|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/2] evtchn/fifo: only set READY for new heads
From: David Vrabel <david.vrabel@xxxxxxxxxx>
Setting a queue's READY bit for every event added to the queue
introduces a race.
If an event is added to the tail of a queue, the guest may consume the
newly added event and leave an empty queue before the READY is set.
The guest may then see a stale HEAD value and if the event at the
stale head became linked onto a different queue, the guest would
consume events from the wrong queue (corrupting it).
As noted in section 4.1.2 of the design document, only set READY if a
new HEAD is set. This ensures that if the guest sees a READY bit set
the corresponding HEAD is valid.
Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
---
xen/common/event_fifo.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c
index 9106c55..6048784 100644
--- a/xen/common/event_fifo.c
+++ b/xen/common/event_fifo.c
@@ -161,8 +161,9 @@ static void evtchn_fifo_set_pending(struct vcpu *v, struct
evtchn *evtchn)
spin_unlock_irqrestore(&q->lock, flags);
- if ( !test_and_set_bit(q->priority,
- &v->evtchn_fifo->control_block->ready) )
+ if ( !linked
+ && !test_and_set_bit(q->priority,
+ &v->evtchn_fifo->control_block->ready) )
vcpu_mark_events_pending(v);
}
--
1.7.2.5
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |