell E6x00 series) Greg KH
2010-01-26 23:33 ` [12/98] Driver-Core: devtmpfs - set root directory mode to 0755 Greg KH
2010-01-27 4:09 ` Kay Sievers
2010-01-27 16:35 ` Greg KH
2010-01-26 23:33 ` [13/98] driver-core: fix devtmpfs crash on s390 Greg KH
2010-01-26 23:33 ` [14/98] ALSA: hda - Add PCI IDs for Nvidia G2xx-series Greg KH
2010-01-26 23:33 ` [15/98] V4L/DVB (13569): smsusb: add autodetection support for five additional Hauppauge USB IDs Greg KH
2010-01-26 23:33 ` [16/98] USB: mos7840: add device IDs for B&B electronics devices Greg KH
2010-01-26 23:33 ` [17/98] USB: ftdi_sio: add USB device IDs for B&B Electronics line Greg KH
2010-01-26 23:33 ` [18/98] V4L/DVB (13168): Add support for Asus Europa Hybrid DVB-T card (SAA7134 SubVendor ID: 0x1043 Device ID: 0x4847) Greg KH
2010-01-26 23:33 ` [19/98] [WATCHDOG] iTCO_wdt: Add support for Intel Ibex Peak Greg KH
2010-01-26 23:33 ` [20/98] atl1c:use common_task instead of reset_task and link_chg_task Greg KH
2010-01-27 5:25 ` [Stable-review] " Willy Tarreau
2010-01-27 14:45 ` Stefan Bader
2010-01-30 18:09 ` Willy Tarreau
2010-01-26 23:33 ` [21/98] atl1e:disable NETIF_F_TSO6 for hardware limit Greg KH
2010-01-26 23:33 ` [22/98] V4L/DVB (13680a): DocBook/media: copy images after building HTML Greg KH
2010-01-26 23:33 ` [23/98] V4L/DVB (13680b): DocBook/media: create links for included sources Greg KH
2010-01-26 23:33 ` [24/98] netfilter: xtables: fix conntrack match v1 ipt-save output Greg KH
2010-01-26 23:33 ` [25/98] partitions: read whole sector with EFI GPT header Greg KH
2010-01-26 23:33 ` [26/98] partitions: use sector size for EFI GPT Greg KH
2010-01-26 23:33 ` [27/98] ALSA: ice1724 - Patch for suspend/resume for ESI Juli@ Greg KH
2010-01-26 23:33 ` [28/98] sched: Fix isolcpus boot option Greg KH
2010-01-26 23:33 ` [29/98] sched: Fix missing sched tunable recalculation on cpu add/remove Greg KH
2010-01-26 23:33 ` [30/98] nohz: Prevent clocksource wrapping during idle Greg KH
2010-01-26 23:33 ` [31/98] nfsd: Fix sort_pacl in fs/nfsd/nf4acl.c to actually sort groups Greg KH
2010-01-26 23:33 ` [32/98] timers, init: Limit the number of per cpu calibration bootup messages Greg KH
2010-01-26 23:33 ` [33/98] PCI: Always set prefetchable base/limit upper32 registers Greg KH
2010-01-26 23:34 ` [34/98] [SCSI] iscsi class: modify handling of replacement timeout Greg KH
2010-01-26 23:34 ` [35/98] NFS: Revert default r/wsize behavior Greg KH
2010-01-26 23:34 ` [36/98] HID: fixup quirk for NCR devices Greg KH
2010-01-26 23:34 ` [37/98] [SCSI] scsi_devinfo: update Hitachi entries (v2) Greg KH
2010-01-26 23:34 ` [38/98] [SCSI] scsi_dh: create sysfs file, dh_state for all SCSI disk devices Greg KH
2010-01-26 23:34 ` [39/98] [SCSI] scsi_transport_fc: remove invalid BUG_ON Greg KH
2010-01-26 23:34 ` [40/98] [SCSI] lpfc: fix hang on SGI ia64 platform Greg KH
2010-01-26 23:34 ` [41/98] [SCSI] libfc: fix typo in retry check on received PRLI Greg KH
2010-01-26 23:34 ` [42/98] [SCSI] libfc: fix ddp in fc_fcp for 0 xid Greg KH
2010-01-26 23:34 ` [43/98] [SCSI] fcoe: remove redundant checking of netdev->netdev_ops Greg KH
2010-01-26 23:34 ` [44/98] [SCSI] libfc: Fix wrong scsi return status under FC_DATA_UNDRUN Greg KH
2010-01-26 23:34 ` [45/98] [SCSI] libfc: lport: fix minor documentation errors Greg KH
2010-01-26 23:34 ` [46/98] [SCSI] libfc: dont WARN_ON in lport_timeout for RESET state Greg KH
2010-01-26 23:34 ` [47/98] [SCSI] fcoe: initialize return value in fcoe_destroy Greg KH
2010-01-26 23:34 ` [48/98] [SCSI] libfc: Fix frags in frame exceeding SKB_MAX_FRAGS in fc_fcp_send_data Greg KH
2010-01-26 23:34 ` [49/98] [SCSI] libfc: fix memory corruption caused by double frees and bad error handling Greg KH
2010-01-26 23:34 ` [50/98] [SCSI] libfc: fix free of fc_rport_priv with timer pending Greg KH
2010-01-27 0:03 ` Joe Eykholt
2010-01-27 2:03 ` Greg KH
2010-01-26 23:34 ` [51/98] [SCSI] fcoe, libfc: fix an libfc issue with queue ramp down in libfc Greg KH
2010-01-26 23:34 ` [52/98] [SCSI] fcoe: Fix checking san mac address Greg KH
