[PATCH] KVM: xen: fix sleeping lock in hardirq context in

[kettlebellok]

xen_timer_callback() calls kvm_xen_set_evtchn_fast(), which acquires
gpc->lock via read_lock_irqsave(). This is a regular rwlock, which
becomes a sleeping lock on PREEMPT_RT kernels. Since xen_timer_callback()
runs in hardirq context (hrtimer), this is invalid and triggers:

BUG: Invalid wait context
kvm_xen_set_evtchn_fast
xen_timer_callback
__hrtimer_run_queues
hrtimer_interrupt

Fix this by removing the kvm_xen_set_evtchn_fast() call from
xen_timer_callback() and always deferring event delivery via the
existing timer_pending mechanism. The vCPU will then deliver the
event through kvm_xen_inject_timer_irqs() in a safe process context.
This was already the fallback path when kvm_xen_set_evtchn_fast()
returned -EWOULDBLOCK.

Reported-by: syzbot+919877893c9d28162dc2@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=919877893c9d28162dc2
Signed-off-by: kettlebellok <zxcyui967@xxxxxxxxx>
---
arch/x86/kvm/xen.c | 13 -------------
1 file changed, 13 deletions(-)

diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index 91fd3673c09a..e588a188f50a 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -126,23 +126,10 @@ static enum hrtimer_restart xen_timer_callback(struct hrtimer *timer)
{
struct kvm_vcpu *vcpu = container_of(timer, struct kvm_vcpu,
arch.xen.timer);
- struct kvm_xen_evtchn e;
- int rc;

if (atomic_read(&vcpu->arch.xen.timer_pending))
return HRTIMER_NORESTART;

- e.vcpu_id = vcpu->vcpu_id;
- e.vcpu_idx = vcpu->vcpu_idx;
- e.port = vcpu->arch.xen.timer_virq;
- e.priority = KVM_IRQ_ROUTING_XEN_EVTCHN_PRIO_2LEVEL;
-
- rc = kvm_xen_set_evtchn_fast(&e, vcpu->kvm);
- if (rc != -EWOULDBLOCK) {
- vcpu->arch.xen.timer_expires = 0;
- return HRTIMER_NORESTART;
- }
-
atomic_inc(&vcpu->arch.xen.timer_pending);
kvm_make_request(KVM_REQ_UNBLOCK, vcpu);
kvm_vcpu_kick(vcpu);
-- 2.43.0