On 17/06/15 14:21, Peter Maydell wrote: > On 17 June 2015 at 12:53, Eric Auger <eric.auger@xxxxxxxxxx> wrote: >> shouldn't we test somewhere that the hwirq is between 16 and 1019. > > Not directly related, but that reminds me that I noticed the > other day that we have VGIC_MAX_IRQS = 1024 (and use that as a > guard on how many irqs we let userspace configure and ask us > to deliver), but that doesn't account for the couple of magic > numbers at the top of the range. I think that lets userspace > cause us to do UNPREDICTABLE things to the GIC... Good point. How about the following: diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c index 78fb820..950064a 100644 --- a/virt/kvm/arm/vgic.c +++ b/virt/kvm/arm/vgic.c @@ -1561,7 +1561,7 @@ int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num, goto out; } - if (irq_num >= kvm->arch.vgic.nr_irqs) + if (irq_num >= min(kvm->arch.vgic.nr_irqs, 1020)) return -EINVAL; vcpu_id = vgic_update_irq_pending(kvm, cpuid, irq_num, level); @@ -2161,10 +2161,7 @@ int kvm_set_irq(struct kvm *kvm, int irq_source_id, BUG_ON(!vgic_initialized(kvm)); - if (spi > kvm->arch.vgic.nr_irqs) - return -EINVAL; return kvm_vgic_inject_irq(kvm, 0, spi, level); - } /* MSI not implemented yet */ Thanks, M. -- Jazz is not dead. It just smells funny... -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
