PPC: Fix race in mtmsr paravirt implementation

The current implementation of mtmsr and mtmsrd are racy in that it does:

  * check (int_pending == 0)
  ---> host sets int_pending = 1 <---
  * write shared page
  * done

while instead we should check for int_pending after the shared page is written.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Avi Kivity <avi@redhat.com>

1 files changed, 4 insertions, 6 deletions

diff --git a/arch/powerpc/kernel/kvm_emul.S b/arch/powerpc/kernel/kvm_emul.S
index f2b1b2523e61..3d64c5704fd5 100644
--- a/arch/powerpc/kernel/kvm_emul.S
+++ b/arch/powerpc/kernel/kvm_emul.S
@@ -167,6 +167,9 @@ maybe_stay_in_guest:
 kvm_emulate_mtmsr_reg2:
         ori     r30, r0, 0
 
+        /* Put MSR into magic page because we don't call mtmsr */
+        STL64(r30, KVM_MAGIC_PAGE + KVM_MAGIC_MSR, 0)
+
         /* Check if we have to fetch an interrupt */
         lwz     r31, (KVM_MAGIC_PAGE + KVM_MAGIC_INT)(0)
         cmpwi   r31, 0
@@ -174,15 +177,10 @@ kvm_emulate_mtmsr_reg2:
 
         /* Check if we may trigger an interrupt */
         andi.   r31, r30, MSR_EE
-        beq     no_mtmsr
-
-        b       do_mtmsr
+        bne     do_mtmsr
 
 no_mtmsr:
 
-        /* Put MSR into magic page because we don't call mtmsr */
-        STL64(r30, KVM_MAGIC_PAGE + KVM_MAGIC_MSR, 0)
-
         SCRATCH_RESTORE
 
         /* Go back to caller */