Unverified Commit 42fe67fa authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!4746 KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache 

Merge Pull Request from: @ci-robot 
 
PR sync from: Jinjie Ruan <ruanjinjie@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/TAPBGIOCU6UHKJO3QZOATIW6KQ5RJVYS/ 
 
https://gitee.com/src-openeuler/kernel/issues/I93EEI 
 
Link:https://gitee.com/openeuler/kernel/pulls/4746

 

Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents e5b3fc12 5674ef9b

virt/kvm/arm/vgic/vgic-its.c

+5 −0
Original line number Diff line number Diff line
@@ -613,7 +613,11 @@ static struct vgic_irq *vgic_its_check_cache(struct kvm *kvm, phys_addr_t db, 
	cacheid = cpu % LPI_TRANS_CACHES_NUM;



	raw_spin_lock_irqsave(&dist->lpi_translation_cache[cacheid].lpi_cache_lock, flags);



	irq = __vgic_its_check_cache(dist, db, devid, eventid, cacheid);

	if (irq)

		vgic_get_irq_kref(irq);



	raw_spin_unlock_irqrestore(&dist->lpi_translation_cache[cacheid].lpi_cache_lock, flags);



	return irq;
@@ -809,6 +813,7 @@ int vgic_its_inject_cached_translation(struct kvm *kvm, struct kvm_msi *msi) 
	raw_spin_lock_irqsave(&irq->irq_lock, flags);

	irq->pending_latch = true;

	vgic_queue_irq_unlock(kvm, irq, flags);

	vgic_put_irq(kvm, irq);



	return 0;

}