git.baikalelectronics.ru Git - kernel.git/commit

author	James Hogan <james.hogan@imgtec.com>
	Fri, 22 Apr 2016 09:38:46 +0000 (10:38 +0100)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 10 May 2016 13:56:50 +0000 (15:56 +0200)
commit	7e05981d29649213ebb44470fe2c3bae2de264a7
tree	e4085212040106f1403baab0c681cd0ec06bb6b8	tree \| snapshot
parent	d795390e5ae5e2f5b3cb019ee4cdb6618747a216	commit \| diff

MIPS: KVM: Fix timer IRQ race when writing CP0_Compare

Writing CP0_Compare clears the timer interrupt pending bit
(CP0_Cause.TI), but this wasn't being done atomically. If a timer
interrupt raced with the write of the guest CP0_Compare, the timer
interrupt could end up being pending even though the new CP0_Compare is
nowhere near CP0_Count.

We were already updating the hrtimer expiry with
kvm_mips_update_hrtimer(), which used both kvm_mips_freeze_hrtimer() and
kvm_mips_resume_hrtimer(). Close the race window by expanding out
kvm_mips_update_hrtimer(), and clearing CP0_Cause.TI and setting
CP0_Compare between the freeze and resume. Since the pending timer
interrupt should not be cleared when CP0_Compare is written via the KVM
user API, an ack argument is added to distinguish the source of the
write.

Fixes: b06fd4c0a40b ("MIPS: KVM: Rewrite count/compare timer emulation")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄ\8dmÃ¡Å™" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.16.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/mips/include/asm/kvm_host.h		diff \| blob \| history
arch/mips/kvm/emulate.c		diff \| blob \| history
arch/mips/kvm/trap_emul.c		diff \| blob \| history