1. Patchew
  2. QEMU
  3. View series

[PATCH] target/i386: tdx: fix locking for interrupt injection

Paolo Bonzini posted 1 patch 2 months, 2 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250717103915.331309-1-pbonzini@redhat.com
Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>
target/i386/kvm/tdx.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
[PATCH] target/i386: tdx: fix locking for interrupt injection
Posted by Paolo Bonzini 2 months, 2 weeks ago 
Take tdx_guest->lock when injecting the event notification interrupt into
the guest.

Fixes CID 1612364.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/kvm/tdx.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 7d69d6d7b06..7dcf2f75026 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -1126,10 +1126,15 @@ int tdx_parse_tdvf(void *flash_ptr, int size)
     return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size);
 }
 
-static void tdx_inject_interrupt(uint32_t apicid, uint32_t vector)
+static void tdx_inject_interrupt(TdxGuest *tdx_guest)
 {
     int ret;
+    uint32_t apicid, vector;
 
+    qemu_mutex_lock(&tdx_guest->lock);
+    vector = tdx_guest->event_notify_vector;
+    apicid = tdx_guest->event_notify_apicid;
+    qemu_mutex_unlock(&tdx_guest->lock);
     if (vector < 32 || vector > 255) {
         return;
     }
@@ -1179,8 +1184,7 @@ static void tdx_get_quote_completion(TdxGenerateQuoteTask *task)
         error_report("TDX: get-quote: failed to update GetQuote header.");
     }
 
-    tdx_inject_interrupt(tdx_guest->event_notify_apicid,
-                         tdx_guest->event_notify_vector);
+    tdx_inject_interrupt(tdx);
 
     g_free(task->send_data);
     g_free(task->receive_buf);
-- 
2.50.1
Re: [PATCH] target/i386: tdx: fix locking for interrupt injection
Posted by Xiaoyao Li 2 months, 2 weeks ago 
On 7/17/2025 6:39 PM, Paolo Bonzini wrote:
> Take tdx_guest->lock when injecting the event notification interrupt into
> the guest.
> 
> Fixes CID 1612364.
> 
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> Cc: Xiaoyao Li <xiaoyao.li@intel.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   target/i386/kvm/tdx.c | 10 +++++++---
>   1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
> index 7d69d6d7b06..7dcf2f75026 100644
> --- a/target/i386/kvm/tdx.c
> +++ b/target/i386/kvm/tdx.c
> @@ -1126,10 +1126,15 @@ int tdx_parse_tdvf(void *flash_ptr, int size)
>       return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size);
>   }
>   
> -static void tdx_inject_interrupt(uint32_t apicid, uint32_t vector)
> +static void tdx_inject_interrupt(TdxGuest *tdx_guest)
>   {
>       int ret;
> +    uint32_t apicid, vector;
>   
> +    qemu_mutex_lock(&tdx_guest->lock);
> +    vector = tdx_guest->event_notify_vector;
> +    apicid = tdx_guest->event_notify_apicid;
> +    qemu_mutex_unlock(&tdx_guest->lock);
>       if (vector < 32 || vector > 255) {
>           return;
>       }
> @@ -1179,8 +1184,7 @@ static void tdx_get_quote_completion(TdxGenerateQuoteTask *task)
>           error_report("TDX: get-quote: failed to update GetQuote header.");
>       }
>   
> -    tdx_inject_interrupt(tdx_guest->event_notify_apicid,
> -                         tdx_guest->event_notify_vector);
> +    tdx_inject_interrupt(tdx);
>   
>       g_free(task->send_data);
>       g_free(task->receive_buf);

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.