[Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Nitesh Narayan Lal]

Previously all fields of structure kvm_lapic_irq were not initialized
before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
an issue when any of those fields are used for processing a request.
For example not initializing the msi_redir_hint field before passing
to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
kvm_apic_map_get_dest_lapic(). This will specifically happen when the
kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
value of msi_redir_hint, which should not happen as the request belongs
to APIC fixed delivery mode and we do not want to deliver the
interrupt only to the lowest priority candidate.

This patch initializes all the fields of kvm_lapic_irq based on the
values of ioapic redirect_entry object before passing it on to
kvm_bitmap_or_dest_vcpus().

Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
---
 arch/x86/kvm/ioapic.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
index 7668fed..3a8467d 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
 		if (e->fields.delivery_mode == APIC_DM_FIXED) {
 			struct kvm_lapic_irq irq;
 
-			irq.shorthand = APIC_DEST_NOSHORT;
 			irq.vector = e->fields.vector;
 			irq.delivery_mode = e->fields.delivery_mode << 8;
-			irq.dest_id = e->fields.dest_id;
 			irq.dest_mode =
 			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
+			irq.level = 1;
+			irq.trig_mode = e->fields.trig_mode;
+			irq.shorthand = APIC_DEST_NOSHORT;
+			irq.dest_id = e->fields.dest_id;
+			irq.msi_redir_hint = false;
 			bitmap_zero(&vcpu_bitmap, 16);
 			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
 						 &vcpu_bitmap);
-- 
1.8.3.1

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Vitaly Kuznetsov]

Nitesh Narayan Lal <nitesh@redhat.com> writes:

> Previously all fields of structure kvm_lapic_irq were not initialized
> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
> an issue when any of those fields are used for processing a request.
> For example not initializing the msi_redir_hint field before passing
> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
> value of msi_redir_hint, which should not happen as the request belongs
> to APIC fixed delivery mode and we do not want to deliver the
> interrupt only to the lowest priority candidate.
>
> This patch initializes all the fields of kvm_lapic_irq based on the
> values of ioapic redirect_entry object before passing it on to
> kvm_bitmap_or_dest_vcpus().
>
> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
> ---
>  arch/x86/kvm/ioapic.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
> index 7668fed..3a8467d 100644
> --- a/arch/x86/kvm/ioapic.c
> +++ b/arch/x86/kvm/ioapic.c
> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>  			struct kvm_lapic_irq irq;
>  
> -			irq.shorthand = APIC_DEST_NOSHORT;
>  			irq.vector = e->fields.vector;
>  			irq.delivery_mode = e->fields.delivery_mode << 8;
> -			irq.dest_id = e->fields.dest_id;
>  			irq.dest_mode =
>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
> +			irq.level = 1;

'level' is bool in struct kvm_lapic_irq but other than that, is there a
reason we set it to 'true' here? I understand that any particular
setting is likely better than random and it should actually not be used
without setting it first but still?

> +			irq.trig_mode = e->fields.trig_mode;
> +			irq.shorthand = APIC_DEST_NOSHORT;
> +			irq.dest_id = e->fields.dest_id;
> +			irq.msi_redir_hint = false;
>  			bitmap_zero(&vcpu_bitmap, 16);
>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>  						 &vcpu_bitmap);

-- 
Vitaly

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Nitesh Narayan Lal]

[-- Attachment #1.1: Type: text/plain, Size: 2610 bytes --]


On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>
>> Previously all fields of structure kvm_lapic_irq were not initialized
>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>> an issue when any of those fields are used for processing a request.
>> For example not initializing the msi_redir_hint field before passing
>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>> value of msi_redir_hint, which should not happen as the request belongs
>> to APIC fixed delivery mode and we do not want to deliver the
>> interrupt only to the lowest priority candidate.
>>
>> This patch initializes all the fields of kvm_lapic_irq based on the
>> values of ioapic redirect_entry object before passing it on to
>> kvm_bitmap_or_dest_vcpus().
>>
>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>> ---
>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>> index 7668fed..3a8467d 100644
>> --- a/arch/x86/kvm/ioapic.c
>> +++ b/arch/x86/kvm/ioapic.c
>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>  			struct kvm_lapic_irq irq;
>>  
>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>  			irq.vector = e->fields.vector;
>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>> -			irq.dest_id = e->fields.dest_id;
>>  			irq.dest_mode =
>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>> +			irq.level = 1;
> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
> reason we set it to 'true' here? I understand that any particular
> setting is likely better than random

Yes, that is the only reason which I had in my mind while doing this change.
I was not particularly sure about the value, so I copied what ioapic_serivce()
is doing.

