[IA64] Fix ptc.g race

If one vcpu is executing ptc.g, while the other vcpu is executing itc,
the VHPT(VTLB) entry which should be purged may unexpectedly survive.
Then issue happens.

Signed-off-by: Anthony Xu <anthony.xu@intel.com>

diff --git a/xen/arch/ia64/vmx/vtlb.c b/xen/arch/ia64/vmx/vtlb.c
index 9f016276029c73ddfe9097b719f51f3a48d978b1..a7aa60847131f545b705a8f0688761e05abefc4c 100644 (file)
--- a/xen/arch/ia64/vmx/vtlb.c
+++ b/xen/arch/ia64/vmx/vtlb.c
@@ -168,6 +168,7 @@ static void vmx_vhpt_insert(thash_cb_t *hcb, u64 pte, u64 itir, u64 ifa)
     else{
         cch = __alloc_chain(hcb);
     }
+    local_irq_disable();
     *cch = *head;
     head->page_flags=pte;
     head->itir = rr.ps << 2;
@@ -175,6 +176,7 @@ static void vmx_vhpt_insert(thash_cb_t *hcb, u64 pte, u64 itir, u64 ifa)
     head->next = cch;
     head->len = cch->len+1;
     cch->len = 0;
+    local_irq_enable();
     return;
 }
 
@@ -424,14 +426,14 @@ void vtlb_insert(VCPU *v, u64 pte, u64 itir, u64 va)
     else {
         cch = __alloc_chain(hcb);
     }
-    *cch = *hash_table;
-    hash_table->page_flags = pte;
-    hash_table->itir=itir;
-    hash_table->etag=tag;
+    cch->page_flags = pte;
+    cch->itir = itir;
+    cch->etag = tag;
+    cch->next = hash_table->next;
+    wmb();
     hash_table->next = cch;
-    hash_table->len = cch->len + 1;
-    cch->len = 0;
-    return ;
+    hash_table->len += 1;
+    return;
 }