File reverse-55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch of Package xen.1588

Subject: x86/IO-APIC: don't create pIRQ mapping from masked RTE
From: Jan Beulich jbeulich@suse.com Tue Aug 25 16:18:31 2015 +0200
Date: Tue Aug 25 16:18:31 2015 +0200:
Git: 669d4b85c433674ab3b52ef707af0d3a551c941f

While moving our XenoLinux patches to 4.2-rc I noticed bogus "already
mapped" messages resulting from Linux (legitimately) writing RTEs with
only the mask bit set. Clearly we shouldn't even attempt to create a
pIRQ <-> IRQ mapping from such RTEs.

In the course of this I also found that the respective message isn't
really useful without also printing the pre-existing mapping. And I
noticed that map_domain_pirq() allowed IRQ0 to get through, despite us
never allowing a domain to control that interrupt.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
Index: xen-4.5.2-testing/xen/arch/x86/io_apic.c
===================================================================
--- xen-4.5.2-testing.orig/xen/arch/x86/io_apic.c
+++ xen-4.5.2-testing/xen/arch/x86/io_apic.c
@@ -2374,14 +2374,9 @@ int ioapic_guest_write(unsigned long phy
      * pirq and irq mapping. Where the GSI is greater than 256, we assume
      * that dom0 pirq == irq.
      */
-    if ( !rte.mask )
-    {
-        pirq = (irq >= 256) ? irq : rte.vector;
-        if ( pirq >= hardware_domain->nr_pirqs )
-            return -EINVAL;
-    }
-    else
-        pirq = -1;
+    pirq = (irq >= 256) ? irq : rte.vector;
+    if ( (pirq < 0) || (pirq >= hardware_domain->nr_pirqs) )
+        return -EINVAL;
     
     if ( desc->action )
     {
@@ -2416,15 +2411,12 @@ int ioapic_guest_write(unsigned long phy
 
         printk(XENLOG_INFO "allocated vector %02x for irq %d\n", ret, irq);
     }
-    if ( pirq >= 0 )
-    {
-        spin_lock(&hardware_domain->event_lock);
-        ret = map_domain_pirq(hardware_domain, pirq, irq,
-                              MAP_PIRQ_TYPE_GSI, NULL);
-        spin_unlock(&hardware_domain->event_lock);
-        if ( ret < 0 )
-            return ret;
-    }
+    spin_lock(&hardware_domain->event_lock);
+    ret = map_domain_pirq(hardware_domain, pirq, irq,
+            MAP_PIRQ_TYPE_GSI, NULL);
+    spin_unlock(&hardware_domain->event_lock);
+    if ( ret < 0 )
+        return ret;
 
     spin_lock_irqsave(&ioapic_lock, flags);
     /* Set the correct irq-handling type. */
Index: xen-4.5.2-testing/xen/arch/x86/irq.c
===================================================================
--- xen-4.5.2-testing.orig/xen/arch/x86/irq.c
+++ xen-4.5.2-testing/xen/arch/x86/irq.c
@@ -1906,7 +1906,7 @@ int map_domain_pirq(
     if ( !irq_access_permitted(current->domain, irq))
         return -EPERM;
 
-    if ( pirq < 0 || pirq >= d->nr_pirqs || irq <= 0 || irq >= nr_irqs )
+    if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs )
     {
         dprintk(XENLOG_G_ERR, "dom%d: invalid pirq %d or irq %d\n",
                 d->domain_id, pirq, irq);
@@ -1919,9 +1919,8 @@ int map_domain_pirq(
     if ( (old_irq > 0 && (old_irq != irq) ) ||
          (old_pirq && (old_pirq != pirq)) )
     {
-        dprintk(XENLOG_G_WARNING,
-                "dom%d: pirq %d or irq %d already mapped (%d,%d)\n",
-                d->domain_id, pirq, irq, old_pirq, old_irq);
+        dprintk(XENLOG_G_WARNING, "dom%d: pirq %d or irq %d already mapped\n",
+                d->domain_id, pirq, irq);
         return 0;
     }