diff options
| author | Michael S. Tsirkin <mst@redhat.com> | 2012-07-19 06:45:20 -0400 |
|---|---|---|
| committer | Marcelo Tosatti <mtosatti@redhat.com> | 2012-07-20 15:12:00 -0400 |
| commit | 1a577b72475d161b6677c05abe57301362023bb2 (patch) | |
| tree | d8a9910f0016ada479c5a88c1a330b5e1cbc7ef1 /arch/x86/kvm | |
| parent | d63d3e6217c49b81d74141b7920bbe5950532432 (diff) | |
KVM: fix race with level interrupts
When more than 1 source id is in use for the same GSI, we have the
following race related to handling irq_states race:
CPU 0 clears bit 0. CPU 0 read irq_state as 0. CPU 1 sets level to 1.
CPU 1 calls kvm_ioapic_set_irq(1). CPU 0 calls kvm_ioapic_set_irq(0).
Now ioapic thinks the level is 0 but irq_state is not 0.
Fix by performing all irq_states bitmap handling under pic/ioapic lock.
This also removes the need for atomics with irq_states handling.
Reported-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Diffstat (limited to 'arch/x86/kvm')
| -rw-r--r-- | arch/x86/kvm/i8259.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c index 81cf4fa4a2be..1df8fb9e1d5d 100644 --- a/arch/x86/kvm/i8259.c +++ b/arch/x86/kvm/i8259.c | |||
| @@ -188,14 +188,15 @@ void kvm_pic_update_irq(struct kvm_pic *s) | |||
| 188 | pic_unlock(s); | 188 | pic_unlock(s); |
| 189 | } | 189 | } |
| 190 | 190 | ||
| 191 | int kvm_pic_set_irq(void *opaque, int irq, int level) | 191 | int kvm_pic_set_irq(struct kvm_pic *s, int irq, int irq_source_id, int level) |
| 192 | { | 192 | { |
| 193 | struct kvm_pic *s = opaque; | ||
| 194 | int ret = -1; | 193 | int ret = -1; |
| 195 | 194 | ||
| 196 | pic_lock(s); | 195 | pic_lock(s); |
| 197 | if (irq >= 0 && irq < PIC_NUM_PINS) { | 196 | if (irq >= 0 && irq < PIC_NUM_PINS) { |
| 198 | ret = pic_set_irq1(&s->pics[irq >> 3], irq & 7, level); | 197 | int irq_level = __kvm_irq_line_state(&s->irq_states[irq], |
| 198 | irq_source_id, level); | ||
| 199 | ret = pic_set_irq1(&s->pics[irq >> 3], irq & 7, irq_level); | ||
| 199 | pic_update_irq(s); | 200 | pic_update_irq(s); |
| 200 | trace_kvm_pic_set_irq(irq >> 3, irq & 7, s->pics[irq >> 3].elcr, | 201 | trace_kvm_pic_set_irq(irq >> 3, irq & 7, s->pics[irq >> 3].elcr, |
| 201 | s->pics[irq >> 3].imr, ret == 0); | 202 | s->pics[irq >> 3].imr, ret == 0); |
| @@ -205,6 +206,16 @@ int kvm_pic_set_irq(void *opaque, int irq, int level) | |||
| 205 | return ret; | 206 | return ret; |
| 206 | } | 207 | } |
| 207 | 208 | ||
| 209 | void kvm_pic_clear_all(struct kvm_pic *s, int irq_source_id) | ||
| 210 | { | ||
| 211 | int i; | ||
| 212 | |||
| 213 | pic_lock(s); | ||
| 214 | for (i = 0; i < PIC_NUM_PINS; i++) | ||
| 215 | __clear_bit(irq_source_id, &s->irq_states[i]); | ||
| 216 | pic_unlock(s); | ||
| 217 | } | ||
| 218 | |||
| 208 | /* | 219 | /* |
| 209 | * acknowledge interrupt 'irq' | 220 | * acknowledge interrupt 'irq' |
| 210 | */ | 221 | */ |