Paolo Bonzini wrote on 2013-03-26:
> Il 22/03/2013 06:24, Yang Zhang ha scritto:
>> +static void rtc_irq_ack_eoi(struct kvm_vcpu *vcpu,
>> + struct rtc_status *rtc_status, int irq)
>> +{
>> + if (irq != RTC_GSI)
>> + return;
>> +
>> + if (test_and_clear_bit(vcpu->vcpu_id, rtc_status->dest_map))
>> + --rtc_status->pending_eoi;
>> +
>> + WARN_ON(rtc_status->pending_eoi < 0);
>> +}
>
> This is the only case where you're passing the struct rtc_status instead
> of the struct kvm_ioapic. Please use the latter, and make it the first
> argument.
>
>> @@ -244,7 +268,14 @@ static int ioapic_deliver(struct kvm_ioapic *ioapic, int
> irq)
>> irqe.level = 1;
>> irqe.shorthand = 0;
>> - return kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL);
>> + if (irq == RTC_GSI) {
>> + ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe,
>> + ioapic->rtc_status.dest_map);
>> + ioapic->rtc_status.pending_eoi = ret;
>
> I think you should either add a
>
> BUG_ON(ioapic->rtc_status.pending_eoi != 0);
> or use "ioapic->rtc_status.pending_eoi += ret" (or both).
>
There may malicious guest to write EOI more than once. And the pending_eoi will
be negative. But it should not be a bug. Just WARN_ON is enough. And we already
do it in ack_eoi. So don't need to do duplicated thing here.
Best regards,
Yang
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