>  and it should actually not be used
> without setting it first but still?
>
>> +			irq.trig_mode = e->fields.trig_mode;
>> +			irq.shorthand = APIC_DEST_NOSHORT;
>> +			irq.dest_id = e->fields.dest_id;
>> +			irq.msi_redir_hint = false;
>>  			bitmap_zero(&vcpu_bitmap, 16);
>>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>>  						 &vcpu_bitmap);
-- 
Thanks
Nitesh


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Nitesh Narayan Lal]

[-- Attachment #1.1: Type: text/plain, Size: 2755 bytes --]


On 3/13/20 9:38 AM, Nitesh Narayan Lal wrote:
> On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>
>>> Previously all fields of structure kvm_lapic_irq were not initialized
>>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>>> an issue when any of those fields are used for processing a request.
>>> For example not initializing the msi_redir_hint field before passing
>>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>>> value of msi_redir_hint, which should not happen as the request belongs
>>> to APIC fixed delivery mode and we do not want to deliver the
>>> interrupt only to the lowest priority candidate.
>>>
>>> This patch initializes all the fields of kvm_lapic_irq based on the
>>> values of ioapic redirect_entry object before passing it on to
>>> kvm_bitmap_or_dest_vcpus().
>>>
>>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>>> ---
>>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>>> index 7668fed..3a8467d 100644
>>> --- a/arch/x86/kvm/ioapic.c
>>> +++ b/arch/x86/kvm/ioapic.c
>>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>>  			struct kvm_lapic_irq irq;
>>>  
>>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>>  			irq.vector = e->fields.vector;
>>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>>> -			irq.dest_id = e->fields.dest_id;
>>>  			irq.dest_mode =
>>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>>> +			irq.level = 1;
>> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
>> reason we set it to 'true' here? I understand that any particular
>> setting is likely better than random
> Yes, that is the only reason which I had in my mind while doing this change.
> I was not particularly sure about the value, so I copied what ioapic_serivce()
> is doing.

Do you think I should skip setting this here?

>>  and it should actually not be used
>> without setting it first but still?
>>
>>> +			irq.trig_mode = e->fields.trig_mode;
>>> +			irq.shorthand = APIC_DEST_NOSHORT;
>>> +			irq.dest_id = e->fields.dest_id;
>>> +			irq.msi_redir_hint = false;
>>>  			bitmap_zero(&vcpu_bitmap, 16);
>>>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>>>  						 &vcpu_bitmap);
-- 
Nitesh


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Vitaly Kuznetsov]

Nitesh Narayan Lal <nitesh@redhat.com> writes:

> On 3/13/20 9:38 AM, Nitesh Narayan Lal wrote:
>> On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>
>>>> Previously all fields of structure kvm_lapic_irq were not initialized
>>>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>>>> an issue when any of those fields are used for processing a request.
>>>> For example not initializing the msi_redir_hint field before passing
>>>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>>>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>>>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>>>> value of msi_redir_hint, which should not happen as the request belongs
>>>> to APIC fixed delivery mode and we do not want to deliver the
>>>> interrupt only to the lowest priority candidate.
>>>>
>>>> This patch initializes all the fields of kvm_lapic_irq based on the
>>>> values of ioapic redirect_entry object before passing it on to
>>>> kvm_bitmap_or_dest_vcpus().
>>>>
>>>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>>>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>>>> ---
>>>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>>>> index 7668fed..3a8467d 100644
>>>> --- a/arch/x86/kvm/ioapic.c
>>>> +++ b/arch/x86/kvm/ioapic.c
>>>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>>>  			struct kvm_lapic_irq irq;
>>>>  
>>>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>>>  			irq.vector = e->fields.vector;
>>>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>>>> -			irq.dest_id = e->fields.dest_id;
>>>>  			irq.dest_mode =
>>>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>>>> +			irq.level = 1;
>>> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
>>> reason we set it to 'true' here? I understand that any particular
>>> setting is likely better than random
>> Yes, that is the only reason which I had in my mind while doing this change.
>> I was not particularly sure about the value, so I copied what ioapic_serivce()
>> is doing.
>
> Do you think I should skip setting this here?
>

Personally, i'd initialize it to 'false': usualy, if something is not
properly initialized it's either 0 or garbage)