2010-01-26 23:34 ` [53/98] [SCSI] fcoe: Fix getting san mac for VLAN interface Greg KH
2010-01-26 23:34 ` [54/98] qlge: Remove explicit setting of PCI Dev CTL reg Greg KH
2010-01-26 23:34 ` [55/98] qlge: Set PCIE max read request size Greg KH
2010-01-26 23:34 ` [56/98] qlge: Dont fail open when port is not initialized Greg KH
2010-01-26 23:34 ` [57/98] qlge: Add handler for DCBX firmware event Greg KH
2010-01-26 23:34 ` [58/98] qlge: Bonding fix for mode 6 Greg KH
2010-01-26 23:34 ` [59/98] PCI: AER: fix aer inject result in kernel oops Greg KH
2010-01-26 23:34 ` [60/98] DMI: allow omitting ident strings in DMI tables Greg KH
2010-01-26 23:34 ` [61/98] Input: i8042 - remove identification strings from " Greg KH
2010-01-27 0:00 ` Linus Torvalds
2010-01-27 0:11 ` Greg KH
2010-01-26 23:34 ` [62/98] Input: i8042 - add Gigabyte M1022M to the noloop list Greg KH
2010-01-26 23:34 ` [63/98] Input: i8042 - add Dritek quirk for Acer Aspire 5610 Greg KH
2010-01-26 23:34 ` [64/98] ALSA: hda - select IbexPeak handler for Calpella Greg KH
2010-01-26 23:34 ` [65/98] ALSA: hda - Fix quirk for Maxdata obook4-1 Greg KH
2010-01-26 23:34 ` [66/98] ALSA: hda - Add missing Line-Out and PCM switches as slave Greg KH
2010-01-26 23:34 ` [67/98] [WATCHDOG] iTCO_wdt.c - cleanup chipset documentation Greg KH
2010-01-26 23:34 ` [68/98] [WATCHDOG] iTCO_wdt: add PCI ID for the Intel EP80579 (Tolapai) SoC Greg KH
2010-01-26 23:34 ` [69/98] [WATCHDOG] iTCO_wdt: Add Intel Cougar Point and PCH DeviceIDs Greg KH
2010-01-26 23:34 ` [70/98] ahci: disable SNotification capability for ich8 Greg KH
2010-01-26 23:34 ` [71/98] ata_piix: fix MWDMA handling on PIIX3 Greg KH
2010-01-26 23:34 ` [72/98] ata_piix: enable 32bit PIO on SATA piix Greg KH
2010-01-26 23:56 ` Tejun Heo
2010-01-27 0:03 ` Greg KH
2010-01-26 23:34 ` [73/98] md: fix small irregularity with start_ro module parameter Greg KH
2010-01-26 23:34 ` [74/98] V4L/DVB (13826): uvcvideo: Fix controls blacklisting Greg KH
2010-01-26 23:34 ` [75/98] [S390] cio: fix double free in case of probe failure Greg KH
2010-01-26 23:34 ` [76/98] [S390] cio: dont panic in non-fatal conditions Greg KH
2010-01-26 23:34 ` [77/98] netiucv: displayed TX bytes value much too high Greg KH
2010-01-26 23:34 ` [78/98] ipc ns: fix memory leak (idr) Greg KH
2010-01-26 23:34 ` [79/98] ALSA: hda - Fix HP T5735 automute Greg KH
2010-01-26 23:34 ` [80/98] hwmon: (fschmd) Fix a memleak on multiple opens of /dev/watchdog Greg KH
2010-01-26 23:34 ` [81/98] UBI: fix memory leak in update path Greg KH
2010-01-26 23:34 ` [82/98] UBI: initialise update marker Greg KH
2010-01-26 23:34 ` [83/98] ASoC: fix a memory-leak in wm8903 Greg KH
2010-01-26 23:34 ` [84/98] mac80211: check that ieee80211_set_power_mgmt only handles STA interfaces Greg KH
2010-01-26 23:34 ` [85/98] cfg80211: fix channel setting for wext Greg KH
2010-01-26 23:34 ` [86/98] KVM: S390: fix potential array overrun in intercept handling Greg KH
2010-01-26 23:34 ` [87/98] KVM: only allow one gsi per fd Greg KH
2010-01-26 23:34 ` Greg KH [this message]
2010-01-26 23:34 ` [89/98] KVM: MMU: bail out pagewalk on kvm_read_guest error Greg KH
2010-01-26 23:34 ` [90/98] KVM: x86: Fix host_mapping_level() Greg KH
2010-01-26 23:34 ` [91/98] KVM: x86: Fix probable memory leak of vcpu->arch.mce_banks Greg KH
2010-01-26 23:34 ` [92/98] KVM: x86: Fix leak of free lapic date in kvm_arch_vcpu_init() Greg KH
2010-01-26 23:34 ` [93/98] KVM: fix lock imbalance in kvm_*_irq_source_id() Greg KH
2010-01-26 23:35 ` [94/98] KVM: only clear irq_source_id if irqchip is present Greg KH
2010-01-26 23:35 ` [95/98] IPoIB: Clear ipoib_neigh.dgid in ipoib_neigh_alloc() Greg KH
2010-01-26 23:35 ` [96/98] x86: Reenable TSC sync check at boot, even with NONSTOP_TSC Greg KH
2010-01-26 23:35 ` [97/98] ACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C Greg KH
2010-01-26 23:35 ` [98/98] iwlwifi: Fix throughput stall issue in HT mode for 5000 Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100126233932.416222630@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=avi@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox