KVM: arm/arm64: vgic-v2: Limit ITARGETSR bits to number of VCPUs

The GICv2 spec says in section 4.3.12 that a "CPU targets field bit that corresponds to an unimplemented CPU interface is RAZ/WI." Currently we allow the guest to write any value in there and it can read that back. Mask the written value with the proper CPU mask to be spec compliant. Signed-off-by: N Andre Przywara <andre.przywara@arm.com> Signed-off-by: N Marc Zyngier <marc.zyngier@arm.com>

KVM: arm/arm64: vgic-v2: Limit ITARGETSR bits to number of VCPUs
The GICv2 spec says in section 4.3.12 that a "CPU targets field bit that corresponds to an unimplemented CPU interface is RAZ/WI." Currently we allow the guest to write any value in there and it can read that back. Mask the written value with the proper CPU mask to be spec compliant. Signed-off-by: N Andre Przywara <andre.przywara@arm.com> Signed-off-by: N Marc Zyngier <marc.zyngier@arm.com>
266068ea · Andre Przywara · Marc Zyngier · fd5ebf99 · 266068ea
显示空白变更内容
内联并排

Showing with 2 addition and 1 deletion

virt/kvm/arm/vgic/vgic-mmio-v2.c virt/kvm/arm/vgic/vgic-mmio-v2.c +2 -1

未找到文件。
--- a/virt/kvm/arm/vgic/vgic-mmio-v2.c
+++ b/virt/kvm/arm/vgic/vgic-mmio-v2.c
@@ -129,6 +129,7 @@ static void vgic_mmio_write_target(struct kvm_vcpu *vcpu,
 				   unsigned long val)
 {
 	u32 intid = VGIC_ADDR_TO_INTID(addr, 8);
+	u8 cpu_mask = GENMASK(atomic_read(&vcpu->kvm->online_vcpus) - 1, 0);
 	int i;
 	/* GICD_ITARGETSR[0-7] are read-only */
@@ -141,7 +142,7 @@ static void vgic_mmio_write_target(struct kvm_vcpu *vcpu,
 		spin_lock(&irq->irq_lock);
-		irq->targets = (val >> (i * 8)) & 0xff;
+		irq->targets = (val >> (i * 8)) & cpu_mask;
 		target = irq->targets ? __ffs(irq->targets) : 0;
 		irq->target_vcpu = kvm_get_vcpu(vcpu->kvm, target);