>>>  and it should actually not be used
>>> without setting it first but still?
>>>
>>>> +			irq.trig_mode = e->fields.trig_mode;
>>>> +			irq.shorthand = APIC_DEST_NOSHORT;
>>>> +			irq.dest_id = e->fields.dest_id;
>>>> +			irq.msi_redir_hint = false;
>>>>  			bitmap_zero(&vcpu_bitmap, 16);
>>>>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>>>>  						 &vcpu_bitmap);

-- 
Vitaly

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Nitesh Narayan Lal]

[-- Attachment #1.1: Type: text/plain, Size: 3224 bytes --]


On 3/13/20 12:18 PM, Vitaly Kuznetsov wrote:
> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>
>> On 3/13/20 9:38 AM, Nitesh Narayan Lal wrote:
>>> On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
>>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>>
>>>>> Previously all fields of structure kvm_lapic_irq were not initialized
>>>>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>>>>> an issue when any of those fields are used for processing a request.
>>>>> For example not initializing the msi_redir_hint field before passing
>>>>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>>>>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>>>>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>>>>> value of msi_redir_hint, which should not happen as the request belongs
>>>>> to APIC fixed delivery mode and we do not want to deliver the
>>>>> interrupt only to the lowest priority candidate.
>>>>>
>>>>> This patch initializes all the fields of kvm_lapic_irq based on the
>>>>> values of ioapic redirect_entry object before passing it on to
>>>>> kvm_bitmap_or_dest_vcpus().
>>>>>
>>>>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>>>>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>>>>> ---
>>>>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>>>
>>>>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>>>>> index 7668fed..3a8467d 100644
>>>>> --- a/arch/x86/kvm/ioapic.c
>>>>> +++ b/arch/x86/kvm/ioapic.c
>>>>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>>>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>>>>  			struct kvm_lapic_irq irq;
>>>>>  
>>>>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>>>>  			irq.vector = e->fields.vector;
>>>>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>>>>> -			irq.dest_id = e->fields.dest_id;
>>>>>  			irq.dest_mode =
>>>>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>>>>> +			irq.level = 1;
>>>> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
>>>> reason we set it to 'true' here? I understand that any particular
>>>> setting is likely better than random
>>> Yes, that is the only reason which I had in my mind while doing this change.
>>> I was not particularly sure about the value, so I copied what ioapic_serivce()
>>> is doing.
>> Do you think I should skip setting this here?
>>
> Personally, i'd initialize it to 'false': usualy, if something is not
> properly initialized it's either 0 or garbage)

I think that's true, initializing it to 'false' might make more sense.
Any other concerns or comments that I can improve?

>
>>>>  and it should actually not be used
>>>> without setting it first but still?
>>>>
>>>>> +			irq.trig_mode = e->fields.trig_mode;
>>>>> +			irq.shorthand = APIC_DEST_NOSHORT;
>>>>> +			irq.dest_id = e->fields.dest_id;
>>>>> +			irq.msi_redir_hint = false;
>>>>>  			bitmap_zero(&vcpu_bitmap, 16);
>>>>>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>>>>>  						 &vcpu_bitmap);
-- 
Nitesh


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Vitaly Kuznetsov]

Nitesh Narayan Lal <nitesh@redhat.com> writes:

> On 3/13/20 12:18 PM, Vitaly Kuznetsov wrote:
>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>
>>> On 3/13/20 9:38 AM, Nitesh Narayan Lal wrote:
>>>> On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
>>>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>>>
>>>>>> Previously all fields of structure kvm_lapic_irq were not initialized
>>>>>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>>>>>> an issue when any of those fields are used for processing a request.
>>>>>> For example not initializing the msi_redir_hint field before passing
>>>>>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>>>>>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>>>>>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>>>>>> value of msi_redir_hint, which should not happen as the request belongs
>>>>>> to APIC fixed delivery mode and we do not want to deliver the
>>>>>> interrupt only to the lowest priority candidate.
>>>>>>
>>>>>> This patch initializes all the fields of kvm_lapic_irq based on the
>>>>>> values of ioapic redirect_entry object before passing it on to
>>>>>> kvm_bitmap_or_dest_vcpus().
>>>>>>
>>>>>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>>>>>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>>>>>> ---
>>>>>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>>>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>>>>
>>>>>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>>>>>> index 7668fed..3a8467d 100644
>>>>>> --- a/arch/x86/kvm/ioapic.c
>>>>>> +++ b/arch/x86/kvm/ioapic.c
>>>>>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>>>>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>>>>>  			struct kvm_lapic_irq irq;
>>>>>>  
>>>>>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>>>>>  			irq.vector = e->fields.vector;
>>>>>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>>>>>> -			irq.dest_id = e->fields.dest_id;
>>>>>>  			irq.dest_mode =
>>>>>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>>>>>> +			irq.level = 1;
>>>>> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
>>>>> reason we set it to 'true' here? I understand that any particular
>>>>> setting is likely better than random
>>>> Yes, that is the only reason which I had in my mind while doing this change.
>>>> I was not particularly sure about the value, so I copied what ioapic_serivce()
>>>> is doing.
>>> Do you think I should skip setting this here?
>>>
>> Personally, i'd initialize it to 'false': usualy, if something is not
>> properly initialized it's either 0 or garbage)
>
> I think that's true, initializing it to 'false' might make more sense.
> Any other concerns or comments that I can improve?
>

