git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Sean Christopherson <seanjc@google.com>
	Fri, 4 Apr 2025 19:38:17 +0000 (12:38 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 2 May 2025 05:44:31 +0000 (07:44 +0200)
commit	116c7d35b8f72eac383b9fd371d7c1a8ffc2968b
tree	5f69ef41e1d9a4f93cca095c99949bd2168aa1d5	tree
parent	26ccc791de508e609cd238e1f4bc234d24af1bfb	commit \| diff

KVM: x86: Reset IRTE to host control if *new* route isn't postable

commit 9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 upstream.

Restore an IRTE back to host control (remapped or posted MSI mode) if the
*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of
the GSI routing type. Updating the IRTE if and only if the new GSI is an
MSI results in KVM leaving an IRTE posting to a vCPU.

The dangling IRTE can result in interrupts being incorrectly delivered to
the guest, and in the worst case scenario can result in use-after-free,
e.g. if the VM is torn down, but the underlying host IRQ isn't freed.

Fixes: efc644048ecd ("KVM: x86: Update IRTE for posted-interrupts")
Fixes: 411b44ba80ab ("svm: Implements update_pi_irte hook to setup posted interrupt")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-ID: <20250404193923.1413163-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/kvm/svm/avic.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx/posted_intr.c		diff \| blob \| blame \| history