arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized

When the vgic initializes its internal state it does so based on the number of VCPUs available at the time. If we allow KVM to create more VCPUs after the VGIC has been initialized, we are likely to error out in unfortunate ways later, perform buffer overflows etc. Acked-by: N Marc Zyngier <marc.zyngier@arm.com> Reviewed-by: N Eric Auger <eric.auger@linaro.org> Signed-off-by: N Christoffer Dall <christoffer.dall@linaro.org>

arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized
When the vgic initializes its internal state it does so based on the number of VCPUs available at the time. If we allow KVM to create more VCPUs after the VGIC has been initialized, we are likely to error out in unfortunate ways later, perform buffer overflows etc. Acked-by: N Marc Zyngier <marc.zyngier@arm.com> Reviewed-by: N Eric Auger <eric.auger@linaro.org> Signed-off-by: N Christoffer Dall <christoffer.dall@linaro.org>
716139df · Christoffer Dall · 1f57be28 · 716139df
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

arch/arm/kvm/arm.c arch/arm/kvm/arm.c +5 -0

未找到文件。
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -213,6 +213,11 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
 	int err;
 	struct kvm_vcpu *vcpu;

+	if (irqchip_in_kernel(kvm) && vgic_initialized(kvm)) {
+		err = -EBUSY;
+		goto out;
+	}
+
 	vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
 	if (!vcpu) {
 		err = -ENOMEM;