From 73f908f4d6b77c3e6bd51c0c05d189e0f581f6a3 Mon Sep 17 00:00:00 2001
From: Isaku Yamahata <yamahata@valinux.co.jp>
Date: Tue, 28 Oct 2008 14:31:58 +0900
Subject: [PATCH] [IA64] protect ridblock_owner.

protect ridblock_owner by spin lock.
deallocate_rid() is called by arch_domain_destroy() which
is called as rcu callback.
On the other hand allocate_rid() is called from domctl hypercall.
So the access to ridblock_owner is racy.
Protect it by spin lock.
So far probably xend serializes creating domains, so it hasn't
been caused issues.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
---
 xen/arch/ia64/xen/regionreg.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/xen/arch/ia64/xen/regionreg.c b/xen/arch/ia64/xen/regionreg.c
index f2ef96c060..c23cb903e8 100644
--- a/xen/arch/ia64/xen/regionreg.c
+++ b/xen/arch/ia64/xen/regionreg.c
@@ -100,6 +100,7 @@ static unsigned long allocate_metaphysical_rr(struct domain *d, int n)
 
 static int implemented_rid_bits = 0;
 static int mp_rid_shift;
+static DEFINE_SPINLOCK(ridblock_lock);
 static struct domain *ridblock_owner[MAX_RID_BLOCKS] = { 0 };
 
 void __init init_rid_allocator (void)
@@ -169,6 +170,7 @@ int allocate_rid_range(struct domain *d, unsigned long ridbits)
 	n_rid_blocks = 1UL << (ridbits - IA64_MIN_IMPL_RID_BITS);
 	
 	// skip over block 0, reserved for "meta-physical mappings (and Xen)"
+	spin_lock(&ridblock_lock);
 	for (i = n_rid_blocks; i < MAX_RID_BLOCKS; i += n_rid_blocks) {
 		if (ridblock_owner[i] == NULL) {
 			for (j = i; j < i + n_rid_blocks; ++j) {
@@ -182,16 +184,19 @@ int allocate_rid_range(struct domain *d, unsigned long ridbits)
 				break;
 		}
 	}
-	
-	if (i >= MAX_RID_BLOCKS)
+
+	if (i >= MAX_RID_BLOCKS) {
+		spin_unlock(&ridblock_lock);
 		return 0;
-	
+	}
+
 	// found an unused block:
 	//   (i << min_rid_bits) <= rid < ((i + n) << min_rid_bits)
 	// mark this block as owned
 	for (j = i; j < i + n_rid_blocks; ++j)
 		ridblock_owner[j] = d;
-	
+	spin_unlock(&ridblock_lock);
+
 	// setup domain struct
 	d->arch.rid_bits = ridbits;
 	d->arch.starting_rid = i << IA64_MIN_IMPL_RID_BITS;
@@ -221,11 +226,12 @@ int deallocate_rid_range(struct domain *d)
 	if (d->arch.rid_bits == 0)
 		return 1;
 
-	
+	spin_lock(&ridblock_lock);
 	for (i = rid_block_start; i < rid_block_end; ++i) {
 	        ASSERT(ridblock_owner[i] == d);
 		ridblock_owner[i] = NULL;
 	}
+	spin_unlock(&ridblock_lock);
 
 	d->arch.rid_bits = 0;
 	d->arch.starting_rid = 0;
-- 
2.30.2