queue-2.6.33/xen-x86_32-do-not-enable-iterrupts-when-returning-from.patch - pub/scm/linux/kernel/git/longterm/longterm-queue-2.6.33 - Git at Google

 From d198d499148a0c64a41b3aba9e7dd43772832b91 Mon Sep 17 00:00:00 2001
 From: Igor Mammedov <imammedo@redhat.com>
 Date: Thu, 1 Sep 2011 13:46:55 +0200
 Subject: xen: x86_32: do not enable iterrupts when returning from exception in interrupt context

 From: Igor Mammedov <imammedo@redhat.com>

 commit d198d499148a0c64a41b3aba9e7dd43772832b91 upstream.

 If vmalloc page_fault happens inside of interrupt handler with interrupts
 disabled then on exit path from exception handler when there is no pending
 interrupts, the following code (arch/x86/xen/xen-asm_32.S:112):

 	cmpw $0x0001, XEN_vcpu_info_pending(%eax)
 	sete XEN_vcpu_info_mask(%eax)

 will enable interrupts even if they has been previously disabled according to
 eflags from the bounce frame (arch/x86/xen/xen-asm_32.S:99)

 	testb $X86_EFLAGS_IF>>8, 8+1+ESP_OFFSET(%esp)
 	setz XEN_vcpu_info_mask(%eax)

 Solution is in setting XEN_vcpu_info_mask only when it should be set
 according to
 	cmpw $0x0001, XEN_vcpu_info_pending(%eax)
 but not clearing it if there isn't any pending events.

 Reproducer for bug is attached to RHBZ 707552

 Signed-off-by: Igor Mammedov <imammedo@redhat.com>
 Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
 Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 ---
  arch/x86/xen/xen-asm_32.S |    8 +++++---
  1 file changed, 5 insertions(+), 3 deletions(-)

 --- a/arch/x86/xen/xen-asm_32.S
 +++ b/arch/x86/xen/xen-asm_32.S
 @@ -113,11 +113,13 @@ xen_iret_start_crit:

  	/*
  	 * If there's something pending, mask events again so we can
 -	 * jump back into xen_hypervisor_callback
 +	 * jump back into xen_hypervisor_callback. Otherwise do not
 +	 * touch XEN_vcpu_info_mask.
  	 */
 -	sete XEN_vcpu_info_mask(%eax)
 +	jne 1f
 +	movb $1, XEN_vcpu_info_mask(%eax)

 -	popl %eax
 +1:	popl %eax

  	/*
  	 * From this point on the registers are restored and the stack
	From d198d499148a0c64a41b3aba9e7dd43772832b91 Mon Sep 17 00:00:00 2001
	From: Igor Mammedov <imammedo@redhat.com>
	Date: Thu, 1 Sep 2011 13:46:55 +0200
	Subject: xen: x86_32: do not enable iterrupts when returning from exception in interrupt context

	From: Igor Mammedov <imammedo@redhat.com>

	commit d198d499148a0c64a41b3aba9e7dd43772832b91 upstream.

	If vmalloc page_fault happens inside of interrupt handler with interrupts
	disabled then on exit path from exception handler when there is no pending
	interrupts, the following code (arch/x86/xen/xen-asm_32.S:112):

	cmpw $0x0001, XEN_vcpu_info_pending(%eax)
	sete XEN_vcpu_info_mask(%eax)

	will enable interrupts even if they has been previously disabled according to
	eflags from the bounce frame (arch/x86/xen/xen-asm_32.S:99)

	testb $X86_EFLAGS_IF>>8, 8+1+ESP_OFFSET(%esp)
	setz XEN_vcpu_info_mask(%eax)

	Solution is in setting XEN_vcpu_info_mask only when it should be set
	according to
	cmpw $0x0001, XEN_vcpu_info_pending(%eax)
	but not clearing it if there isn't any pending events.

	Reproducer for bug is attached to RHBZ 707552

	Signed-off-by: Igor Mammedov <imammedo@redhat.com>
	Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
	Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	---
	arch/x86/xen/xen-asm_32.S \| 8 +++++---
	1 file changed, 5 insertions(+), 3 deletions(-)

	--- a/arch/x86/xen/xen-asm_32.S
	+++ b/arch/x86/xen/xen-asm_32.S
	@@ -113,11 +113,13 @@ xen_iret_start_crit:

	/*
	* If there's something pending, mask events again so we can
	- * jump back into xen_hypervisor_callback
	+ * jump back into xen_hypervisor_callback. Otherwise do not
	+ * touch XEN_vcpu_info_mask.
	*/
	- sete XEN_vcpu_info_mask(%eax)
	+ jne 1f
	+ movb $1, XEN_vcpu_info_mask(%eax)

	- popl %eax
	+1: popl %eax

	/*
	* From this point on the registers are restored and the stack