[PATCH] KVM: arm64: vgic: Check the interrupt is still ours before migrating it

public inbox for linux-arm-kernel@lists.infradead.org 
 help / color / mirror / Atom feed

From: Hyunwoo Kim <imv4bel@gmail•com>
To: maz@kernel•org, oupton@kernel•org, joey.gouly@arm•com,
	seiden@linux•ibm.com, suzuki.poulose@arm•com,
	yuzenghui@huawei•com, catalin.marinas@arm•com, will@kernel•org,
	Sascha.Bischoff@arm•com, jic23@kernel•org, timothy.hayes@arm•com,
	eric.auger@linaro•org, christoffer.dall@linaro•org,
	andre.przywara@arm•com
Cc: linux-arm-kernel@lists•infradead.org, kvmarm@lists•linux.dev,
	imv4bel@gmail•com
Subject: [PATCH] KVM: arm64: vgic: Check the interrupt is still ours before migrating it
Date: Fri, 5 Jun 2026 05:59:15 +0900	[thread overview]
Message-ID: <aiHnI1mu6SGQrgnz@v4bel> (raw)

vgic_prune_ap_list() drops both ap_list_lock and irq_lock while migrating
an interrupt to another vCPU. After reacquiring the locks it only checks
that the affinity is unchanged (target_vcpu == vgic_target_oracle(irq))
before moving the interrupt, which assumes that an interrupt whose affinity
is preserved is still queued on this vCPU's ap_list.

That assumption no longer holds if the interrupt is taken off the ap_list
while the locks are dropped. vgic_flush_pending_lpis() removes the
interrupt from the list and sets irq->vcpu to NULL, but leaves
enabled/pending/target_vcpu untouched. As the interrupt is still enabled
and pending, vgic_target_oracle() returns the same target_vcpu, so the
affinity check passes and list_del() is run a second time on an entry that
has already been removed.

Also check that the interrupt is still assigned to this vCPU
(irq->vcpu == vcpu) before moving it.

Fixes: 0919e84c0fc1 ("KVM: arm/arm64: vgic-new: Add IRQ sync/flush framework")
Signed-off-by: Hyunwoo Kim <imv4bel@gmail•com>
---
 arch/arm64/kvm/vgic/vgic.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/arch/arm64/kvm/vgic/vgic.c b/arch/arm64/kvm/vgic/vgic.c
index 1e9fe8764584..18b280de9a29 100644
--- a/arch/arm64/kvm/vgic/vgic.c
+++ b/arch/arm64/kvm/vgic/vgic.c
@@ -818,15 +818,16 @@ static void vgic_prune_ap_list(struct kvm_vcpu *vcpu)
 		raw_spin_lock(&irq->irq_lock);

 		/*
-		 * If the affinity has been preserved, move the
-		 * interrupt around. Otherwise, it means things have
-		 * changed while the interrupt was unlocked, and we
-		 * need to replay this.
+		 * If the interrupt is still ours and its affinity has
+		 * been preserved, move it around. Otherwise, it means
+		 * things have changed while the interrupt was unlocked
+		 * (it may even have been taken off the list with its
+		 * affinity left untouched), and we need to replay this.
 		 *
 		 * In all cases, we cannot trust the list not to have
 		 * changed, so we restart from the beginning.
 		 */
-		if (target_vcpu == vgic_target_oracle(irq)) {
+		if (irq->vcpu == vcpu && target_vcpu == vgic_target_oracle(irq)) {
 			struct vgic_cpu *new_cpu = &target_vcpu->arch.vgic_cpu;

 			list_del(&irq->ap_list);
-- 
2.43.0

next             reply	other threads:[~2026-06-04 20:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-04 20:59 Hyunwoo Kim [this message]
2026-06-05  6:00 ` [PATCH] KVM: arm64: vgic: Check the interrupt is still ours before migrating it Oliver Upton

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1e9fe876458 dfblob:18b280de9a2 )
 OR (
bs:"[PATCH] KVM: arm64: vgic: Check the interrupt is still ours before migrating it" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aiHnI1mu6SGQrgnz@v4bel \
    --to=imv4bel@gmail$(echo .)com \
    --cc=Sascha.Bischoff@arm$(echo .)com \
    --cc=andre.przywara@arm$(echo .)com \
    --cc=catalin.marinas@arm$(echo .)com \
    --cc=christoffer.dall@linaro$(echo .)org \
    --cc=eric.auger@linaro$(echo .)org \
    --cc=jic23@kernel$(echo .)org \
    --cc=joey.gouly@arm$(echo .)com \
    --cc=kvmarm@lists$(echo .)linux.dev \
    --cc=linux-arm-kernel@lists$(echo .)infradead.org \
    --cc=maz@kernel$(echo .)org \
    --cc=oupton@kernel$(echo .)org \
    --cc=seiden@linux$(echo .)ibm.com \
    --cc=suzuki.poulose@arm$(echo .)com \
    --cc=timothy.hayes@arm$(echo .)com \
    --cc=will@kernel$(echo .)org \
    --cc=yuzenghui@huawei$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox