From patchwork Fri Apr  7 17:32:41 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andre Przywara <andre.przywara@arm.com>
X-Patchwork-Id: 9670021
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A740D60365 for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  7 Apr 2017 17:33:43 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A3B028446
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  7 Apr 2017 17:33:43 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8EC2628631; Fri,  7 Apr 2017 17:33:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2408628446
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  7 Apr 2017 17:33:43 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1cwXjK-0005o7-N6; Fri, 07 Apr 2017 17:31:26 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <andre.przywara@arm.com>) id 1cwXjJ-0005lB-Me
	for xen-devel@lists.xenproject.org; Fri, 07 Apr 2017 17:31:25 +0000
Received: from [85.158.139.211] by server-15.bemta-5.messagelabs.com id
	DE/F0-01711-CECC7E85; Fri, 07 Apr 2017 17:31:24 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOLMWRWlGSWpSXmKPExsVysyfVTff1mec
	RBv/Wilp83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBm7Wv+xFswSrtjxeyJTA2MnfxcjF4eQwCZG
	iclbpzJBOMsZJZ7MfsjexcjJwSagK7Hj5mtmEFtEIFRizs9HYDazQKXEvw+bmEBsYQFfiWc/H
	jGC2CwCqhJXuu+wgti8AtYSl/d2gM2REJCTaDh/H6yXEyj+9fsWMFtIwEpixcaLjBMYuRcwMq
	xi1ChOLSpLLdI1NNFLKspMzyjJTczM0TU0MNXLTS0uTkxPzUlMKtZLzs/dxAj0MAMQ7GA8e9r
	zEKMkB5OSKK+Cz5MIIb6k/JTKjMTijPii0pzU4kOMMhwcShK8i04/jxASLEpNT61Iy8wBhhpM
	WoKDR0mEdyZImre4IDG3ODMdInWKUVFKnLcRJCEAksgozYNrg4X3JUZZKWFeRqBDhHgKUotyM
	0tQ5V8xinMwKgnzzgGZwpOZVwI3/RXQYiagxT63noIsLklESEk1MC5d38AdeMNVoe3neZWk2Z
	/XtgpuMX4w0S8h4O3/FYvu3Ug3ORSl3LvnS42irOxGj/0tc4pYji00/P1kdu1/z0Pxd7SnPzG
	dcnPZtN0R2Uf27ejt5PyglLI20ef/QkWmW83KtcF7Tmw0Dk9r6i45fuXc4iO6/zyS+7b7GwTH
	b69n8notu/jTTD8lluKMREMt5qLiRADisIkhagIAAA==
X-Env-Sender: andre.przywara@arm.com
X-Msg-Ref: server-16.tower-206.messagelabs.com!1491586282!76602794!1
X-Originating-IP: [217.140.101.70]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 9.4.12; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 36881 invoked from network); 7 Apr 2017 17:31:23 -0000
Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70)
	by server-16.tower-206.messagelabs.com with SMTP;
	7 Apr 2017 17:31:23 -0000
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9215A80D;
	Fri,  7 Apr 2017 10:31:22 -0700 (PDT)
Received: from e104803-lin.lan (unknown [10.1.207.46])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
	8D2FF3F3E1; Fri,  7 Apr 2017 10:31:21 -0700 (PDT)
From: Andre Przywara <andre.przywara@arm.com>
To: Stefano Stabellini <sstabellini@kernel.org>,
	Julien Grall <julien.grall@arm.com>
Date: Fri,  7 Apr 2017 18:32:41 +0100
Message-Id: <20170407173307.9788-11-andre.przywara@arm.com>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170407173307.9788-1-andre.przywara@arm.com>
References: <20170407173307.9788-1-andre.przywara@arm.com>
Cc: xen-devel@lists.xenproject.org, Vijay Kilari <vijay.kilari@gmail.com>,
	Shanker Donthineni <shankerd@codeaurora.org>
Subject: [Xen-devel] [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer
	pending_irq's
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

For LPIs the struct pending_irq's are somewhat dynamically allocated and
the pointers are stored in a radix tree. While I convinced myself that
an invalid LPI number can't make it into the core code, people might be
concerned about NULL pointer dereferences.
So add checks in some places just to be on the safe side.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
 xen/arch/arm/gic.c  | 23 +++++++++++++++++++++++
 xen/arch/arm/vgic.c |  4 ++++
 2 files changed, 27 insertions(+)

diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index da19130..44c34b1 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -405,6 +405,13 @@ void gic_remove_from_queues(struct vcpu *v, unsigned int virtual_irq)
     struct pending_irq *p = irq_to_pending(v, virtual_irq);
     unsigned long flags;
 
+    /*
+     * If an LPIs has been removed meanwhile, it has been cleaned up
+     * already, so nothing to remove here.
+     */
+    if ( !p )
+        return;
+
     spin_lock_irqsave(&v->arch.vgic.lock, flags);
     if ( !list_empty(&p->lr_queue) )
         list_del_init(&p->lr_queue);
@@ -415,6 +422,10 @@ void gic_raise_inflight_irq(struct vcpu *v, unsigned int virtual_irq)
 {
     struct pending_irq *n = irq_to_pending(v, virtual_irq);
 
+    /* If an LPI has been removed meanwhile, there is nothing left to raise. */
+    if ( !n )
+        return;
+
     ASSERT(spin_is_locked(&v->arch.vgic.lock));
 
     if ( list_empty(&n->lr_queue) )
@@ -461,7 +472,19 @@ static void gic_update_one_lr(struct vcpu *v, int i)
 
     gic_hw_ops->read_lr(i, &lr_val);
     irq = lr_val.virq;
+
     p = irq_to_pending(v, irq);
+    /* An LPI might have been unmapped, in which case we just clean up here. */
+    if ( !p )
+    {
+        ASSERT(is_lpi(irq));
+
+        gic_hw_ops->clear_lr(i);
+        clear_bit(i, &this_cpu(lr_mask));
+
+        return;
+    }
+
     if ( lr_val.state & GICH_LR_ACTIVE )
     {
         set_bit(GIC_IRQ_GUEST_ACTIVE, &p->status);
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 83569b0..b7ee105 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -470,6 +470,10 @@ void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq)
     unsigned long flags;
     bool running;
 
+    /* If an LPI has been removed, there is nothing to inject here. */
+    if ( !n )
+        return;
+
     priority = vgic_get_virq_priority(v, virq);
 
     spin_lock_irqsave(&v->arch.vgic.lock, flags);