Unverified Commit a24a9238 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!4747 KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache 

Merge Pull Request from: @ci-robot 
 
PR sync from: Jinjie Ruan <ruanjinjie@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/AJWCOSU3PE3MK27TLIKZJFPDB7MHMC6R/ 
 
https://gitee.com/src-openeuler/kernel/issues/I93EEI 
 
Link:https://gitee.com/openeuler/kernel/pulls/4747

 

Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents e0a00cd6 d1e388db

arch/arm64/kvm/vgic/vgic-its.c

+5 −0
Original line number Diff line number Diff line
@@ -601,7 +601,11 @@ static struct vgic_irq *vgic_its_check_cache(struct kvm *kvm, phys_addr_t db, 
	cacheid = cpu % LPI_TRANS_CACHES_NUM;



	raw_spin_lock_irqsave(&dist->lpi_translation_cache[cacheid].lpi_cache_lock, flags);



	irq = __vgic_its_check_cache(dist, db, devid, eventid, cacheid);

	if (irq)

		vgic_get_irq_kref(irq);



	raw_spin_unlock_irqrestore(&dist->lpi_translation_cache[cacheid].lpi_cache_lock, flags);



	return irq;
@@ -778,6 +782,7 @@ static int vgic_its_trigger_msi(struct kvm *kvm, struct vgic_its *its, 
	raw_spin_lock_irqsave(&irq->irq_lock, flags);

	irq->pending_latch = true;

	vgic_queue_irq_unlock(kvm, irq, flags);

	vgic_put_irq(kvm, irq);



	return 0;

}