evtchn/fifo: only set READY for new heads
Setting a queue's READY bit for every event added to the queue
introduces a race.
If an event is added to the tail of a queue, the guest may consume the
newly added event and leave an empty queue before the READY is set.
The guest may then see a stale HEAD value and if the event at the
stale head became linked onto a different queue, the guest would
consume events from the wrong queue (corrupting it).
As noted in section 4.1.2 of the design document, only set READY if a
new HEAD is set. This ensures that if the guest sees a READY bit set
the corresponding HEAD is valid.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
projects / xen.git / commit