This is a note to let you know that I've just added the patch titled
KVM: x86/xen: Stop Xen timer before changing IRQ
to the 5.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-x86-xen-stop-xen-timer-before-changing-irq.patch
and it can be found in the queue-5.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From c036899136355758dcd88878145036ab4d9c1f26 Mon Sep 17 00:00:00 2001
From: Coleman Dietsch <dietschc@xxxxxxx>
Date: Mon, 8 Aug 2022 14:06:07 -0500
Subject: KVM: x86/xen: Stop Xen timer before changing IRQ
From: Coleman Dietsch <dietschc@xxxxxxx>
commit c036899136355758dcd88878145036ab4d9c1f26 upstream.
Stop Xen timer (if it's running) prior to changing the IRQ vector and
potentially (re)starting the timer. Changing the IRQ vector while the
timer is still running can result in KVM injecting a garbage event, e.g.
vm_xen_inject_timer_irqs() could see a non-zero xen.timer_pending from
a previous timer but inject the new xen.timer_virq.
Fixes: 536395260582 ("KVM: x86/xen: handle PV timers oneshot mode")
Cc: stable@xxxxxxxxxxxxxxx
Link: https://syzkaller.appspot.com/bug?id=8234a9dfd3aafbf092cc5a7cd9842e3ebc45fc42
Reported-by: syzbot+e54f930ed78eb0f85281@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Coleman Dietsch <dietschc@xxxxxxx>
Reviewed-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Acked-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
Message-Id: <20220808190607.323899-3-dietschc@xxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/xen.c | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -707,25 +707,24 @@ int kvm_xen_vcpu_set_attr(struct kvm_vcp
break;
case KVM_XEN_VCPU_ATTR_TYPE_TIMER:
- if (data->u.timer.port) {
- if (data->u.timer.priority != KVM_IRQ_ROUTING_XEN_EVTCHN_PRIO_2LEVEL) {
- r = -EINVAL;
- break;
- }
- vcpu->arch.xen.timer_virq = data->u.timer.port;
+ if (data->u.timer.port &&
+ data->u.timer.priority != KVM_IRQ_ROUTING_XEN_EVTCHN_PRIO_2LEVEL) {
+ r = -EINVAL;
+ break;
+ }
- if (!vcpu->arch.xen.timer.function)
- kvm_xen_init_timer(vcpu);
+ if (!vcpu->arch.xen.timer.function)
+ kvm_xen_init_timer(vcpu);
- /* Restart the timer if it's set */
- if (data->u.timer.expires_ns)
- kvm_xen_start_timer(vcpu, data->u.timer.expires_ns,
- data->u.timer.expires_ns -
- get_kvmclock_ns(vcpu->kvm));
- } else if (kvm_xen_timer_enabled(vcpu)) {
- kvm_xen_stop_timer(vcpu);
- vcpu->arch.xen.timer_virq = 0;
- }
+ /* Stop the timer (if it's running) before changing the vector */
+ kvm_xen_stop_timer(vcpu);
+ vcpu->arch.xen.timer_virq = data->u.timer.port;
+
+ /* Start the timer if the new value has a valid vector+expiry. */
+ if (data->u.timer.port && data->u.timer.expires_ns)
+ kvm_xen_start_timer(vcpu, data->u.timer.expires_ns,
+ data->u.timer.expires_ns -
+ get_kvmclock_ns(vcpu->kvm));
r = 0;
break;
Patches currently in stable-queue which might be from dietschc@xxxxxxx are
queue-5.19/kvm-x86-xen-initialize-xen-timer-only-once.patch
queue-5.19/kvm-x86-xen-stop-xen-timer-before-changing-irq.patch
