On Fri, Mar 29, 2013 at 03:25:16AM +0000, Zhang, Yang Z wrote:
> Paolo Bonzini wrote on 2013-03-26:
> > Il 22/03/2013 06:24, Yang Zhang ha scritto:
> >> +static void rtc_irq_ack_eoi(struct kvm_vcpu *vcpu,
> >> + struct rtc_status *rtc_status, int irq)
> >> +{
> >> + if (irq != RTC_GSI)
> >> + return;
> >> +
> >> + if (test_and_clear_bit(vcpu->vcpu_id, rtc_status->dest_map))
> >> + --rtc_status->pending_eoi;
> >> +
> >> + WARN_ON(rtc_status->pending_eoi < 0);
> >> +}
> >
> > This is the only case where you're passing the struct rtc_status instead
> > of the struct kvm_ioapic. Please use the latter, and make it the first
> > argument.
> >
> >> @@ -244,7 +268,14 @@ static int ioapic_deliver(struct kvm_ioapic *ioapic, int
> > irq)
> >> irqe.level = 1;
> >> irqe.shorthand = 0;
> >> - return kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL);
> >> + if (irq == RTC_GSI) {
> >> + ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe,
> >> + ioapic->rtc_status.dest_map);
> >> + ioapic->rtc_status.pending_eoi = ret;
> >
> > I think you should either add a
> >
> > BUG_ON(ioapic->rtc_status.pending_eoi != 0);
> > or use "ioapic->rtc_status.pending_eoi += ret" (or both).
> >
> There may malicious guest to write EOI more than once. And the pending_eoi will be negative. But it should not be a bug. Just WARN_ON is enough. And we already do it in ack_eoi. So don't need to do duplicated thing here.
>
Since we track vcpus that already called EOI and decrement pending_eoi
only once for each vcpu malicious guest cannot trigger it, but we
already do WARN_ON() in rtc_irq_ack_eoi(), so I am not sure we need
another one here. += will be correct (since pending_eoi == 0 here), but
confusing since it makes an impression that pending_eoi may not be zero.
--
Gleb.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
