From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Vrabel Subject: [PATCH 1/2] evtchn/fifo: only set READY for new heads Date: Tue, 19 Nov 2013 18:17:02 +0000 Message-ID: <1384885023-11565-2-git-send-email-david.vrabel@citrix.com> References: <1384885023-11565-1-git-send-email-david.vrabel@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1384885023-11565-1-git-send-email-david.vrabel@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xen.org Cc: Keir Fraser , David Vrabel , Jan Beulich List-Id: xen-devel@lists.xenproject.org From: David Vrabel Setting a queue's READY bit for every event added to the queue introduces a race. If an event is added to the tail of a queue, the guest may consume the newly added event and leave an empty queue before the READY is set. The guest may then see a stale HEAD value and if the event at the stale head became linked onto a different queue, the guest would consume events from the wrong queue (corrupting it). As noted in section 4.1.2 of the design document, only set READY if a new HEAD is set. This ensures that if the guest sees a READY bit set the corresponding HEAD is valid. Signed-off-by: David Vrabel --- xen/common/event_fifo.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c index 9106c55..6048784 100644 --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -161,8 +161,9 @@ static void evtchn_fifo_set_pending(struct vcpu *v, struct evtchn *evtchn) spin_unlock_irqrestore(&q->lock, flags); - if ( !test_and_set_bit(q->priority, - &v->evtchn_fifo->control_block->ready) ) + if ( !linked + && !test_and_set_bit(q->priority, + &v->evtchn_fifo->control_block->ready) ) vcpu_mark_events_pending(v); } -- 1.7.2.5