From: Marc Zyngier <marc.zyngier@arm.com>
To: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org
Cc: Andre Przywara <Andre.Przywara@arm.com>
Subject: [PATCH v4 27/26] KVM: arm/arm64: GICv4: Prevent userspace from changing doorbell affinity
Date: Thu, 19 Oct 2017 16:48:35 +0100 [thread overview]
Message-ID: <20171019154835.17942-1-marc.zyngier@arm.com> (raw)
In-Reply-To: <20171006153401.5481-1-marc.zyngier@arm.com>
We so far allocate the doorbell interrupts without taking any
special measure regarding the affinity of these interrupts. We
simply move them around as required when the vcpu gets scheduled
on a different CPU.
But that's counting without userspace (and the evil irqbalance) that
can try and move the VPE interrupt around, causing the ITS code
to emit VMOVP commands and remap the doorbell to another redistributor.
Worse, this can happen while the vcpu is running, causing all kind
of trouble if the VPE is already resident, and we end-up in UNPRED
territory.
So let's take a definitive action and prevent userspace from messing
with us. This is just a matter of adding IRQ_NO_BALANCING to the
set of flags we already have, letting the kernel in sole control
of the affinity.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
virt/kvm/arm/vgic/vgic-v4.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
This extra patch goes on top of the current GICv4 patches, and is hence
being posted with a weird sequence number...
diff --git a/virt/kvm/arm/vgic/vgic-v4.c b/virt/kvm/arm/vgic/vgic-v4.c
index b87806fea554..c3dbab714328 100644
--- a/virt/kvm/arm/vgic/vgic-v4.c
+++ b/virt/kvm/arm/vgic/vgic-v4.c
@@ -89,6 +89,8 @@
* reason), the doorbell interrupt is disabled.
*/
+#define DB_IRQ_FLAGS (IRQ_NOAUTOEN | IRQ_DISABLE_UNLAZY | IRQ_NO_BALANCING)
+
static irqreturn_t vgic_v4_doorbell_handler(int irq, void *info)
{
struct kvm_vcpu *vcpu = info;
@@ -149,7 +151,7 @@ int vgic_v4_init(struct kvm *kvm)
* doorbell could kick us out of the guest too
* early...
*/
- irq_set_status_flags(irq, IRQ_NOAUTOEN | IRQ_DISABLE_UNLAZY);
+ irq_set_status_flags(irq, DB_IRQ_FLAGS);
ret = request_irq(irq, vgic_v4_doorbell_handler,
0, "vcpu", vcpu);
if (ret) {
@@ -187,7 +189,7 @@ void vgic_v4_teardown(struct kvm *kvm)
struct kvm_vcpu *vcpu = kvm_get_vcpu(kvm, i);
int irq = its_vm->vpes[i]->irq;
- irq_clear_status_flags(irq, IRQ_NOAUTOEN | IRQ_DISABLE_UNLAZY);
+ irq_clear_status_flags(irq, DB_IRQ_FLAGS);
free_irq(irq, vcpu);
}
--
2.14.1
WARNING: multiple messages have this Message-ID (diff)
From: marc.zyngier@arm.com (Marc Zyngier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 27/26] KVM: arm/arm64: GICv4: Prevent userspace from changing doorbell affinity
Date: Thu, 19 Oct 2017 16:48:35 +0100 [thread overview]
Message-ID: <20171019154835.17942-1-marc.zyngier@arm.com> (raw)
In-Reply-To: <20171006153401.5481-1-marc.zyngier@arm.com>
We so far allocate the doorbell interrupts without taking any
special measure regarding the affinity of these interrupts. We
simply move them around as required when the vcpu gets scheduled
on a different CPU.
But that's counting without userspace (and the evil irqbalance) that
can try and move the VPE interrupt around, causing the ITS code
to emit VMOVP commands and remap the doorbell to another redistributor.
Worse, this can happen while the vcpu is running, causing all kind
of trouble if the VPE is already resident, and we end-up in UNPRED
territory.
