xen/arm: do not use is_running to decide whether we can write directly to the LR...

During context switch is_running is set for the next vcpu before the
gic state is actually saved.
This leads to possible nasty races when interrupts need to be injected
after is_running is set to the next vcpu but before the currently
running gic state has been saved from the previous vcpu.

Use current instead of is_running to check which one is the currently
running vcpu: set_current is called right before __context_switch and
schedule_tail with interrupt disabled.

Re-enabled interrupts after ctxt_switch_from, so that all the context
switch saving functions don't have to worry about receiving interrupts
while saving state.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index e3088137a4244cab39efb943c50f8a60adabbe90..eae42afcfd5373ebdf3ba5f1cc55ceab177368dc 100644 (file)
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -213,11 +213,10 @@ static void ctxt_switch_to(struct vcpu *n)
 
 static void schedule_tail(struct vcpu *prev)
 {
-    /* Re-enable interrupts before restoring state which may fault. */
-    local_irq_enable();
-
     ctxt_switch_from(prev);
 
+    local_irq_enable();
+
     /* TODO
        update_runstate_area(current);
     */

diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index 0d1ab5a1cc9c0882f6c032085a61f3bc6cefe004..c3887a9bffb1a286fd9537b2ade45ac7c15a3ee3 100644 (file)
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -64,12 +64,15 @@ irq_desc_t *__irq_to_desc(int irq)
 void gic_save_state(struct vcpu *v)
 {
     int i;
+    ASSERT(!local_irq_is_enabled());
 
-    spin_lock_irq(&gic.lock);
+    /* No need for spinlocks here because interrupts are disabled around
+     * this call and it only accesses struct vcpu fields that cannot be
+     * accessed simultaneously by another pCPU.
+     */
     for ( i=0; i<nr_lrs; i++)
         v->arch.gic_lr[i] = GICH[GICH_LR + i];
     v->arch.lr_mask = this_cpu(lr_mask);
-    spin_unlock_irq(&gic.lock);
     v->arch.gic_apr = GICH[GICH_APR];
     /* Disable until next VCPU scheduled */
     GICH[GICH_HCR] = 0;
@@ -524,7 +527,7 @@ void gic_set_guest_irq(struct vcpu *v, unsigned int virtual_irq,
 
     spin_lock_irqsave(&gic.lock, flags);
 
-    if ( v->is_running && list_empty(&v->arch.vgic.lr_pending) )
+    if ( v == current && list_empty(&v->arch.vgic.lr_pending) )
     {
         i = find_first_zero_bit(&this_cpu(lr_mask), nr_lrs);
         if (i < nr_lrs) {