On 08/05/2019 13:46, Jan Beulich wrote:
> The timer needs to remain active only until all pending IRQ instances
> have seen EOIs from their respective domains. Stop it when the in-flight
> count has reached zero in desc_guest_eoi(). Note that this is race free
> (with __do_IRQ_guest()), as the IRQ descriptor lock is being held at
> that point.
>
> Also pull up stopping of the timer in __do_IRQ_guest() itself: Instead
> of stopping it immediately before re-setting, stop it as soon as we've
> made it past any early returns from the function (and hence we're sure
> it'll get set again).
Why this this a good thing?
>
> Finally bail from the actual timer handler in case we find the timer
> already active again by the time we've managed to acquire the IRQ
> descriptor lock. Without this we may forcibly EOI an IRQ immediately
> after it got sent to a guest. For this, timer_is_active() gets split out
> of active_timer(), deliberately moving just one of the two ASSERT()s (to
> allow the function to be used also on a never initialized timer).
>
> Signed-off-by: Jan Beulich <jbeul...@suse.com>
>
> --- a/xen/arch/x86/irq.c
> +++ b/xen/arch/x86/irq.c
> @@ -1115,6 +1115,9 @@ static void irq_guest_eoi_timer_fn(void
>
> action = (irq_guest_action_t *)desc->action;
>
/* Another instance of this timer already running? Skip everything to
avoid forcing an EOI early. */
~Andrew
> + if ( timer_is_active(&action->eoi_timer) )
> + goto out;
> +
> if ( action->ack_type != ACKTYPE_NONE )
> {
> unsigned int i;
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