So let's take a definitive action and prevent userspace from messing
with us. This is just a matter of adding IRQ_NO_BALANCING to the
set of flags we already have, letting the kernel in sole control
of the affinity.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
virt/kvm/arm/vgic/vgic-v4.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
This extra patch goes on top of the current GICv4 patches, and is hence
being posted with a weird sequence number...
diff --git a/virt/kvm/arm/vgic/vgic-v4.c b/virt/kvm/arm/vgic/vgic-v4.c
index b87806fea554..c3dbab714328 100644
--- a/virt/kvm/arm/vgic/vgic-v4.c
+++ b/virt/kvm/arm/vgic/vgic-v4.c
@@ -89,6 +89,8 @@
* reason), the doorbell interrupt is disabled.
*/
+#define DB_IRQ_FLAGS (IRQ_NOAUTOEN | IRQ_DISABLE_UNLAZY | IRQ_NO_BALANCING)
+
static irqreturn_t vgic_v4_doorbell_handler(int irq, void *info)
{
struct kvm_vcpu *vcpu = info;
@@ -149,7 +151,7 @@ int vgic_v4_init(struct kvm *kvm)
* doorbell could kick us out of the guest too
* early...
*/
- irq_set_status_flags(irq, IRQ_NOAUTOEN | IRQ_DISABLE_UNLAZY);
+ irq_set_status_flags(irq, DB_IRQ_FLAGS);
ret = request_irq(irq, vgic_v4_doorbell_handler,
0, "vcpu", vcpu);
if (ret) {
@@ -187,7 +189,7 @@ void vgic_v4_teardown(struct kvm *kvm)
struct kvm_vcpu *vcpu = kvm_get_vcpu(kvm, i);
int irq = its_vm->vpes[i]->irq;
- irq_clear_status_flags(irq, IRQ_NOAUTOEN | IRQ_DISABLE_UNLAZY);
+ irq_clear_status_flags(irq, DB_IRQ_FLAGS);
free_irq(irq, vcpu);
}
--
2.14.1
next prev parent reply other threads:[~2017-10-19 15:48 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-06 15:33 [PATCH v4 00/26] KVM/ARM: Add support for GICv4 Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 01/26] KVM: arm/arm64: register irq bypass consumer on ARM/ARM64 Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 02/26] KVM: arm/arm64: vgic: restructure kvm_vgic_(un)map_phys_irq Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 14:44 ` Christoffer Dall
2017-10-25 14:44 ` Christoffer Dall
2017-10-26 13:05 ` Marc Zyngier
2017-10-26 13:05 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 03/26] KVM: arm: Select ARM_GIC_V3 and ARM_GIC_V3_ITS Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 04/26] KVM: arm/arm64: vgic: Move kvm_vgic_destroy call around Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 05/26] KVM: arm/arm64: vITS: Add MSI translation helpers Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 06/26] KVM: arm/arm64: vITS: Add a helper to update the affinity of an LPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 14:50 ` Christoffer Dall
2017-10-25 14:50 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 07/26] KVM: arm/arm64: GICv4: Add property field and per-VM predicate Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 14:54 ` Christoffer Dall
2017-10-25 14:54 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 08/26] KVM: arm/arm64: GICv4: Add init/teardown of the per-VM vPE irq domain Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 15:46 ` Christoffer Dall
2017-10-25 15:46 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 09/26] KVM: arm/arm64: GICv4: Wire mapping/unmapping of VLPIs in VFIO irq bypass Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 15:58 ` Christoffer Dall
2017-10-25 15:58 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 10/26] KVM: arm/arm64: GICv4: Handle INT command applied to a VLPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 11/26] KVM: arm/arm64: GICv4: Unmap VLPI when freeing an LPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 12/26] KVM: arm/arm64: GICv4: Propagate affinity changes to the physical ITS Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 16:22 ` Christoffer Dall
