From nobody Mon Jun 8 05:24:56 2026 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BDB93CB2FC for ; Mon, 1 Jun 2026 14:53:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780325616; cv=none; b=djKCn8Md8N8TkVgRbrvee1pQUCNwaW0lEVEC7bu2FTYOsOcYtbvksA57j17UkX+bZ/n85GJ6VIIsaGF1+ZcOm31turT9X/Wtm9O5QgjpFHVi9J7FM9voih96gOFh0sPqarYY5i/aWyxC63NeKEFz2wOuxTQfJH/34pAZmqxxSt0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780325616; c=relaxed/simple; bh=w2mR078FU5SKyF8iU76eGa6vXLrGgT0KaRUbbDZdrt4=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=qOJHb8HliCchJ/BKaC6RzMC6mYAyM1/bqGNtp84x3owP1VSmlkFc9VKOh/0ePAW6eCa6q7F0uNRPN242iPF1SS8wN3LyYE4UyYJlJ+RgeszEzboY3Kvnn/E0dNhfJOkAHTKIAA0zXSHhywU/aQEpOU6/htS07SJ5vHmrA/Zidq0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ERoZVprI; arc=none smtp.client-ip=209.85.210.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ERoZVprI" Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-8422a92b6d6so893578b3a.1 for ; Mon, 01 Jun 2026 07:53:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780325612; x=1780930412; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=MrfSnj/PLsXTbxRf/etluSw853v8MTiPenNyLUiYWok=; b=ERoZVprIPRFC+SsCltunCMnOCdnjvdtZh/vFDB04uZ5FgR9VVD3gA544fDdfeWbr0u +rOqW4M/6LAg/KEhZ2qKn95dJOzxXmmoh+hHCRzKHwoWT9fs+z4l3+t18k0w1VrL9d8l KFLbKK5R5Eytyi4KpunEMf9+QKKgqWxHPgpXPpEfjgDBbmlTmHGqCBBGy0vEEyp9+ksG suKzdACaBJ6/nEiGBVuk/F2741PZ/XDcN9XeOXvWm3AHaKyXvlyKs+DYuaPp+kP8mWtQ eFhvO3if870jBcMNQBhy/nyi2jCiFmtfatAH3d5jfAkQQUtnt8I8gAMpBIHiKhl6p6uL AvvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780325612; x=1780930412; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MrfSnj/PLsXTbxRf/etluSw853v8MTiPenNyLUiYWok=; b=A34MZ+w1Fv0WF9OHTNY4rp/zRirI6QokBM14Zzm/6r4plg8lK4Phz21gSg43Ok3Kbx nGvMSw2Slb3zs2kVFqYtWRRR67D2fygYSx94uSyFFyvHrym23aLa0nexmn1DW361OpPm xVjxnLVxxtJnhH2xAKoBGsx3QwGEg8Y4VAbHwE5EMJlaSk6YUilMfZ1qU9p9iozirP5W CQi+pNp0l8/Fne1o7jjmAjFY4mPcKK8u2MyflsNURczn3uk+kvkfqsG7ShbidY+Izqwi UGz6MaBqTtZGwLfdtwruh03Pk6p/r+MuEg9qT0njLcK9CvmDMenQUKjl5anHjtUAeyFO vvqw== X-Forwarded-Encrypted: i=1; AFNElJ9MjhMWwLKJPqLK9AtNjbetiSmIPhQrV1l4YFNURrwcD2VixbTW5m8NeWTjjtUqjxTRPfJIyT3N+LIfmHo=@vger.kernel.org X-Gm-Message-State: AOJu0YwcW4A8ESj7RRgnbXInrXkpTDpusT/PD9yv4qgsHmfApq2jDPmo +sx9LILH5JjrVEkgs1z0Wc3PJ9kIZinL7F2uBQbz+ct4yHjzVpdYQ7DT X-Gm-Gg: Acq92OE54yLu9HWm9UsHUDya8qTRD7RCfdsBeikM1JAnLca7BbwVGy3/+XjI9tLsMkZ 1GaebTamaUbmn26LGFd8JvdC3d5+LRso6r789RmkZVI6XUP9bFMbx/knmfGwJe+VOKJEHQcrh3H gxn8dpJDoTQNyXnM39ocSNzBGxhmzsPBmNG8RgMiHdqAySPLzZ1KNHvulqJuBWSoCb1FNM+e+Ey 4o7AGzjEyD87ibse7rnannl8r9pYeoN7fURmAk6vZUB1ZFXhhBYrAkj+tSfNYM4h+h23mrmw2si KFLeBj1X4VW495BMKF9pB0zL5hMKKmcAxZTZbMgTIwehquaKnBFuFQvSo6CoR8SqzCdzvoYjUTU 6NIHoQa+d0Q2Hht0lKY34vHyt+EtxnhOsUs67f5k/vxbWpHVFQwceldCwbi+Qlw0unFRZdESHLs M3DhVhpMaXhIN6Rd9hgp1QKyhfFJj+HKLc3MiUbT+H4hmll03hAid8sg== X-Received: by 2002:a05:6a00:1310:b0:82f:51e8:b38e with SMTP id d2e1a72fcca58-84210c54cccmr11705575b3a.24.1780325611586; Mon, 01 Jun 2026 07:53:31 -0700 (PDT) Received: from v4bel ([58.123.110.97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8422e712309sm7686388b3a.59.2026.06.01.07.53.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 07:53:30 -0700 (PDT) Date: Mon, 1 Jun 2026 23:53:26 +0900 From: Hyunwoo Kim To: maz@kernel.org, oupton@kernel.org, joey.gouly@arm.com, seiden@linux.ibm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, will@kernel.org, kees@kernel.org Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, imv4bel@gmail.com Subject: [PATCH] KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each entry with vgic_put_irq(). It puts the iterated pointer, though, rather than the value returned by xa_erase(). The function is called from contexts that do not exclude one another: the ITS command handlers hold its_lock, the GITS_CTLR write path holds cmd_lock, and the path that clears EnableLPIs in a redistributor's GICR_CTLR holds neither. Two or more of them can drain the same cache concurrently, and if each one observes the same entry, erases it and then puts it, the single reference the cache holds on that entry is dropped more than once. The entry can then be freed while an ITE still maps it. xa_erase() is atomic and returns the previous entry, so put only the entry that this context actually removed. The cache reference is then dropped exactly once per entry even when the invalidations run concurrently, and the behavior is unchanged when only one context runs. Fixes: 8201d1028caa ("KVM: arm64: vgic-its: Maintain a translation cache pe= r ITS") Signed-off-by: Hyunwoo Kim Reviewed-by: Oliver Upton --- arch/arm64/kvm/vgic/vgic-its.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 1d7e5d560af4..1e3706ac3b8e 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -597,8 +597,10 @@ static void vgic_its_invalidate_cache(struct vgic_its = *its) unsigned long idx; =20 xa_for_each(&its->translation_cache, idx, irq) { - xa_erase(&its->translation_cache, idx); - vgic_put_irq(kvm, irq); + /* Only the context that erases the entry drops its cache ref. */ + irq =3D xa_erase(&its->translation_cache, idx); + if (irq) + vgic_put_irq(kvm, irq); } } =20 --=20 2.43.0