From patchwork Wed Aug  3 16:13:25 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <christoffer.dall@linaro.org>
X-Patchwork-Id: 9261585
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5C93F6048B for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  3 Aug 2016 16:18:17 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E2EB2818B
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  3 Aug 2016 16:18:17 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 42BF328249; Wed,  3 Aug 2016 16:18:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AC8632818B
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  3 Aug 2016 16:18:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751501AbcHCQSO (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 3 Aug 2016 12:18:14 -0400
Received: from mail-wm0-f53.google.com ([74.125.82.53]:34931 "EHLO
	mail-wm0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755690AbcHCQSM (ORCPT <rfc822; kvm@vger.kernel.org>);
	Wed, 3 Aug 2016 12:18:12 -0400
Received: by mail-wm0-f53.google.com with SMTP id f65so454381191wmi.0
	for <kvm@vger.kernel.org>; Wed, 03 Aug 2016 09:18:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=0LWzK6lOUVBoUT+hef8SCU16M84iidYYafMOPuVrlgE=;
	b=HiNLzw7K8SdYtgi84DCz9gDC4E9C9poSwhA1HGB3YZkufxlbs4Q76me64gatsM5He8
	Rdqq3McXiaU/0zWGhOp6IH/FnhtJgVfppFxX3neTZt0K1BXKQQRVe8wp7ErqBW/9OhTg
	89vu6nuwT5AMMHJkh+vOjbUti8EhTt95LUXE4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=0LWzK6lOUVBoUT+hef8SCU16M84iidYYafMOPuVrlgE=;
	b=I7c+L4CcBQeUra3yFv+9xP/BRhGMQ/mCqHtpQQRNi2YQi7uUQsjoAzqB8mZTevaoB4
	YpQOrj3HMtrodwaLF1WM8tcSJItZINf9S1jUpueXsDgQxHnmV4hxzB/UAwIBmr9EqCyG
	to43VRPIVjJ26oOYyoRQExAq3eylDygqWmoQxFbkX2Pf8SgzV43OfeC6BDZgErNmR0yK
	f2TbEP+7cNxzbmXuAxdtWVxMfye58jP/nWq16bAl00Uz/UkDKcCxAaiVLDFznBEm1P93
	NpnkpVVu3rk7Dc+TNCU2EsnqBDtE4tvZg8NmU1j8uctLUNZQQnvonSl4B9hDJnQGWRV6
	Kztg==
X-Gm-Message-State: 
 AEkoousA2zer4q/pEDaB/jorIIh7FRfcMAuOSPp6S05cZAAl2aytx3H5CxtZz0+ToJXVIcoo
X-Received: by 10.194.65.170 with SMTP id y10mr463374wjs.26.1470240711302;
	Wed, 03 Aug 2016 09:11:51 -0700 (PDT)
Received: from localhost.localdomain ([94.18.191.146])
	by smtp.gmail.com with ESMTPSA id
	n131sm27817583wmd.3.2016.08.03.09.11.50
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 03 Aug 2016 09:11:50 -0700 (PDT)
From: Christoffer Dall <christoffer.dall@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>,
	Andre Przywara <andre.przywara@arm.com>, kvmarm@lists.cs.columbia.edu
Cc: kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	Christoffer Dall <christoffer.dall@linaro.org>
Subject: [PATCH 3/3] KVM: arm64: vgic-its: Make updates to
	propbaser/pendbaser atomic
Date: Wed,  3 Aug 2016 18:13:25 +0200
Message-Id: <20160803161325.14933-4-christoffer.dall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20160803161325.14933-1-christoffer.dall@linaro.org>
References: <20160803161325.14933-1-christoffer.dall@linaro.org>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

There are two problems with the current implementation of the MMIO
handlers for the propbaser and pendbaser:

First, the write to the value itself is not guaranteed to be an atomic
64-bit write so two concurrent writes to the structure field could be
intermixed.

Second, because we do a read-modify-update operation without any
synchronization, if we have two 32-bit accesses to separate parts of the
register, we can loose one of them.

We can take the KVM mutex to synchronize accesses to these registers.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
 virt/kvm/arm/vgic/vgic-mmio-v3.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/virt/kvm/arm/vgic/vgic-mmio-v3.c b/virt/kvm/arm/vgic/vgic-mmio-v3.c
index ff668e0..e38b7a0 100644
--- a/virt/kvm/arm/vgic/vgic-mmio-v3.c
+++ b/virt/kvm/arm/vgic/vgic-mmio-v3.c
@@ -306,16 +306,19 @@ static void vgic_mmio_write_propbase(struct kvm_vcpu *vcpu,
 {
 	struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 	struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
-	u64 propbaser = dist->propbaser;
+	u64 propbaser;
 
 	/* Storing a value with LPIs already enabled is undefined */
 	if (vgic_cpu->lpis_enabled)
 		return;
 
+	mutex_lock(&vcpu->kvm->lock);
+	propbaser = dist->propbaser;
 	propbaser = update_64bit_reg(propbaser, addr & 4, len, val);
 	propbaser = vgic_sanitise_propbaser(propbaser);
 
 	dist->propbaser = propbaser;
+	mutex_unlock(&vcpu->kvm->lock);
 }
 
 static unsigned long vgic_mmio_read_pendbase(struct kvm_vcpu *vcpu,
@@ -331,16 +334,19 @@ static void vgic_mmio_write_pendbase(struct kvm_vcpu *vcpu,
 				     unsigned long val)
 {
 	struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
-	u64 pendbaser = vgic_cpu->pendbaser;
+	u64 pendbaser;
 
 	/* Storing a value with LPIs already enabled is undefined */
 	if (vgic_cpu->lpis_enabled)
 		return;
 
+	mutex_lock(&vcpu->kvm->lock);
+	pendbaser = vgic_cpu->pendbaser;
 	pendbaser = update_64bit_reg(pendbaser, addr & 4, len, val);
 	pendbaser = vgic_sanitise_pendbaser(pendbaser);
 
 	vgic_cpu->pendbaser = pendbaser;
+	mutex_unlock(&vcpu->kvm->lock);
 }
 
 /*