From patchwork Mon Aug 15 21:15:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoffer Dall X-Patchwork-Id: 9282183 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E75116086A for ; Mon, 15 Aug 2016 21:13:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D3C9D28E75 for ; Mon, 15 Aug 2016 21:13:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C82B228E7F; Mon, 15 Aug 2016 21:13:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4920A28E77 for ; Mon, 15 Aug 2016 21:13:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932266AbcHOVNo (ORCPT ); Mon, 15 Aug 2016 17:13:44 -0400 Received: from mail-wm0-f44.google.com ([74.125.82.44]:34983 "EHLO mail-wm0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932115AbcHOVNn (ORCPT ); Mon, 15 Aug 2016 17:13:43 -0400 Received: by mail-wm0-f44.google.com with SMTP id f65so109436983wmi.0 for ; Mon, 15 Aug 2016 14:13:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=wniC1EO6O2tD2gV8+NG0uYuQO9m4zRnyEz3Clo4AJuk=; b=L1ebZlyYSAVH4TgXI7K0vudZHexqKQzQ72QgOELUfg7lCtgUvGyalcH7LP4etbGzIP b3pCsQjT2Gct6QZNTUedqpzvcjRgvD4Gp+jealpPc4zWlYGzJk56cuyPEka3aRX+UZVU WI1k9gwmtTNWJZA1E69MiFP46euNsvkQ6Ln5s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=wniC1EO6O2tD2gV8+NG0uYuQO9m4zRnyEz3Clo4AJuk=; b=guf3SMgW2sMqST1YImoG/Moh3EjM0+9uphaVf3wB6Fg4lEBJW/3nIDyj8ns1iyGrtu t4UkTN9nv86cxwWxbSXG3sGGL0PChzmSA08pkpDeFIQbvlwAF5XwrjZG2HRX5QdmOY2n ucjC/i8u/ym4feV0XmzYzH4Zjub1iKkkZdZp/7Qdnm2/FkQ1WU3zPD7Uo2Od7w0rjkIJ 0cgpIgaiEaPw+M6npbykpYjrZzNhfjlh0Zwp5hPdONwj5GJgNfL6Q8LR3P5Ag/VOo/Py m11J0t0DlfxKp590v0H6O1Rq453Cl9mgqj6eZE1g7HP/usQeC6iNhox9aZOT1oDagICe j0kw== X-Gm-Message-State: AEkoouuep+W2/XRwzRMK4Qjn/MGIupWrgwjc7PbW6tn6SnAYWlpG5GdN08vZiCxpcxM+Ooyy X-Received: by 10.194.83.72 with SMTP id o8mr2066800wjy.187.1471295622099; Mon, 15 Aug 2016 14:13:42 -0700 (PDT) Received: from localhost.localdomain ([94.18.191.146]) by smtp.gmail.com with ESMTPSA id a9sm23340835wjf.16.2016.08.15.14.13.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Aug 2016 14:13:39 -0700 (PDT) From: Christoffer Dall To: Andre Przywara Cc: Eric Auger , Peter Maydell , Marc Zyngier , kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Christoffer Dall Subject: [PATCH v3] KVM: arm64: vgic-its: Make updates to propbaser/pendbaser atomic Date: Mon, 15 Aug 2016 23:15:31 +0200 Message-Id: <20160815211531.30350-1-christoffer.dall@linaro.org> X-Mailer: git-send-email 2.9.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP There are two problems with the current implementation of the MMIO handlers for the propbaser and pendbaser: First, the write to the value itself is not guaranteed to be an atomic 64-bit write so two concurrent writes to the structure field could be intermixed. Second, because we do a read-modify-update operation without any synchronization, if we have two 32-bit accesses to separate parts of the register, we can loose one of them. By using the atomic cmpxchg64 we should cover both issues above. Signed-off-by: Christoffer Dall --- Changes since v2: - I misread the implementation and example uses of cmpxchg64 and checked the return value for non-zero instead of comparing with the old value. - Dropped Andre's R-B Changes since v1: - Use atomic cmpxchg64 instead of taking a lock virt/kvm/arm/vgic/vgic-mmio-v3.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-mmio-v3.c b/virt/kvm/arm/vgic/vgic-mmio-v3.c index ff668e0..90d8181 100644 --- a/virt/kvm/arm/vgic/vgic-mmio-v3.c +++ b/virt/kvm/arm/vgic/vgic-mmio-v3.c @@ -306,16 +306,19 @@ static void vgic_mmio_write_propbase(struct kvm_vcpu *vcpu, { struct vgic_dist *dist = &vcpu->kvm->arch.vgic; struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; - u64 propbaser = dist->propbaser; + u64 old_propbaser, propbaser; /* Storing a value with LPIs already enabled is undefined */ if (vgic_cpu->lpis_enabled) return; - propbaser = update_64bit_reg(propbaser, addr & 4, len, val); - propbaser = vgic_sanitise_propbaser(propbaser); - - dist->propbaser = propbaser; + do { + old_propbaser = dist->propbaser; + propbaser = old_propbaser; + propbaser = update_64bit_reg(propbaser, addr & 4, len, val); + propbaser = vgic_sanitise_propbaser(propbaser); + } while (cmpxchg64(&dist->propbaser, old_propbaser, + propbaser) != old_propbaser); } static unsigned long vgic_mmio_read_pendbase(struct kvm_vcpu *vcpu, @@ -331,16 +334,19 @@ static void vgic_mmio_write_pendbase(struct kvm_vcpu *vcpu, unsigned long val) { struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; - u64 pendbaser = vgic_cpu->pendbaser; + u64 old_pendbaser, pendbaser; /* Storing a value with LPIs already enabled is undefined */ if (vgic_cpu->lpis_enabled) return; - pendbaser = update_64bit_reg(pendbaser, addr & 4, len, val); - pendbaser = vgic_sanitise_pendbaser(pendbaser); - - vgic_cpu->pendbaser = pendbaser; + do { + old_pendbaser = vgic_cpu->pendbaser; + pendbaser = old_pendbaser; + pendbaser = update_64bit_reg(pendbaser, addr & 4, len, val); + pendbaser = vgic_sanitise_pendbaser(pendbaser); + } while (cmpxchg64(&vgic_cpu->pendbaser, old_pendbaser, + pendbaser) != old_pendbaser); } /*