From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 23 Nov 2017 10:38:22 +0000 (+0100)
Subject: sync CPU state upon final domain destruction
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1022
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=24246e1fb7496b830aca8a6a1fd3064ca1e3ebf9;p=xen.git

sync CPU state upon final domain destruction

See the code comment being added for why we need this.

This is being placed here to balance between the desire to prevent
future similar issues (the risk of which would grow if it was put
further down the call stack, e.g. in vmx_vcpu_destroy()) and the
intention to limit the performance impact (otherwise it could also go
into rcu_do_batch(), paralleling the use in do_tasklet_work()).

Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Julien Grall <julien.grall@linaro.org>
---

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 5aebcf265f..7484693a87 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -794,6 +794,14 @@ static void complete_domain_destroy(struct rcu_head *head)
     struct vcpu *v;
     int i;
 
+    /*
+     * Flush all state for the vCPU previously having run on the current CPU.
+     * This is in particular relevant for x86 HVM ones on VMX, so that this
+     * flushing of state won't happen from the TLB flush IPI handler behind
+     * the back of a vmx_vmcs_enter() / vmx_vmcs_exit() section.
+     */
+    sync_local_execstate();
+
     for ( i = d->max_vcpus - 1; i >= 0; i-- )
     {
         if ( (v = d->vcpu[i]) == NULL )