Please add the missing space to the 'Fixes' tag:

Fixes: 7ee30bc132c6 ("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")

and with that and irq.level initialized to 'false' feel free to add

Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>

tag. Thanks!


>>
>>>>>  and it should actually not be used
>>>>> without setting it first but still?
>>>>>
>>>>>> +			irq.trig_mode = e->fields.trig_mode;
>>>>>> +			irq.shorthand = APIC_DEST_NOSHORT;
>>>>>> +			irq.dest_id = e->fields.dest_id;
>>>>>> +			irq.msi_redir_hint = false;
>>>>>>  			bitmap_zero(&vcpu_bitmap, 16);
>>>>>>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>>>>>>  						 &vcpu_bitmap);

-- 
Vitaly

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Nitesh Narayan Lal]

[-- Attachment #1.1: Type: text/plain, Size: 3789 bytes --]


On 3/13/20 12:36 PM, Vitaly Kuznetsov wrote:
> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>
>> On 3/13/20 12:18 PM, Vitaly Kuznetsov wrote:
>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>
>>>> On 3/13/20 9:38 AM, Nitesh Narayan Lal wrote:
>>>>> On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
>>>>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>>>>
>>>>>>> Previously all fields of structure kvm_lapic_irq were not initialized
>>>>>>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>>>>>>> an issue when any of those fields are used for processing a request.
>>>>>>> For example not initializing the msi_redir_hint field before passing
>>>>>>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>>>>>>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>>>>>>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>>>>>>> value of msi_redir_hint, which should not happen as the request belongs
>>>>>>> to APIC fixed delivery mode and we do not want to deliver the
>>>>>>> interrupt only to the lowest priority candidate.
>>>>>>>
>>>>>>> This patch initializes all the fields of kvm_lapic_irq based on the
>>>>>>> values of ioapic redirect_entry object before passing it on to
>>>>>>> kvm_bitmap_or_dest_vcpus().
>>>>>>>
>>>>>>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>>>>>>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>>>>>>> ---
>>>>>>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>>>>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>>>>>
>>>>>>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>>>>>>> index 7668fed..3a8467d 100644
>>>>>>> --- a/arch/x86/kvm/ioapic.c
>>>>>>> +++ b/arch/x86/kvm/ioapic.c
>>>>>>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>>>>>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>>>>>>  			struct kvm_lapic_irq irq;
>>>>>>>  
>>>>>>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>>>>>>  			irq.vector = e->fields.vector;
>>>>>>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>>>>>>> -			irq.dest_id = e->fields.dest_id;
>>>>>>>  			irq.dest_mode =
>>>>>>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>>>>>>> +			irq.level = 1;
>>>>>> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
>>>>>> reason we set it to 'true' here? I understand that any particular
>>>>>> setting is likely better than random
>>>>> Yes, that is the only reason which I had in my mind while doing this change.
>>>>> I was not particularly sure about the value, so I copied what ioapic_serivce()
>>>>> is doing.
>>>> Do you think I should skip setting this here?
>>>>
>>> Personally, i'd initialize it to 'false': usualy, if something is not
>>> properly initialized it's either 0 or garbage)
>> I think that's true, initializing it to 'false' might make more sense.
>> Any other concerns or comments that I can improve?
>>
> Please add the missing space to the 'Fixes' tag:
>
> Fixes: 7ee30bc132c6 ("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")

My bad.

>
> and with that and irq.level initialized to 'false' feel free to add
>
> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
>
> tag. Thanks!

Sure, thank you.

