KVM: arm/arm64: vITS: Drop its_ite->lpi field

For unknown reasons, the its_ite data structure carries an "lpi" field
which contains the intid of the LPI. This is an obvious duplication
of the vgic_irq->intid field, so let's fix the only user and remove
the now useless field.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
(cherry picked from commit 7c7d2fa1cd1e9aa9b925bac409e91544eee52c03)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
index aaa607b8ab969688c9b0e1759bc4732a6e59e962..76685f4c6261ee9c21811c0ec1f116591dd06037 100644 (file)
--- a/virt/kvm/arm/vgic/vgic-its.c
+++ b/virt/kvm/arm/vgic/vgic-its.c
@@ -144,7 +144,6 @@ struct its_ite {
 
        struct vgic_irq *irq;
        struct its_collection *collection;
-       u32 lpi;
        u32 event_id;
 };
 
@@ -813,7 +812,7 @@ static void vgic_its_free_collection(struct vgic_its *its, u32 coll_id)
 /* Must be called with its_lock mutex held */
 static struct its_ite *vgic_its_alloc_ite(struct its_device *device,
                                          struct its_collection *collection,
-                                         u32 lpi_id, u32 event_id)
+                                         u32 event_id)
 {
        struct its_ite *ite;
 
@@ -823,7 +822,6 @@ static struct its_ite *vgic_its_alloc_ite(struct its_device *device,
 
        ite->event_id   = event_id;
        ite->collection = collection;
-       ite->lpi = lpi_id;
 
        list_add_tail(&ite->ite_list, &device->itt_head);
        return ite;
@@ -873,7 +871,7 @@ static int vgic_its_cmd_handle_mapi(struct kvm *kvm, struct vgic_its *its,
                new_coll = collection;
        }
 
-       ite = vgic_its_alloc_ite(device, collection, lpi_nr, event_id);
+       ite = vgic_its_alloc_ite(device, collection, event_id);
        if (IS_ERR(ite)) {
                if (new_coll)
                        vgic_its_free_collection(its, coll_id);
@@ -1844,7 +1842,7 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev,
 
        next_offset = compute_next_eventid_offset(&dev->itt_head, ite);
        val = ((u64)next_offset << KVM_ITS_ITE_NEXT_SHIFT) |
-              ((u64)ite->lpi << KVM_ITS_ITE_PINTID_SHIFT) |
+              ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) |
                ite->collection->collection_id;
        val = cpu_to_le64(val);
        return kvm_write_guest(kvm, gpa, &val, ite_esz);
@@ -1891,7 +1889,7 @@ static int vgic_its_restore_ite(struct vgic_its *its, u32 event_id,
        if (!collection)
                return -EINVAL;
 
-       ite = vgic_its_alloc_ite(dev, collection, lpi_id, event_id);
+       ite = vgic_its_alloc_ite(dev, collection, event_id);
        if (IS_ERR(ite))
                return PTR_ERR(ite);