lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1751467297-201441-1-git-send-email-steven.sistare@oracle.com>
Date: Wed,  2 Jul 2025 07:41:37 -0700
From: Steve Sistare <steven.sistare@...cle.com>
To: kvmarm@...ts.linux.dev, linux-kernel@...r.kernel.org
Cc: Marc Zyngier <maz@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>,
        Joey Gouly <joey.gouly@....com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Zenghui Yu <yuzenghui@...wei.com>,
        Steve Sistare <steven.sistare@...cle.com>
Subject: [PATCH] KVM: arm64: preserve pending during kvm_irqfd_deassign

When kvm_irqfd_deassign ... -> kvm_vgic_v4_unset_forwarding is called,
if an interrupt is pending in irq->pending_latch, then transfer it to
the producer's eventfd.  This way, if the KVM instance is subsequently
destroyed, the interrupt is preserved in producer state.  If the irqfd
is re-created in a new KVM instance, kvm_irqfd_assign finds the producer,
polls the eventfd, finds the interrupt, and injects it into KVM.

QEMU live update does that: it passes the VFIO device descriptors to the
new process, but destroys and recreates the KVM instance, without
quiescing VFIO interrupts.

Signed-off-by: Steve Sistare <steven.sistare@...cle.com>
---
 arch/arm64/kvm/arm.c          |  8 ++++++--
 arch/arm64/kvm/vgic/vgic-v4.c | 13 ++++++++++---
 include/kvm/arm_vgic.h        |  2 +-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 38a91bb5d4c7..315f4829875b 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -2751,6 +2751,7 @@ int kvm_arch_irq_bypass_add_producer(struct irq_bypass_consumer *cons,
 void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons,
 				      struct irq_bypass_producer *prod)
 {
+	bool pending = false;
 	struct kvm_kernel_irqfd *irqfd =
 		container_of(cons, struct kvm_kernel_irqfd, consumer);
 	struct kvm_kernel_irq_routing_entry *irq_entry = &irqfd->irq_entry;
@@ -2758,7 +2759,10 @@ void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons,
 	if (irq_entry->type != KVM_IRQ_ROUTING_MSI)
 		return;
 
-	kvm_vgic_v4_unset_forwarding(irqfd->kvm, prod->irq);
+	kvm_vgic_v4_unset_forwarding(irqfd->kvm, prod->irq, &pending);
+
+	if (pending)
+		eventfd_signal((struct eventfd_ctx *)prod->token);
 }
 
 bool kvm_arch_irqfd_route_changed(struct kvm_kernel_irq_routing_entry *old,
@@ -2781,7 +2785,7 @@ int kvm_arch_update_irqfd_routing(struct kvm *kvm, unsigned int host_irq,
 	 *
 	 * Unmap the vLPI and fall back to software LPI injection.
 	 */
-	return kvm_vgic_v4_unset_forwarding(kvm, host_irq);
+	return kvm_vgic_v4_unset_forwarding(kvm, host_irq, NULL);
 }
 
 void kvm_arch_irq_bypass_stop(struct irq_bypass_consumer *cons)
diff --git a/arch/arm64/kvm/vgic/vgic-v4.c b/arch/arm64/kvm/vgic/vgic-v4.c
index 193946108192..b4cc576f9b51 100644
--- a/arch/arm64/kvm/vgic/vgic-v4.c
+++ b/arch/arm64/kvm/vgic/vgic-v4.c
@@ -527,13 +527,14 @@ static struct vgic_irq *__vgic_host_irq_get_vlpi(struct kvm *kvm, int host_irq)
 	return NULL;
 }
 
-int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int host_irq)
+int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int host_irq, bool *pending)
 {
 	struct vgic_irq *irq;
 	unsigned long flags;
 	int ret = 0;
+	bool direct_msi = vgic_supports_direct_msis(kvm);
 
-	if (!vgic_supports_direct_msis(kvm))
+	if (!pending && !direct_msi)
 		return 0;
 
 	irq = __vgic_host_irq_get_vlpi(kvm, host_irq);
@@ -542,7 +543,13 @@ int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int host_irq)
 
 	raw_spin_lock_irqsave(&irq->irq_lock, flags);
 	WARN_ON(irq->hw && irq->host_irq != host_irq);
-	if (irq->hw) {
+
+	if (pending) {
+		*pending = irq->pending_latch;
+		irq->pending_latch = false;
+	}
+
+	if (direct_msi && irq->hw) {
 		atomic_dec(&irq->target_vcpu->arch.vgic_cpu.vgic_v3.its_vpe.vlpi_count);
 		irq->hw = false;
 		ret = its_unmap_vlpi(host_irq);
diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index 4a34f7f0a864..249b39e8da02 100644
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -434,7 +434,7 @@ struct kvm_kernel_irq_routing_entry;
 int kvm_vgic_v4_set_forwarding(struct kvm *kvm, int irq,
 			       struct kvm_kernel_irq_routing_entry *irq_entry);
 
-int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int host_irq);
+int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int host_irq, bool *pending);
 
 int vgic_v4_load(struct kvm_vcpu *vcpu);
 void vgic_v4_commit(struct kvm_vcpu *vcpu);
-- 
2.39.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