>
>
>>>>>>  and it should actually not be used
>>>>>> without setting it first but still?
>>>>>>
>>>>>>> +			irq.trig_mode = e->fields.trig_mode;
>>>>>>> +			irq.shorthand = APIC_DEST_NOSHORT;
>>>>>>> +			irq.dest_id = e->fields.dest_id;
>>>>>>> +			irq.msi_redir_hint = false;
>>>>>>>  			bitmap_zero(&vcpu_bitmap, 16);
>>>>>>>  			kvm_bitmap_or_dest_vcpus(ioapic->kvm, &irq,
>>>>>>>  						 &vcpu_bitmap);
-- 
Nitesh
My


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [Patch v2] KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect

[Paolo Bonzini]

[-- Attachment #1.1: Type: text/plain, Size: 3540 bytes --]

On 13/03/20 17:38, Nitesh Narayan Lal wrote:
> 
> On 3/13/20 12:36 PM, Vitaly Kuznetsov wrote:
>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>
>>> On 3/13/20 12:18 PM, Vitaly Kuznetsov wrote:
>>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>>
>>>>> On 3/13/20 9:38 AM, Nitesh Narayan Lal wrote:
>>>>>> On 3/13/20 9:25 AM, Vitaly Kuznetsov wrote:
>>>>>>> Nitesh Narayan Lal <nitesh@redhat.com> writes:
>>>>>>>
>>>>>>>> Previously all fields of structure kvm_lapic_irq were not initialized
>>>>>>>> before it was passed to kvm_bitmap_or_dest_vcpus(). Which will cause
>>>>>>>> an issue when any of those fields are used for processing a request.
>>>>>>>> For example not initializing the msi_redir_hint field before passing
>>>>>>>> to the kvm_bitmap_or_dest_vcpus(), may lead to a misbehavior of
>>>>>>>> kvm_apic_map_get_dest_lapic(). This will specifically happen when the
>>>>>>>> kvm_lowest_prio_delivery() returns TRUE due to a non-zero garbage
>>>>>>>> value of msi_redir_hint, which should not happen as the request belongs
>>>>>>>> to APIC fixed delivery mode and we do not want to deliver the
>>>>>>>> interrupt only to the lowest priority candidate.
>>>>>>>>
>>>>>>>> This patch initializes all the fields of kvm_lapic_irq based on the
>>>>>>>> values of ioapic redirect_entry object before passing it on to
>>>>>>>> kvm_bitmap_or_dest_vcpus().
>>>>>>>>
>>>>>>>> Fixes: 7ee30bc132c6("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
>>>>>>>> Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
>>>>>>>> ---
>>>>>>>>  arch/x86/kvm/ioapic.c | 7 +++++--
>>>>>>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>>>>>>
>>>>>>>> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
>>>>>>>> index 7668fed..3a8467d 100644
>>>>>>>> --- a/arch/x86/kvm/ioapic.c
>>>>>>>> +++ b/arch/x86/kvm/ioapic.c
>>>>>>>> @@ -378,12 +378,15 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
>>>>>>>>  		if (e->fields.delivery_mode == APIC_DM_FIXED) {
>>>>>>>>  			struct kvm_lapic_irq irq;
>>>>>>>>  
>>>>>>>> -			irq.shorthand = APIC_DEST_NOSHORT;
>>>>>>>>  			irq.vector = e->fields.vector;
>>>>>>>>  			irq.delivery_mode = e->fields.delivery_mode << 8;
>>>>>>>> -			irq.dest_id = e->fields.dest_id;
>>>>>>>>  			irq.dest_mode =
>>>>>>>>  			    kvm_lapic_irq_dest_mode(!!e->fields.dest_mode);
>>>>>>>> +			irq.level = 1;
>>>>>>> 'level' is bool in struct kvm_lapic_irq but other than that, is there a
>>>>>>> reason we set it to 'true' here? I understand that any particular
>>>>>>> setting is likely better than random
>>>>>> Yes, that is the only reason which I had in my mind while doing this change.
>>>>>> I was not particularly sure about the value, so I copied what ioapic_serivce()
>>>>>> is doing.
>>>>> Do you think I should skip setting this here?
>>>>>
>>>> Personally, i'd initialize it to 'false': usualy, if something is not
>>>> properly initialized it's either 0 or garbage)
>>> I think that's true, initializing it to 'false' might make more sense.
>>> Any other concerns or comments that I can improve?
>>>
>> Please add the missing space to the 'Fixes' tag:
>>
>> Fixes: 7ee30bc132c6 ("KVM: x86: deliver KVM IOAPIC scan request to target vCPUs")
> 
> My bad.
> 
>>
>> and with that and irq.level initialized to 'false' feel free to add
>>
>> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
>>
>> tag. Thanks!
> 
> Sure, thank you.

I did the changes and applied the patch, thanks.

Paolo



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]