[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] xen/arm: gic: Ensure we have an ISB between ack and do_IRQ()

commit 177afec4556c676e5a1a958d1626226fbca2a696
Author:     Julien Grall <julien.grall@xxxxxxx>
AuthorDate: Tue Oct 23 19:17:06 2018 +0100
Commit:     Stefano Stabellini <sstabellini@xxxxxxxxxx>
CommitDate: Fri Nov 9 15:09:20 2018 -0800

    xen/arm: gic: Ensure we have an ISB between ack and do_IRQ()
    
    Devices that expose their interrupt status registers via system
    registers (e.g. Statistical profiling, CPU PMU, DynamIQ PMU, arch timer,
    vgic (although unused by Linux), ...) rely on a context synchronising
    operation on the CPU to ensure that the updated status register is
    visible to the CPU when handling the interrupt. This usually happens as
    a result of taking the IRQ exception in the first place, but there are
    two race scenarios where this isn't the case.
    
    For example, let's say we have two peripherals (X and Y), where Y uses a
    system register for its interrupt status.
    
    Case 1:
    1. CPU takes an IRQ exception as a result of X raising an interrupt
    2. Y then raises its interrupt line, but the update to its system
       register is not yet visible to the CPU
    3. The GIC decides to expose Y's interrupt number first in the Ack
       register
    4. The CPU runs the IRQ handler for Y, but the status register is stale
    
    Case 2:
    1. CPU takes an IRQ exception as a result of X raising an interrupt
    2. CPU reads the interrupt number for X from the Ack register and runs
       its IRQ handler
    3. Y raises its interrupt line and the Ack register is updated, but
       again, the update to its system register is not yet visible to the
       CPU.
    4. Since the GIC drivers poll the Ack register, we read Y's interrupt
       number and run its handler without a context synchronisation
       operation, therefore seeing the stale register value.
    
    In either case, we run the risk of missing an IRQ. This patch solves the
    problem by ensuring that we execute an ISB in the GIC drivers prior
    to invoking the interrupt handler.
    
    Based on Linux commit 39a06b67c2c1256bcf2361a1f67d2529f70ab206
    "irqchip/gic: Ensure we have an ISB between ack and ->handle_irq".
    
    Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
    Reviewed-by: Andrii Anisov<andrii_anisov@xxxxxxxx>
    Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
 xen/arch/arm/gic.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index e524ad583d..cb23b64cc9 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -384,12 +384,14 @@ void gic_interrupt(struct cpu_user_regs *regs, int is_fiq)
         if ( likely(irq >= 16 && irq < 1020) )
         {
             local_irq_enable();
+            isb();
             do_IRQ(regs, irq, is_fiq);
             local_irq_disable();
         }
         else if ( is_lpi(irq) )
         {
             local_irq_enable();
+            isb();
             gic_hw_ops->do_LPI(irq);
             local_irq_disable();
         }
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.