Commit 71ba994c authored by Paolo Bonzini's avatar Paolo Bonzini

KVM: x86: clean/fix memory barriers in irqchip_in_kernel

The memory barriers are trying to protect against concurrent RCU-based
interrupt injection, but the IRQ routing table is not valid at the time
kvm->arch.vpic is written.  Fix this by writing kvm->arch.vpic last.
kvm_destroy_pic then need not set kvm->arch.vpic to NULL; modify it
to take a struct kvm_pic* and reuse it if the IOAPIC creation fails.
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent dd489240
...@@ -651,15 +651,10 @@ struct kvm_pic *kvm_create_pic(struct kvm *kvm) ...@@ -651,15 +651,10 @@ struct kvm_pic *kvm_create_pic(struct kvm *kvm)
return NULL; return NULL;
} }
void kvm_destroy_pic(struct kvm *kvm) void kvm_destroy_pic(struct kvm_pic *vpic)
{ {
struct kvm_pic *vpic = kvm->arch.vpic; kvm_io_bus_unregister_dev(vpic->kvm, KVM_PIO_BUS, &vpic->dev_master);
kvm_io_bus_unregister_dev(vpic->kvm, KVM_PIO_BUS, &vpic->dev_slave);
if (vpic) { kvm_io_bus_unregister_dev(vpic->kvm, KVM_PIO_BUS, &vpic->dev_eclr);
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS, &vpic->dev_master);
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS, &vpic->dev_slave);
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS, &vpic->dev_eclr);
kvm->arch.vpic = NULL;
kfree(vpic); kfree(vpic);
}
} }
...@@ -74,7 +74,7 @@ struct kvm_pic { ...@@ -74,7 +74,7 @@ struct kvm_pic {
}; };
struct kvm_pic *kvm_create_pic(struct kvm *kvm); struct kvm_pic *kvm_create_pic(struct kvm *kvm);
void kvm_destroy_pic(struct kvm *kvm); void kvm_destroy_pic(struct kvm_pic *vpic);
int kvm_pic_read_irq(struct kvm *kvm); int kvm_pic_read_irq(struct kvm *kvm);
void kvm_pic_update_irq(struct kvm_pic *s); void kvm_pic_update_irq(struct kvm_pic *s);
...@@ -85,11 +85,11 @@ static inline struct kvm_pic *pic_irqchip(struct kvm *kvm) ...@@ -85,11 +85,11 @@ static inline struct kvm_pic *pic_irqchip(struct kvm *kvm)
static inline int irqchip_in_kernel(struct kvm *kvm) static inline int irqchip_in_kernel(struct kvm *kvm)
{ {
int ret; struct kvm_pic *vpic = pic_irqchip(kvm);
ret = (pic_irqchip(kvm) != NULL); /* Read vpic before kvm->irq_routing. */
smp_rmb(); smp_rmb();
return ret; return vpic != NULL;
} }
void kvm_pic_reset(struct kvm_kpic_state *s); void kvm_pic_reset(struct kvm_kpic_state *s);
......
...@@ -3626,30 +3626,25 @@ long kvm_arch_vm_ioctl(struct file *filp, ...@@ -3626,30 +3626,25 @@ long kvm_arch_vm_ioctl(struct file *filp,
r = kvm_ioapic_init(kvm); r = kvm_ioapic_init(kvm);
if (r) { if (r) {
mutex_lock(&kvm->slots_lock); mutex_lock(&kvm->slots_lock);
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS, kvm_destroy_pic(vpic);
&vpic->dev_master);
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
&vpic->dev_slave);
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
&vpic->dev_eclr);
mutex_unlock(&kvm->slots_lock); mutex_unlock(&kvm->slots_lock);
kfree(vpic);
goto create_irqchip_unlock; goto create_irqchip_unlock;
} }
} else } else
goto create_irqchip_unlock; goto create_irqchip_unlock;
smp_wmb();
kvm->arch.vpic = vpic;
smp_wmb();
r = kvm_setup_default_irq_routing(kvm); r = kvm_setup_default_irq_routing(kvm);
if (r) { if (r) {
mutex_lock(&kvm->slots_lock); mutex_lock(&kvm->slots_lock);
mutex_lock(&kvm->irq_lock); mutex_lock(&kvm->irq_lock);
kvm_ioapic_destroy(kvm); kvm_ioapic_destroy(kvm);
kvm_destroy_pic(kvm); kvm_destroy_pic(vpic);
mutex_unlock(&kvm->irq_lock); mutex_unlock(&kvm->irq_lock);
mutex_unlock(&kvm->slots_lock); mutex_unlock(&kvm->slots_lock);
goto create_irqchip_unlock;
} }
/* Write kvm->irq_routing before kvm->arch.vpic. */
smp_wmb();
kvm->arch.vpic = vpic;
create_irqchip_unlock: create_irqchip_unlock:
mutex_unlock(&kvm->lock); mutex_unlock(&kvm->lock);
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment