From: Marc Zyngier <maz@xxxxxxxxxx> [ Upstream commit 093bf439fee0d40ade7e309c1288b409cdc3b38f ] When updating an LPI configuration, get_vlpi_map() may be passed a irq_data structure relative to an ITS domain (the normal case) or one that is relative to the core GICv3 domain in the case of a GICv4 doorbell. In the latter case, special care must be take not to dereference the irq_chip data as an its_dev structure, as that isn't what is stored there. Instead, check *first* whether the IRQ is forwarded to a vcpu, and only then try to obtain the vlpi mapping. Fixes: c1d4d5cd203c ("irqchip/gic-v3-its: Add its_vlpi_map helpers") Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx> Reported-by: Zenghui Yu <yuzenghui@xxxxxxxxxx> Link: https://lore.kernel.org/r/20200122085609.658-1-yuzenghui@xxxxxxxxxx Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/irqchip/irq-gic-v3-its.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index e05673bcd52bd..b704214390c0f 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -1170,13 +1170,14 @@ static void its_send_vclear(struct its_device *dev, u32 event_id) */ static struct its_vlpi_map *get_vlpi_map(struct irq_data *d) { - struct its_device *its_dev = irq_data_get_irq_chip_data(d); - u32 event = its_get_event_id(d); + if (irqd_is_forwarded_to_vcpu(d)) { + struct its_device *its_dev = irq_data_get_irq_chip_data(d); + u32 event = its_get_event_id(d); - if (!irqd_is_forwarded_to_vcpu(d)) - return NULL; + return dev_event_to_vlpi_map(its_dev, event); + } - return dev_event_to_vlpi_map(its_dev, event); + return NULL; } static void lpi_write_config(struct irq_data *d, u8 clr, u8 set) -- 2.20.1