Commit 9bcac97d authored by Sean Christopherson's avatar Sean Christopherson Committed by Paolo Bonzini
Browse files

KVM: x86: Reset IRTE to host control if *new* route isn't postable 



Restore an IRTE back to host control (remapped or posted MSI mode) if the
*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of
the GSI routing type.  Updating the IRTE if and only if the new GSI is an
MSI results in KVM leaving an IRTE posting to a vCPU.

The dangling IRTE can result in interrupts being incorrectly delivered to
the guest, and in the worst case scenario can result in use-after-free,
e.g. if the VM is torn down, but the underlying host IRQ isn't freed.

Fixes: efc64404 ("KVM: x86: Update IRTE for posted-interrupts")
Fixes: 411b44ba ("svm: Implements update_pi_irte hook to setup posted interrupt")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Message-ID: <20250404193923.1413163-3-seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 7537deda

arch/x86/kvm/svm/avic.c

+31 −27
Original line number Diff line number Diff line
@@ -896,6 +896,7 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
{

	struct kvm_kernel_irq_routing_entry *e;

	struct kvm_irq_routing_table *irq_rt;

	bool enable_remapped_mode = true;

	int idx, ret = 0;



	if (!kvm_arch_has_assigned_device(kvm) || !kvm_arch_has_irq_bypass())
@@ -932,6 +933,8 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
		    kvm_vcpu_apicv_active(&svm->vcpu)) {

			struct amd_iommu_pi_data pi;



			enable_remapped_mode = false;



			/* Try to enable guest_mode in IRTE */

			pi.base = __sme_set(page_to_phys(svm->avic_backing_page) &

					    AVIC_HPA_MASK);
@@ -950,7 +953,22 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
			 */

			if (!ret && pi.is_guest_mode)

				svm_ir_list_add(svm, &pi);

		} else {

		}



		if (!ret && svm) {

			trace_kvm_pi_irte_update(host_irq, svm->vcpu.vcpu_id,

						 e->gsi, vcpu_info.vector,

						 vcpu_info.pi_desc_addr, set);

		}



		if (ret < 0) {

			pr_err("%s: failed to update PI IRTE\n", __func__);

			goto out;

		}

	}



	ret = 0;

	if (enable_remapped_mode) {

		/* Use legacy mode in IRTE */

		struct amd_iommu_pi_data pi;
@@ -978,20 +996,6 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
				svm_ir_list_del(to_svm(vcpu), &pi);

		}

	}



		if (!ret && svm) {

			trace_kvm_pi_irte_update(host_irq, svm->vcpu.vcpu_id,

						 e->gsi, vcpu_info.vector,

						 vcpu_info.pi_desc_addr, set);

		}



		if (ret < 0) {

			pr_err("%s: failed to update PI IRTE\n", __func__);

			goto out;

		}

	}



	ret = 0;

out:

	srcu_read_unlock(&kvm->irq_srcu, idx);

	return ret;

arch/x86/kvm/vmx/posted_intr.c

+10 −18
Original line number Diff line number Diff line
@@ -297,6 +297,7 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
{

	struct kvm_kernel_irq_routing_entry *e;

	struct kvm_irq_routing_table *irq_rt;

	bool enable_remapped_mode = true;

	struct kvm_lapic_irq irq;

	struct kvm_vcpu *vcpu;

	struct vcpu_data vcpu_info;
@@ -335,21 +336,8 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 


		kvm_set_msi_irq(kvm, e, &irq);

		if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||

		    !kvm_irq_is_postable(&irq)) {

			/*

			 * Make sure the IRTE is in remapped mode if

			 * we don't handle it in posted mode.

			 */

			ret = irq_set_vcpu_affinity(host_irq, NULL);

			if (ret < 0) {

				printk(KERN_INFO

				   "failed to back to remapped mode, irq: %u\n",

				   host_irq);

				goto out;

			}



		    !kvm_irq_is_postable(&irq))

			continue;

		}



		vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu));

		vcpu_info.vector = irq.vector;
@@ -357,11 +345,12 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
		trace_kvm_pi_irte_update(host_irq, vcpu->vcpu_id, e->gsi,

				vcpu_info.vector, vcpu_info.pi_desc_addr, set);



		if (set)

			ret = irq_set_vcpu_affinity(host_irq, &vcpu_info);

		else

			ret = irq_set_vcpu_affinity(host_irq, NULL);

		if (!set)

			continue;



		enable_remapped_mode = false;



		ret = irq_set_vcpu_affinity(host_irq, &vcpu_info);

		if (ret < 0) {

			printk(KERN_INFO "%s: failed to update PI IRTE\n",

					__func__);
@@ -369,6 +358,9 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, 
		}

	}



	if (enable_remapped_mode)

		ret = irq_set_vcpu_affinity(host_irq, NULL);



	ret = 0;

out:

	srcu_read_unlock(&kvm->irq_srcu, idx);