On 08/05/2019 13:46, Jan Beulich wrote: > There's no point entering the loop in the function in this case. Instead > there still being something in flight _after_ the loop would be an > actual problem: No timer would be running anymore for issuing the EOI > eventually, and hence this IRQ (and possibly lower priority ones) would > be blocked, perhaps indefinitely. > > Issue a warning instead and prefer breaking some (presumably > misbehaving) guest over stalling perhaps the entire system. > > Signed-off-by: Jan Beulich <jbeul...@suse.com> > > --- a/xen/arch/x86/irq.c > +++ b/xen/arch/x86/irq.c > @@ -1115,7 +1115,7 @@ static void irq_guest_eoi_timer_fn(void > > action = (irq_guest_action_t *)desc->action; > > - if ( timer_is_active(&action->eoi_timer) ) > + if ( !action->in_flight || timer_is_active(&action->eoi_timer) ) > goto out; > > if ( action->ack_type != ACKTYPE_NONE ) > @@ -1130,8 +1130,10 @@ static void irq_guest_eoi_timer_fn(void > } > } > > - if ( action->in_flight != 0 ) > - goto out; > + if ( action->in_flight ) > + printk(XENLOG_G_WARNING > + "IRQ%d: %d handlers still in flight at forced EOI\n", > + desc->irq, action->in_flight);
AFACIT, this condition can be triggered by a buggy/malicious guest, by it simply ignoring or masking the line interrupt at the vIO-APIC. The message would be far more useful if it identified the domain in question, which looks like it can be obtained from the middle of the loop. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
