From patchwork Fri Apr  7 22:08:02 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andre Przywara <andre.przywara@arm.com>
X-Patchwork-Id: 9670585
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	AF10C60365 for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  7 Apr 2017 22:12:45 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A11212860E
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  7 Apr 2017 22:12:45 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 95F8128647; Fri,  7 Apr 2017 22:12:45 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4624E28645
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  7 Apr 2017 22:12:45 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1cwc55-0008Ru-2p; Fri, 07 Apr 2017 22:10:11 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <andre.przywara@arm.com>) id 1cwc54-0008Qm-9l
	for xen-devel@lists.xenproject.org; Fri, 07 Apr 2017 22:10:10 +0000
Received: from [193.109.254.147] by server-3.bemta-6.messagelabs.com id
	B5/3C-27751-14E08E85; Fri, 07 Apr 2017 22:10:09 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrKLMWRWlGSWpSXmKPExsVysyfVTdeR70W
	Ewe0P7Bbft0xmcmD0OPzhCksAYxRrZl5SfkUCa0ZL2wfWglnCFf8vCTcwdvJ3MXJxCAlsYpQ4
	dWwmE4Szl1GiYf4x1i5GTg42AV2JHTdfM4PYIgKhEnN+PmIGKWIWWMMo0f7pKViRsICvxIlNJ
	xhBbBYBVYkpfVvYQGxeAXeJXU0bgGwODgkBOYkr/xJAwpxA4UNTloGVCAm4SdxoX8UygZF7AS
	PDKkb14tSistQiXVO9pKLM9IyS3MTMHF1DAzO93NTi4sT01JzEpGK95PzcTYxA7zIAwQ7G6Zf
	9DzFKcjApifIq+DyJEOJLyk+pzEgszogvKs1JLT7EKMPBoSTB+57nRYSQYFFqempFWmYOMMxg
	0hIcPEoivIkgad7igsTc4sx0iNQpRkUpcd5zIAkBkERGaR5cGyy0LzHKSgnzMgIdIsRTkFqUm
	1mCKv+KUZyDUUmYV4QXaApPZl4J3PRXQIuZgBb73HoKsrgkESEl1cA4L2iVhZzH7Zx+2ePcP7
	g/nl+3g/2TpkJl/NsdJcIq84ubv/b+VVjQvYpHdWn1q31RBWxLl51WD9Sx/PKwdf6ZvUvzd5m
	cYG+8xiXJJaXgwft9r4kNV82F+ruZMXNlRZ/YCu3xT10Rs4XzcuY8Pb5X3Ms+1vLPeiHCUZu9
	Z238Cpevhi6vY1cqsRRnJBpqMRcVJwIAyiToe2gCAAA=
X-Env-Sender: andre.przywara@arm.com
X-Msg-Ref: server-8.tower-27.messagelabs.com!1491603008!86043201!1
X-Originating-IP: [217.140.101.70]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 9.4.12; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 45716 invoked from network); 7 Apr 2017 22:10:08 -0000
Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70)
	by server-8.tower-27.messagelabs.com with SMTP;
	7 Apr 2017 22:10:08 -0000
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6A943B16;
	Fri,  7 Apr 2017 15:10:08 -0700 (PDT)
Received: from slackpad.lan (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
	C60453F3E1; Fri,  7 Apr 2017 15:10:06 -0700 (PDT)
From: Andre Przywara <andre.przywara@arm.com>
To: Stefano Stabellini <sstabellini@kernel.org>,
	Julien Grall <julien.grall@arm.com>
Date: Fri,  7 Apr 2017 23:08:02 +0100
Message-Id: <1491602906-10587-11-git-send-email-andre.przywara@arm.com>
X-Mailer: git-send-email 2.8.2
In-Reply-To: <1491602906-10587-1-git-send-email-andre.przywara@arm.com>
References: <1491602906-10587-1-git-send-email-andre.przywara@arm.com>
Cc: xen-devel@lists.xenproject.org,
	Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>,
	Vijay Kilari <vijay.kilari@gmail.com>,
	Shanker Donthineni <shankerd@codeaurora.org>
Subject: [Xen-devel] [PATCH v7 10/34] ARM: GIC: Add checks for NULL pointer
	pending_irq's
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

For LPIs the struct pending_irq's are somewhat dynamically allocated and
the pointers are stored in a radix tree. While I convinced myself that
an invalid LPI number can't make it into the core code, people might be
concerned about NULL pointer dereferences.
So add checks in some places just to be on the safe side.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
 xen/arch/arm/gic.c  | 23 +++++++++++++++++++++++
 xen/arch/arm/vgic.c |  4 ++++
 2 files changed, 27 insertions(+)

diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index da19130..44c34b1 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -405,6 +405,13 @@ void gic_remove_from_queues(struct vcpu *v, unsigned int virtual_irq)
     struct pending_irq *p = irq_to_pending(v, virtual_irq);
     unsigned long flags;
 
+    /*
+     * If an LPIs has been removed meanwhile, it has been cleaned up
+     * already, so nothing to remove here.
+     */
+    if ( !p )
+        return;
+
     spin_lock_irqsave(&v->arch.vgic.lock, flags);
     if ( !list_empty(&p->lr_queue) )
         list_del_init(&p->lr_queue);
@@ -415,6 +422,10 @@ void gic_raise_inflight_irq(struct vcpu *v, unsigned int virtual_irq)
 {
     struct pending_irq *n = irq_to_pending(v, virtual_irq);
 
+    /* If an LPI has been removed meanwhile, there is nothing left to raise. */
+    if ( !n )
+        return;
+
     ASSERT(spin_is_locked(&v->arch.vgic.lock));
 
     if ( list_empty(&n->lr_queue) )
@@ -461,7 +472,19 @@ static void gic_update_one_lr(struct vcpu *v, int i)
 
     gic_hw_ops->read_lr(i, &lr_val);
     irq = lr_val.virq;
+
     p = irq_to_pending(v, irq);
+    /* An LPI might have been unmapped, in which case we just clean up here. */
+    if ( !p )
+    {
+        ASSERT(is_lpi(irq));
+
+        gic_hw_ops->clear_lr(i);
+        clear_bit(i, &this_cpu(lr_mask));
+
+        return;
+    }
+
     if ( lr_val.state & GICH_LR_ACTIVE )
     {
         set_bit(GIC_IRQ_GUEST_ACTIVE, &p->status);
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 83569b0..b7ee105 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -470,6 +470,10 @@ void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq)
     unsigned long flags;
     bool running;
 
+    /* If an LPI has been removed, there is nothing to inject here. */
+    if ( !n )
+        return;
+
     priority = vgic_get_virq_priority(v, virq);
 
     spin_lock_irqsave(&v->arch.vgic.lock, flags);