|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] i8259-dm.c - close timing window
A window's a window no matter how small... right ?
When signaling an edge-triggered interrupt to the hypervisor via the
shared page, be sure to set the IRR bit *after* setting the LAST_IRR
bit. Otherwise the hypervisor can notice the set bit and the guest
may handle the interrupt before QEMU sets the LAST_IRR bit -- which
will then mask the NEXT occurrence of that irq. And, as much as I
would like to say that this was fixed for theoretical reasons, it
was fixed because it happened (repeatedly) and hurt.
Signed-off-by: Ben Thomas (ben@xxxxxxxxxxxxxxx)
--
------------------------------------------------------------------------
Ben Thomas Virtual Iron Software
bthomas@xxxxxxxxxxxxxxx Tower 1, Floor 2
978-849-1214 900 Chelmsford Street
Lowell, MA 01851
When signaling an edge-triggered interrupt to the hypervisor via the shared
page, be sure to set the IRR bit *after* setting the LAST_IRR bit.
Otherwise the hypervisor can notice the set bit and the guest may handle
the interrupt before QEMU sets the LAST_IRR bit -- which will then mask
the NEXT occurrence of that irq.
Signed-off-by: Ben Thomas (ben@xxxxxxxxxxxxxxx)
diff -r 2db4388fecb9 tools/ioemu/target-i386-dm/i8259-dm.c
--- a/tools/ioemu/target-i386-dm/i8259-dm.c Tue Oct 31 16:42:46 2006 +0000
+++ b/tools/ioemu/target-i386-dm/i8259-dm.c Tue Oct 31 16:08:30 2006 -0500
@@ -65,8 +65,9 @@ void pic_set_irq_new(void *opaque, int i
/* edge */
if ( level ) {
if ( (mask & gio->pic_last_irr) == 0 ) {
+ /* Set pic_irr last to avoid racing guest intr handling! */
+ atomic_set_bit(irq, &gio->pic_last_irr);
atomic_set_bit(irq, &gio->pic_irr);
- atomic_set_bit(irq, &gio->pic_last_irr);
cpu_single_env->send_event = 1;
}
}
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |