Re: [XEN PATCH] evtchn/fifo: Don't set PENDING bit if guest misbehaves

[David Vrabel <dvrabel@xxxxxxxxxx>]

On 17/03/2022 06:28, Juergen Gross wrote:
> On 16.03.22 19:38, Raphael Ning wrote:
> > From: Raphael Ning <raphning@xxxxxxxxxx>
> >
> > Currently, evtchn_fifo_set_pending() will mark the event as PENDING even
> > if it fails to lock the FIFO event queue(s), or if the guest has not
> > initialized the FIFO control block for the target vCPU. A well-behaved
> > guest should never trigger either of these cases.
> Is this true even for the resume case e.g. after a migration?
>
> The guests starts on the new host with no FIFO control block for any
> vcpu registered, so couldn't an event get lost with your patch in case
> it was sent before the target vcpu's control block gets registered?
An event that is PENDING but not LINKED is not reachable by the guest so 
it won't ever see such an event, so the event is lost whether the P bit 
is set or not.
Guests ensure that event channels are not bound to VCPUs that don't 
(yet) have FIFO control blocks.
For example, in Linux xen_irq_resume() reinitializes the control blocks 
(in xen_evtchn_resume()) before restoring any of the event channels.
David