From 5aa2a526e22772446e1d182c487aa6ebcff11660 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Mon, 20 Apr 2009 14:56:31 +0100 Subject: [PATCH] x86: fix next->vcpu_dirty_cpumask checking in context_switch() There was a timing window where flush_tlb_mask() could be called with an empty mask (triggering a WARN_ON() in send_IPI_mask_flat() along with APIC errors) because rather than using the already taken snapshot of next's vcpu_dirty_cpumask struct vcpu's field was used directly, which can get its only bit cleared by remote CPUs. Replacing the structure field's use by the local variable then made the inner cpus_empty() check completely redundant with the one in the surrounding if()'s condition. Signed-off-by: Jan Beulich --- xen/arch/x86/domain.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 7ceb0e4516..598d970c19 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1308,8 +1308,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) if ( unlikely(!cpu_isset(cpu, dirty_mask) && !cpus_empty(dirty_mask)) ) { /* Other cpus call __sync_lazy_execstate from flush ipi handler. */ - if ( !cpus_empty(next->vcpu_dirty_cpumask) ) - flush_tlb_mask(next->vcpu_dirty_cpumask); + flush_tlb_mask(dirty_mask); } if ( is_hvm_vcpu(prev) && !list_empty(&prev->arch.hvm_vcpu.tm_list) ) -- 2.30.2