From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Thomas Subject: [PATCH] i8259-dm.c - close timing window Date: Wed, 01 Nov 2006 16:57:47 -0500 Message-ID: <4549185B.3010000@virtualiron.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------010905080102060302060405" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------010905080102060302060405 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit A window's a window no matter how small... right ? When signaling an edge-triggered interrupt to the hypervisor via the shared page, be sure to set the IRR bit *after* setting the LAST_IRR bit. Otherwise the hypervisor can notice the set bit and the guest may handle the interrupt before QEMU sets the LAST_IRR bit -- which will then mask the NEXT occurrence of that irq. And, as much as I would like to say that this was fixed for theoretical reasons, it was fixed because it happened (repeatedly) and hurt. Signed-off-by: Ben Thomas (ben@virtualiron.com) -- ------------------------------------------------------------------------ Ben Thomas Virtual Iron Software bthomas@virtualiron.com Tower 1, Floor 2 978-849-1214 900 Chelmsford Street Lowell, MA 01851 --------------010905080102060302060405 Content-Type: text/x-patch; name="9971_smp_irr_fix.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="9971_smp_irr_fix.patch" When signaling an edge-triggered interrupt to the hypervisor via the shared page, be sure to set the IRR bit *after* setting the LAST_IRR bit. Otherwise the hypervisor can notice the set bit and the guest may handle the interrupt before QEMU sets the LAST_IRR bit -- which will then mask the NEXT occurrence of that irq. Signed-off-by: Ben Thomas (ben@virtualiron.com) diff -r 2db4388fecb9 tools/ioemu/target-i386-dm/i8259-dm.c --- a/tools/ioemu/target-i386-dm/i8259-dm.c Tue Oct 31 16:42:46 2006 +0000 +++ b/tools/ioemu/target-i386-dm/i8259-dm.c Tue Oct 31 16:08:30 2006 -0500 @@ -65,8 +65,9 @@ void pic_set_irq_new(void *opaque, int i /* edge */ if ( level ) { if ( (mask & gio->pic_last_irr) == 0 ) { + /* Set pic_irr last to avoid racing guest intr handling! */ + atomic_set_bit(irq, &gio->pic_last_irr); atomic_set_bit(irq, &gio->pic_irr); - atomic_set_bit(irq, &gio->pic_last_irr); cpu_single_env->send_event = 1; } } --------------010905080102060302060405 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------010905080102060302060405--