From patchwork Sun Apr 23 17:09:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoffer Dall X-Patchwork-Id: 9695203 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C3EA0602A7 for ; Sun, 23 Apr 2017 17:39:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C28AA25EF7 for ; Sun, 23 Apr 2017 17:39:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B5EFB26530; Sun, 23 Apr 2017 17:39:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7889725EF7 for ; Sun, 23 Apr 2017 17:39:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=57ZYsagzdoZF7555b9j8TIycOQja2qwlRQ4ruHda/P4=; b=KposONXlIyJ2PDE68VUWSQdYRS mDXF8w3zNJ2sg0uPXb8yQBmxINe7JraP2YMsJ3FnCcV/2hnPT2u7dZycLWMO1mEQA8ktRVAhRhL3P hS+eiwTYcvydTzjIe12GinxyiCeioAl/x/qnAc3fCMuMlJmdjSY2y9YMxFEKmvdL6SDm+szJQJpBw l5h207oBtuG3w442LUPCAavbD/6XpsyrtSLKWXapXM6KNq2Z98ZRiFSNEBNjMMp8KKbd+itBL+J5s I5Nrqu/DY6kFwPSnNAUC4XjyiwoRg7SKh4IYH+eaGVAq15gx1p0IGkUUULiAqtIarl4H4verNuSz5 /inkxG3A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1d2LUI-00044c-SC; Sun, 23 Apr 2017 17:39:54 +0000 Received: from merlin.infradead.org ([205.233.59.134]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1d2LTu-0003jf-1A for linux-arm-kernel@bombadil.infradead.org; Sun, 23 Apr 2017 17:39:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=S2O5Mq707Xa0DEHAk9RztKap/pcb0rX5ORH0/7nCX1Q=; b=Cy1KnLjrBv1bn3UVhf1cC0Mys AUsIZkVt53jnJc3C8RVPMlsTcQVViCa6u3fCYMnCH1NajWRx6ko1PTzmF/1w0dZUnrtJA/B7PK0sd ZSiS618WY+zgiE6aQdNgY2Pc9pXAznGK3d9JfLV+/A5EaXM3UANtuiBTl5h74pNti6Id3UBakaoVK mIowE9oVl65dMJ9pCCuR6nCSFM4cUr0zBBDuAmKj+E7uYHME+ibBStgSivaS9+1RRjsj7cNXb6dZA F2PBfDxGAWe2yuCElM/IPnHynu9Mq5nGz1Ob7UvTyGEYx1AQTk6Llch61J8WJjIK7Ii7IWyC38vvS 7YGDzzeiA==; Received: from mail-wr0-x22e.google.com ([2a00:1450:400c:c0c::22e]) by merlin.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1d2LTr-0006li-Qr for linux-arm-kernel@lists.infradead.org; Sun, 23 Apr 2017 17:39:29 +0000 Received: by mail-wr0-x22e.google.com with SMTP id z52so37947986wrc.2 for ; Sun, 23 Apr 2017 10:39:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=S2O5Mq707Xa0DEHAk9RztKap/pcb0rX5ORH0/7nCX1Q=; b=hRgnowAQETH0tZAWF3JCE6e1FkqDn0Aoadw5X7YUhUWYnwhP80kpEi4VgUeLxjFv6O ISowZvNzhvz286pE0kQN4yjw8pI432RBMSM3Nz06zrIe9BtVez4JBgfRhcxM1HMnpTwv DKu5BIff+dpIdi7k1zad7LK5pG9eF84eHtIQM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=S2O5Mq707Xa0DEHAk9RztKap/pcb0rX5ORH0/7nCX1Q=; b=AN/RPndIgGr3BrvTqemXCU0BLPucV/0/uve2tn/lBL3HPaAr/TOYHiP6cFo2adex9z SgNr/cN2gCILjoxAR5BS+Te0rWphY7nHkZTt7v16XkiOT5JRtQkAEAcrZUH83G1G4lYd lNeQR2jmCidudWU1s430Db2My8YojvODAC8oNn0sbTFIFBvA/aMXnwXE10ueWAvslaQD K4mWe5B8B5Lwa4cnvy2ChXK6I5+J9XRSoF3q/Qa+gtk1Cl+Kcrm6y/u4mcI2LloPqIJv imqwFO6tlo0k0JOSQHsdEFBI3WJk8EZOdSHXaA8nzBQ11lGgYv1mzFATBsbmGwuwVMQJ 3cDw== X-Gm-Message-State: AN3rC/6yW4MEQkrZ3/5TkZOJTKxjlBM+lKq2Yzct6Ufj5FkDfwCpFI2S G0M0wpgkMWzLaOV7AiEcfQ== X-Received: by 10.223.151.6 with SMTP id r6mr2611706wrb.189.1492967452126; Sun, 23 Apr 2017 10:10:52 -0700 (PDT) Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk. [217.61.220.45]) by smtp.gmail.com with ESMTPSA id 58sm2803521edz.2.2017.04.23.10.10.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 23 Apr 2017 10:10:51 -0700 (PDT) From: Christoffer Dall To: Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= Subject: [PULL 75/79] KVM: arm/arm64: fix races in kvm_psci_vcpu_on Date: Sun, 23 Apr 2017 19:09:25 +0200 Message-Id: <20170423170929.27334-76-cdall@linaro.org> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170423170929.27334-1-cdall@linaro.org> References: <20170423170929.27334-1-cdall@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170423_133928_368791_A692BAA3 X-CRM114-Status: GOOD ( 10.86 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Christoffer Dall , Andrew Jones , kvm@vger.kernel.org, Marc Zyngier , stable@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andrew Jones Fix potential races in kvm_psci_vcpu_on() by taking the kvm->lock mutex. In general, it's a bad idea to allow more than one PSCI_CPU_ON to process the same target VCPU at the same time. One such problem that may arise is that one PSCI_CPU_ON could be resetting the target vcpu, which fills the entire sys_regs array with a temporary value including the MPIDR register, while another looks up the VCPU based on the MPIDR value, resulting in no target VCPU found. Resolves both races found with the kvm-unit-tests/arm/psci unit test. Reviewed-by: Marc Zyngier Reviewed-by: Christoffer Dall Reported-by: Levente Kurusa Suggested-by: Christoffer Dall Signed-off-by: Andrew Jones Cc: stable@vger.kernel.org Signed-off-by: Christoffer Dall --- arch/arm/kvm/psci.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/arm/kvm/psci.c b/arch/arm/kvm/psci.c index c2b1315..a08d7a9 100644 --- a/arch/arm/kvm/psci.c +++ b/arch/arm/kvm/psci.c @@ -208,9 +208,10 @@ int kvm_psci_version(struct kvm_vcpu *vcpu) static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) { - int ret = 1; + struct kvm *kvm = vcpu->kvm; unsigned long psci_fn = vcpu_get_reg(vcpu, 0) & ~((u32) 0); unsigned long val; + int ret = 1; switch (psci_fn) { case PSCI_0_2_FN_PSCI_VERSION: @@ -230,7 +231,9 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) break; case PSCI_0_2_FN_CPU_ON: case PSCI_0_2_FN64_CPU_ON: + mutex_lock(&kvm->lock); val = kvm_psci_vcpu_on(vcpu); + mutex_unlock(&kvm->lock); break; case PSCI_0_2_FN_AFFINITY_INFO: case PSCI_0_2_FN64_AFFINITY_INFO: @@ -279,6 +282,7 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu) { + struct kvm *kvm = vcpu->kvm; unsigned long psci_fn = vcpu_get_reg(vcpu, 0) & ~((u32) 0); unsigned long val; @@ -288,7 +292,9 @@ static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu) val = PSCI_RET_SUCCESS; break; case KVM_PSCI_FN_CPU_ON: + mutex_lock(&kvm->lock); val = kvm_psci_vcpu_on(vcpu); + mutex_unlock(&kvm->lock); break; default: val = PSCI_RET_NOT_SUPPORTED;