Commit 9a24a786 authored Feb 12, 2025 by Tomas Krcka Committed by Yuntao Liu Feb 12, 2025

irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()

stable inclusion
from stable-v6.6.74
commit 6c84ff2e788fce0099ee3e71a3ed258b1ca1a223
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBL2TI
CVE: CVE-2024-57949

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6c84ff2e788fce0099ee3e71a3ed258b1ca1a223



--------------------------------

commit 35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310 upstream.

The following call-chain leads to enabling interrupts in a nested interrupt
disabled section:

irq_set_vcpu_affinity()
  irq_get_desc_lock()
     raw_spin_lock_irqsave()   <--- Disable interrupts
  its_irq_set_vcpu_affinity()
     guard(raw_spinlock_irq)   <--- Enables interrupts when leaving the guard()
  irq_put_desc_unlock()        <--- Warns because interrupts are enabled

This was broken in commit b97e8a2f7130, which replaced the original
raw_spin_[un]lock() pair with guard(raw_spinlock_irq).

Fix the issue by using guard(raw_spinlock).

[ tglx: Massaged change log ]

Fixes: b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()")
Signed-off-by: Tomas Krcka <krckatom@amazon.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20241230150825.62894-1-krckatom@amazon.de


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yuntao Liu <liuyuntao12@huawei.com>

parent 002103c0

drivers/irqchip/irq-gic-v3-its.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2287,7 +2287,7 @@ static int its_irq_set_vcpu_affinity(struct irq_data d, void vcpu_info)
		if (!is_v4(its_dev->its))
		return -EINVAL;

		guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock);
		guard(raw_spinlock)(&its_dev->event_map.vlpi_lock);

		/* Unmap request? */
		if (!info)