From: Stefano Stabellini <sstabellini@kernel.org>
Date: Wed, 5 Apr 2017 20:28:42 +0000 (-0700)
Subject: arm: remove irq from inflight, then change physical affinity
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=31bc6a93a096bab21211e0e2c7c284ee4aec5402;p=people%2Froyger%2Fxen.git

arm: remove irq from inflight, then change physical affinity

This patch fixes a potential race that could happen when
gic_update_one_lr and vgic_vcpu_inject_irq run simultaneously.

When GIC_IRQ_GUEST_MIGRATING is set, we must make sure that the irq has
been removed from inflight before changing physical affinity, to avoid
concurrent accesses to p->inflight, as vgic_vcpu_inject_irq will take a
different vcpu lock.

Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Julien Grall <julien.grall@arm.com>
---

diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index 9522c6c25c..f5dc88530b 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -503,6 +503,13 @@ static void gic_update_one_lr(struct vcpu *v, int i)
             gic_raise_guest_irq(v, irq, p->priority);
         else {
             list_del_init(&p->inflight);
+            /*
+             * Remove from inflight, then change physical affinity. It
+             * makes sure that when a new interrupt is received on the
+             * next pcpu, inflight is already cleared. No concurrent
+             * accesses to inflight.
+             */
+            smp_wmb();
             if ( test_and_clear_bit(GIC_IRQ_GUEST_MIGRATING, &p->status) )
             {
                 struct vcpu *v_target = vgic_get_target_vcpu(v, irq);