KVM: fix race with level interrupts

When more than 1 source id is in use for the same GSI, we have the following race related to handling irq_states race: CPU 0 clears bit 0. CPU 0 read irq_state as 0. CPU 1 sets level to 1. CPU 1 calls kvm_ioapic_set_irq(1). CPU 0 calls kvm_ioapic_set_irq(0). Now ioapic thinks the level is 0 but irq_state is not 0. Fix by performing all irq_states bitmap handling under pic/ioapic lock. This also removes the need for atomics with irq_states handling. Reported-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
author: Michael S. Tsirkin <mst@redhat.com> 2012-07-19 06:45:20 -0400
committer: Marcelo Tosatti <mtosatti@redhat.com> 2012-07-20 15:12:00 -0400
commit: 1a577b72475d161b6677c05abe57301362023bb2 (patch)
tree: d8a9910f0016ada479c5a88c1a330b5e1cbc7ef1 /arch/x86/include/asm/kvm_host.h
parent: d63d3e6217c49b81d74141b7920bbe5950532432 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index a3e9409e90b6..2c75b400e40c 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -816,7 +816,20 @@ int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
 void kvm_propagate_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault);
 bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl);
-int kvm_pic_set_irq(void *opaque, int irq, int level);
+static inline int __kvm_irq_line_state(unsigned long *irq_state,
+                                       int irq_source_id, int level)
+{
+        /* Logical OR for level trig interrupt */
+        if (level)
+                __set_bit(irq_source_id, irq_state);
+        else
+                __clear_bit(irq_source_id, irq_state);
+        return !!(*irq_state);
+}
+int kvm_pic_set_irq(struct kvm_pic *pic, int irq, int irq_source_id, int level);
+void kvm_pic_clear_all(struct kvm_pic *pic, int irq_source_id);
 void kvm_inject_nmi(struct kvm_vcpu *vcpu);
author	Michael S. Tsirkin <mst@redhat.com>	2012-07-19 06:45:20 -0400
committer	Marcelo Tosatti <mtosatti@redhat.com>	2012-07-20 15:12:00 -0400
commit	1a577b72475d161b6677c05abe57301362023bb2 (patch)
tree	d8a9910f0016ada479c5a88c1a330b5e1cbc7ef1 /arch/x86/include/asm/kvm_host.h
parent	d63d3e6217c49b81d74141b7920bbe5950532432 (diff)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index a3e9409e90b6..2c75b400e40c 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h
@@ -816,7 +816,20 @@ int kvm_read_guest_page_mmu(struct kvm_vcpu vcpu, struct kvm_mmu mmu,
816	void kvm_propagate_fault(struct kvm_vcpu vcpu, struct x86_exception fault);	816	void kvm_propagate_fault(struct kvm_vcpu vcpu, struct x86_exception fault);
817	bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl);	817	bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl);
818		818
819	int kvm_pic_set_irq(void *opaque, int irq, int level);	819	static inline int __kvm_irq_line_state(unsigned long *irq_state,
		820	int irq_source_id, int level)
		821	{
		822	/* Logical OR for level trig interrupt */
		823	if (level)
		824	__set_bit(irq_source_id, irq_state);
		825	else
		826	__clear_bit(irq_source_id, irq_state);
		827
		828	return !!(*irq_state);
		829	}
		830
		831	int kvm_pic_set_irq(struct kvm_pic *pic, int irq, int irq_source_id, int level);
		832	void kvm_pic_clear_all(struct kvm_pic *pic, int irq_source_id);
820		833
821	void kvm_inject_nmi(struct kvm_vcpu *vcpu);	834	void kvm_inject_nmi(struct kvm_vcpu *vcpu);
822		835