diff options
| author | Christoffer Dall <christoffer.dall@linaro.org> | 2016-05-20 15:25:28 +0200 |
|---|---|---|
| committer | Christoffer Dall <christoffer.dall@linaro.org> | 2016-05-20 16:26:38 +0200 |
| commit | 35a2d58588f0992627e74b447ccab21570544c86 (patch) | |
| tree | 823643adbca0b1aece727a932ea0cbe4c5809321 | |
| parent | efffe55af5e16f7935aa0175cf25c386f08219f5 (diff) | |
KVM: arm/arm64: vgic-new: Synchronize changes to active state
When modifying the active state of an interrupt via the MMIO interface,
we should ensure that the write has the intended effect.
If a guest sets an interrupt to active, but that interrupt is already
flushed into a list register on a running VCPU, then that VCPU will
write the active state back into the struct vgic_irq upon returning from
the guest and syncing its state. This is a non-benign race, because the
guest can observe that an interrupt is not active, and it can have a
reasonable expectations that other VCPUs will not ack any IRQs, and then
set the state to active, and expect it to stay that way. Currently we
are not honoring this case.
Thefore, change both the SACTIVE and CACTIVE mmio handlers to stop the
world, change the irq state, potentially queue the irq if we're setting
it to active, and then continue.
We take this chance to slightly optimize these functions by not stopping
the world when touching private interrupts where there is inherently no
possible race.
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>