From e5ac0bda96c495321dbad9b57a4b1a93a5a72e7f Mon Sep 17 00:00:00 2001 From: Stefano Stabellini Date: Wed, 25 May 2011 12:33:23 +0100 Subject: [PATCH 1/2] xen: use the trigger info we already have to choose the irq handler Do not use pirq_needs_eoi to decide which irq handler to use because Xen always returns true if the guest does not support pirq_eoi_map. Use the trigger information we already have from MP-tables and ACPI. Signed-off-by: Stefano Stabellini Reported-by: Thomas Goetz Tested-by: Thomas Goetz Signed-off-by: Konrad Rzeszutek Wilk --- drivers/xen/events.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/xen/events.c b/drivers/xen/events.c index 3ff822b48145..553da68bd510 100644 --- a/drivers/xen/events.c +++ b/drivers/xen/events.c @@ -626,6 +626,9 @@ int xen_allocate_pirq_gsi(unsigned gsi) * * Note: We don't assign an event channel until the irq actually started * up. Return an existing irq if we've already got one for the gsi. + * + * Shareable implies level triggered, not shareable implies edge + * triggered here. */ int xen_bind_pirq_gsi_to_irq(unsigned gsi, unsigned pirq, int shareable, char *name) @@ -664,16 +667,13 @@ int xen_bind_pirq_gsi_to_irq(unsigned gsi, pirq_query_unmask(irq); /* We try to use the handler with the appropriate semantic for the - * type of interrupt: if the interrupt doesn't need an eoi - * (pirq_needs_eoi returns false), we treat it like an edge - * triggered interrupt so we use handle_edge_irq. - * As a matter of fact this only happens when the corresponding - * physical interrupt is edge triggered or an msi. + * type of interrupt: if the interrupt is an edge triggered + * interrupt we use handle_edge_irq. * - * On the other hand if the interrupt needs an eoi (pirq_needs_eoi - * returns true) we treat it like a level triggered interrupt so we - * use handle_fasteoi_irq like the native code does for this kind of + * On the other hand if the interrupt is level triggered we use + * handle_fasteoi_irq like the native code does for this kind of * interrupts. + * * Depending on the Xen version, pirq_needs_eoi might return true * not only for level triggered interrupts but for edge triggered * interrupts too. In any case Xen always honors the eoi mechanism, @@ -681,7 +681,7 @@ int xen_bind_pirq_gsi_to_irq(unsigned gsi, * hasn't received an eoi yet. Therefore using the fasteoi handler * is the right choice either way. */ - if (pirq_needs_eoi(irq)) + if (shareable) irq_set_chip_and_handler_name(irq, &xen_pirq_chip, handle_fasteoi_irq, name); else From f124c6ae59e193705c9ddac57684d50006d710e6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 3 Jun 2011 07:45:28 +0300 Subject: [PATCH 2/2] xen: off by one errors in multicalls.c b->args[] has MC_ARGS elements, so the comparison here should be ">=" instead of ">". Otherwise we read past the end of the array one space. CC: stable@kernel.org Signed-off-by: Dan Carpenter Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Jeremy Fitzhardinge --- arch/x86/xen/multicalls.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/xen/multicalls.c b/arch/x86/xen/multicalls.c index 8bff7e7c290b..1b2b73ff0a6e 100644 --- a/arch/x86/xen/multicalls.c +++ b/arch/x86/xen/multicalls.c @@ -189,10 +189,10 @@ struct multicall_space __xen_mc_entry(size_t args) unsigned argidx = roundup(b->argidx, sizeof(u64)); BUG_ON(preemptible()); - BUG_ON(b->argidx > MC_ARGS); + BUG_ON(b->argidx >= MC_ARGS); if (b->mcidx == MC_BATCH || - (argidx + args) > MC_ARGS) { + (argidx + args) >= MC_ARGS) { mc_stats_flush(b->mcidx == MC_BATCH ? FL_SLOTS : FL_ARGS); xen_mc_flush(); argidx = roundup(b->argidx, sizeof(u64)); @@ -206,7 +206,7 @@ struct multicall_space __xen_mc_entry(size_t args) ret.args = &b->args[argidx]; b->argidx = argidx + args; - BUG_ON(b->argidx > MC_ARGS); + BUG_ON(b->argidx >= MC_ARGS); return ret; } @@ -216,7 +216,7 @@ struct multicall_space xen_mc_extend_args(unsigned long op, size_t size) struct multicall_space ret = { NULL, NULL }; BUG_ON(preemptible()); - BUG_ON(b->argidx > MC_ARGS); + BUG_ON(b->argidx >= MC_ARGS); if (b->mcidx == 0) return ret; @@ -224,14 +224,14 @@ struct multicall_space xen_mc_extend_args(unsigned long op, size_t size) if (b->entries[b->mcidx - 1].op != op) return ret; - if ((b->argidx + size) > MC_ARGS) + if ((b->argidx + size) >= MC_ARGS) return ret; ret.mc = &b->entries[b->mcidx - 1]; ret.args = &b->args[b->argidx]; b->argidx += size; - BUG_ON(b->argidx > MC_ARGS); + BUG_ON(b->argidx >= MC_ARGS); return ret; }