2017-10-25 16:22 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 13/26] KVM: arm/arm64: GICv4: Handle CLEAR applied to a VLPI Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 14/26] KVM: arm/arm64: GICv4: Handle MOVALL applied to a vPE Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 16:27 ` Christoffer Dall
2017-10-25 16:27 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 15/26] KVM: arm/arm64: GICv4: Propagate property updates to VLPIs Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 16/26] KVM: arm/arm64: GICv4: Handle INVALL applied to a vPE Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 17/26] KVM: arm/arm64: GICv4: Propagate VLPI properties at map time Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-25 16:48 ` Christoffer Dall
2017-10-25 16:48 ` Christoffer Dall
2017-10-25 17:01 ` Marc Zyngier
2017-10-25 17:01 ` Marc Zyngier
2017-10-26 8:21 ` Marc Zyngier
2017-10-26 8:21 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 18/26] KVM: arm/arm64: GICv4: Use pending_last as a scheduling hint Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 19/26] KVM: arm/arm64: GICv4: Add doorbell interrupt handling Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-26 14:28 ` Christoffer Dall
2017-10-26 14:28 ` Christoffer Dall
2017-10-26 15:25 ` Christoffer Dall
2017-10-26 15:25 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 20/26] KVM: arm/arm64: GICv4: Use the doorbell interrupt as an unblocking source Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 21/26] KVM: arm/arm64: GICv4: Hook vPE scheduling into vgic flush/sync Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-26 15:24 ` Christoffer Dall
2017-10-26 15:24 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 22/26] KVM: arm/arm64: GICv4: Enable virtual cpuif if VLPIs can be delivered Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:33 ` [PATCH v4 23/26] KVM: arm/arm64: GICv4: Prevent a VM using GICv4 from being saved Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-26 15:28 ` Christoffer Dall
2017-10-26 15:28 ` Christoffer Dall
2017-10-27 13:56 ` Marc Zyngier
2017-10-27 13:56 ` Marc Zyngier
2017-10-30 6:48 ` Christoffer Dall
2017-10-30 6:48 ` Christoffer Dall
2017-10-06 15:33 ` [PATCH v4 24/26] KVM: arm/arm64: GICv4: Enable VLPI support Marc Zyngier
2017-10-06 15:33 ` Marc Zyngier
2017-10-06 15:34 ` [PATCH v4 25/26] KVM: arm/arm64: GICv4: Prevent heterogenous systems from using GICv4 Marc Zyngier
2017-10-06 15:34 ` Marc Zyngier
2017-10-26 15:31 ` Christoffer Dall
2017-10-26 15:31 ` Christoffer Dall
2017-10-26 15:48 ` Mark Rutland
2017-10-26 15:48 ` Mark Rutland
2017-10-27 6:57 ` Marc Zyngier
2017-10-27 6:57 ` Marc Zyngier
2017-10-27 6:57 ` Marc Zyngier
2017-10-27 7:37 ` Mark Rutland
2017-10-27 7:37 ` Mark Rutland
2017-10-27 7:59 ` Marc Zyngier
2017-10-27 7:59 ` Marc Zyngier
2017-10-27 7:59 ` Marc Zyngier
2017-10-27 8:04 ` Mark Rutland
2017-10-27 8:04 ` Mark Rutland
2017-10-27 8:31 ` Marc Zyngier
2017-10-27 8:31 ` Marc Zyngier
2017-10-27 8:31 ` Marc Zyngier
2017-10-29 2:16 ` Christoffer Dall
2017-10-29 2:16 ` Christoffer Dall
2017-10-06 15:34 ` [PATCH v4 26/26] KVM: arm/arm64: GICv4: Theory of operations Marc Zyngier
2017-10-06 15:34 ` Marc Zyngier
2017-10-26 15:32 ` Christoffer Dall
2017-10-26 15:32 ` Christoffer Dall
2017-10-08 16:45 ` [PATCH v4 00/26] KVM/ARM: Add support for GICv4 Shanker Donthineni
2017-10-08 16:45 ` Shanker Donthineni
2017-10-09 17:52 ` Konrad Rzeszutek Wilk
2017-10-09 17:52 ` Konrad Rzeszutek Wilk
2017-10-09 18:02 ` Marc Zyngier
2017-10-09 18:02 ` Marc Zyngier
2017-10-19 15:48 ` Marc Zyngier [this message]
2017-10-19 15:48 ` [PATCH v4 27/26] KVM: arm/arm64: GICv4: Prevent userspace from changing doorbell affinity Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171019154835.17942-1-marc.zyngier@arm.com \
--to=marc.zyngier@arm.com \
--cc=Andre.Przywara@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.