• Christoffer Dall's avatar
    KVM: arm/arm64: vgic-new: Synchronize changes to active state · 35a2d585
    Christoffer Dall authored
    When modifying the active state of an interrupt via the MMIO interface,
    we should ensure that the write has the intended effect.
    
    If a guest sets an interrupt to active, but that interrupt is already
    flushed into a list register on a running VCPU, then that VCPU will
    write the active state back into the struct vgic_irq upon returning from
    the guest and syncing its state.  This is a non-benign race, because the
    guest can observe that an interrupt is not active, and it can have a
    reasonable expectations that other VCPUs will not ack any IRQs, and then
    set the state to active, and expect it to stay that way.  Currently we
    are not honoring this case.
    
    Thefore, change both the SACTIVE and CACTIVE mmio handlers to stop the
    world, change the irq state, potentially queue the irq if we're setting
    it to active, and then continue.
    
    We take this chance to slightly optimize these functions by not stopping
    the world when touching private interrupts where there is inherently no
    possible race.
    Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
    35a2d585
kvm_host.h 9.23 KB