Re: [Xen-devel] do_iret bug in xen

["Ashish Bijlani" <ashish.bijlani@xxxxxxxxx>]

since "sti" is on, an interrupt can occur which can cause the control to enter "__runq_tickle", which then invokes "cpumask_raise_softirq(mask, SCHEDULE_SOFTIRQ)" to send IPI to a processor causing the control to enter "__enter_scheduler" which changes the current.

On Nov 27, 2007 2:16 PM, Daniel Stodden <stodden@xxxxxxxxxx> wrote:

On Tue, 2007-11-27 at 13:59 -0500, Ashish Bijlani wrote:
> "do_iret" (slow iret via hyercall) can introduce a race condition as
> "current" can change during the execution of the function. all
> hypercalls run with "sti" on, so an interrupt on a processor causing
> the control to enter in "__enter_scheduler" after reading current can
> change the current process on that processor.

follow the code e.g. surounding ret_from_intr. __enter_scheduler is a
softirq handler. it will only be run upon return to guest context, not
when returning to an interrupted hypervisor. xen is not preemptible.

regards,
daniel

--
Daniel Stodden
LRR     -      Lehrstuhl für Rechnertechnik und Rechnerorganisation
Institut für Informatik der TU München             D-85748 Garching
http://www.lrr.in.tum.de/~stodden         mailto:stodden@xxxxxxxxxx
PGP Fingerprint: F5A4 1575 4C56 E26A 0B33  3D80 457E 82AE B0D8 735B

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel