KVM: arm64: check for ITS device on MSI injection

When userspace provides the doorbell address for an MSI to be injected into the guest, we find a KVM device which feels responsible. Lets check that this device is really an emulated ITS before we make real use of the container_of-ed pointer. [ Moved NULL-pointer check to caller of static function - Christoffer ] Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org> Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
author: Andre Przywara <andre.przywara@arm.com> 2016-08-09 05:54:29 -0400
committer: Christoffer Dall <christoffer.dall@linaro.org> 2016-08-15 17:00:22 -0400
commit: 505a19eec49ab36b314a05bc062749ebdfb0aa90 (patch)
tree: e33e93567ccb3da6236f281a892915fcf622b496
parent: c7735769d5dd79afb07254532fabd9ccbd85b1fa (diff)
1 files changed, 19 insertions, 2 deletions
diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
index 1cf9f598c72a..9533080b47d3 100644
--- a/virt/kvm/arm/vgic/vgic-its.c
+++ b/virt/kvm/arm/vgic/vgic-its.c
@@ -471,6 +471,21 @@ static int vgic_its_trigger_msi(struct kvm *kvm, struct vgic_its *its,
        return 0;
 }
+static struct vgic_io_device *vgic_get_its_iodev(struct kvm_io_device *dev)
+{
+        struct vgic_io_device *iodev;
+        if (dev->ops != &kvm_io_gic_ops)
+                return NULL;
+        iodev = container_of(dev, struct vgic_io_device, dev);
+        if (iodev->iodev_type != IODEV_ITS)
+                return NULL;
+        return iodev;
+}
 /*
 * Queries the KVM IO bus framework to get the ITS pointer from the given
 * doorbell address.
@@ -494,9 +509,11 @@ int vgic_its_inject_msi(struct kvm *kvm, struct kvm_msi *msi)
        kvm_io_dev = kvm_io_bus_get_dev(kvm, KVM_MMIO_BUS, address);
        if (!kvm_io_dev)
-                return -ENODEV;
+                return -EINVAL;
-        iodev = container_of(kvm_io_dev, struct vgic_io_device, dev);
+        iodev = vgic_get_its_iodev(kvm_io_dev);
+        if (!iodev)
+                return -EINVAL;
        mutex_lock(&iodev->its->its_lock);
        ret = vgic_its_trigger_msi(kvm, iodev->its, msi->devid, msi->data);
author	Andre Przywara <andre.przywara@arm.com>	2016-08-09 05:54:29 -0400
committer	Christoffer Dall <christoffer.dall@linaro.org>	2016-08-15 17:00:22 -0400
commit	505a19eec49ab36b314a05bc062749ebdfb0aa90 (patch)
tree	e33e93567ccb3da6236f281a892915fcf622b496
parent	c7735769d5dd79afb07254532fabd9ccbd85b1fa (diff)

diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index 1cf9f598c72a..9533080b47d3 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c
@@ -471,6 +471,21 @@ static int vgic_its_trigger_msi(struct kvm kvm, struct vgic_its its,
471	return 0;	471	return 0;
472	}	472	}
473		473
		474	static struct vgic_io_device vgic_get_its_iodev(struct kvm_io_device dev)
		475	{
		476	struct vgic_io_device *iodev;
		477
		478	if (dev->ops != &kvm_io_gic_ops)
		479	return NULL;
		480
		481	iodev = container_of(dev, struct vgic_io_device, dev);
		482
		483	if (iodev->iodev_type != IODEV_ITS)
		484	return NULL;
		485
		486	return iodev;
		487	}
		488
474	/*	489	/*
475	* Queries the KVM IO bus framework to get the ITS pointer from the given	490	* Queries the KVM IO bus framework to get the ITS pointer from the given
476	* doorbell address.	491	* doorbell address.
@@ -494,9 +509,11 @@ int vgic_its_inject_msi(struct kvm kvm, struct kvm_msi msi)
494		509
495	kvm_io_dev = kvm_io_bus_get_dev(kvm, KVM_MMIO_BUS, address);	510	kvm_io_dev = kvm_io_bus_get_dev(kvm, KVM_MMIO_BUS, address);
496	if (!kvm_io_dev)	511	if (!kvm_io_dev)
497	return -ENODEV;	512	return -EINVAL;
498		513
499	iodev = container_of(kvm_io_dev, struct vgic_io_device, dev);	514	iodev = vgic_get_its_iodev(kvm_io_dev);
		515	if (!iodev)
		516	return -EINVAL;
500		517
501	mutex_lock(&iodev->its->its_lock);	518	mutex_lock(&iodev->its->its_lock);
502	ret = vgic_its_trigger_msi(kvm, iodev->its, msi->devid, msi->data);	519	ret = vgic_its_trigger_msi(kvm, iodev->its, msi->devid, msi->data);