Patch "KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 4 Mar 2022 12:40:35 -0500

This is a note to let you know that I've just added the patch titled

    KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-vmx-read-posted-interrupt-control-exactly-once-p.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit be48023e4c4ddce7d34258c248478878c3a60b11
Author: Sean Christopherson <seanjc@xxxxxxxxxx>
Date:   Fri Oct 8 19:12:19 2021 -0700

    KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration
    
    [ Upstream commit cfb0e1306a3790eb055ebf7cdb7b0ee8a23e9b6e ]
    
    Use READ_ONCE() when loading the posted interrupt descriptor control
    field to ensure "old" and "new" have the same base value.  If the
    compiler emits separate loads, and loads into "new" before "old", KVM
    could theoretically drop the ON bit if it were set between the loads.
    
    Fixes: 28b835d60fcc ("KVM: Update Posted-Interrupts Descriptor when vCPU is preempted")
    Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
    Message-Id: <20211009021236.4122790-27-seanjc@xxxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kvm/vmx/posted_intr.c b/arch/x86/kvm/vmx/posted_intr.c
index 696ad48ab5daa..46fb83d6a286e 100644
--- a/arch/x86/kvm/vmx/posted_intr.c
+++ b/arch/x86/kvm/vmx/posted_intr.c
@@ -51,7 +51,7 @@ void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu)
 
 	/* The full case.  */
 	do {
-		old.control = new.control = pi_desc->control;
+		old.control = new.control = READ_ONCE(pi_desc->control);
 
 		dest = cpu_physical_id(cpu);
 
@@ -104,7 +104,7 @@ static void __pi_post_block(struct kvm_vcpu *vcpu)
 	unsigned int dest;
 
 	do {
-		old.control = new.control = pi_desc->control;
+		old.control = new.control = READ_ONCE(pi_desc->control);
 		WARN(old.nv != POSTED_INTR_WAKEUP_VECTOR,
 		     "Wakeup handler not enabled while the VCPU is blocked\n");
 
@@ -163,7 +163,7 @@ int pi_pre_block(struct kvm_vcpu *vcpu)
 	}
 
 	do {
-		old.control = new.control = pi_desc->control;
+		old.control = new.control = READ_ONCE(pi_desc->control);
 
 		WARN((pi_desc->sn == 1),
 		     "Warning: SN field of posted-interrupts "






