KVM: arm/arm64: Don't assume initialized vgic when setting PMU IRQ

The PMU IRQ number is set through the VCPU device's KVM_SET_DEVICE_ATTR
ioctl handler for the KVM_ARM_VCPU_PMU_V3_IRQ attribute, but there is no
enforced or stated requirement that this must happen after initializing
the VGIC.  As a result, calling vgic_valid_spi() which relies on the
nr_spis being set during the VGIC init can incorrectly fail.

Introduce irq_is_spi, which determines if an IRQ number is within the
SPI range without verifying it against the actual VGIC properties.

Signed-off-by: Christoffer Dall <cdall@linaro.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>

diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index 131668f8599c7282de8f113cf8e0a61cffaedf23..a2ae9d2de21fa44656403602c17c7fdcfde9a09f 100644 (file)
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -39,6 +39,8 @@
 #define KVM_IRQCHIP_NUM_PINS   (1020 - 32)
 
 #define irq_is_ppi(irq) ((irq) >= VGIC_NR_SGIS && (irq) < VGIC_NR_PRIVATE_IRQS)
+#define irq_is_spi(irq) ((irq) >= VGIC_NR_PRIVATE_IRQS && \
+                        (irq) <= VGIC_MAX_SPI)
 
 enum vgic_type {
        VGIC_V2,                /* Good ol' GICv2 */

diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c
index 9923eb90cdc73e20385b051401ca8d33581f8f9a..fc8a723ff387f5c02a5525b33a078ae83819ac61 100644 (file)
--- a/virt/kvm/arm/pmu.c
+++ b/virt/kvm/arm/pmu.c
@@ -458,10 +458,24 @@ int kvm_arm_pmu_v3_enable(struct kvm_vcpu *vcpu)
        /*
         * A valid interrupt configuration for the PMU is either to have a
         * properly configured interrupt number and using an in-kernel
-        * irqchip, or to neither set an IRQ nor create an in-kernel irqchip.
+        * irqchip, or to not have an in-kernel GIC and not set an IRQ.
         */
-       if (kvm_arm_pmu_irq_initialized(vcpu) != irqchip_in_kernel(vcpu->kvm))
-               return -EINVAL;
+       if (irqchip_in_kernel(vcpu->kvm)) {
+               int irq = vcpu->arch.pmu.irq_num;
+               if (!kvm_arm_pmu_irq_initialized(vcpu))
+                       return -EINVAL;
+
+               /*
+                * If we are using an in-kernel vgic, at this point we know
+                * the vgic will be initialized, so we can check the PMU irq
+                * number against the dimensions of the vgic and make sure
+                * it's valid.
+                */
+               if (!irq_is_ppi(irq) && !vgic_valid_spi(vcpu->kvm, irq))
+                       return -EINVAL;
+       } else if (kvm_arm_pmu_irq_initialized(vcpu)) {
+                  return -EINVAL;
+       }
 
        kvm_pmu_vcpu_reset(vcpu);
        vcpu->arch.pmu.ready = true;
@@ -547,7 +561,7 @@ int kvm_arm_pmu_v3_set_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr)
                        return -EFAULT;
 
                /* The PMU overflow interrupt can be a PPI or a valid SPI. */
-               if (!(irq_is_ppi(irq) || vgic_valid_spi(vcpu->kvm, irq)))
+               if (!(irq_is_ppi(irq) || irq_is_spi(irq)))
                        return -EINVAL;
 
                if (!pmu_irq_is_valid(vcpu->kvm, irq))