Paolo Bonzini wrote on 2013-03-29:
> Il 29/03/2013 04:25, Zhang, Yang Z ha scritto:
>> Paolo Bonzini wrote on 2013-03-26:
>>> Il 22/03/2013 06:24, Yang Zhang ha scritto:
>>>> +static void rtc_irq_ack_eoi(struct kvm_vcpu *vcpu,
>>>> + struct rtc_status *rtc_status, int irq)
>>>> +{
>>>> + if (irq != RTC_GSI)
>>>> + return;
>>>> +
>>>> + if (test_and_clear_bit(vcpu->vcpu_id, rtc_status->dest_map))
>>>> + --rtc_status->pending_eoi;
>>>> +
>>>> + WARN_ON(rtc_status->pending_eoi < 0);
>>>> +}
>>>
>>> This is the only case where you're passing the struct rtc_status instead
>>> of the struct kvm_ioapic. Please use the latter, and make it the first
>>> argument.
>>>
>>>> @@ -244,7 +268,14 @@ static int ioapic_deliver(struct kvm_ioapic *ioapic,
>>>> int
>>> irq)
>>>> irqe.level = 1;
>>>> irqe.shorthand = 0;
>>>> - return kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL);
>>>> + if (irq == RTC_GSI) {
>>>> + ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe,
>>>> + ioapic->rtc_status.dest_map);
>>>> + ioapic->rtc_status.pending_eoi = ret;
>>>
>>> I think you should either add a
>>>
>>> BUG_ON(ioapic->rtc_status.pending_eoi != 0);
>>> or use "ioapic->rtc_status.pending_eoi += ret" (or both).
>>>
>> There may malicious guest to write EOI more than once. And the
>> pending_eoi will be negative. But it should not be a bug. Just WARN_ON
>> is enough. And we already do it in ack_eoi. So don't need to do
>> duplicated thing here.
>
> Even WARN_ON is too much if it is guest-triggerable. But then it is
> better to make it "+=", I think.
No. If the above case happened, you will always hit the WARN_ON with "+=".
Best regards,
Yang
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
