lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri,  7 Mar 2014 17:08:12 -0800
From:	Greg Kroah-Hartman <>
Cc:	Greg Kroah-Hartman <>,, David Vrabel <>,
	Konrad Rzeszutek Wilk <>,
	Jan Beulich <>,
	Ben Hutchings <>,
	Yijing Wang <>
Subject: [PATCH 3.4 76/99] xen/events: mask events when changing their VCPU binding

3.4-stable review patch.  If anyone has any objections, please let me know.


From: David Vrabel <>

commit 5e72fdb8d827560893642e85a251d339109a00f4 upstream.

commit 4704fe4f03a5ab27e3c36184af85d5000e0f8a48 upstream.

When a event is being bound to a VCPU there is a window between the
EVTCHNOP_bind_vpcu call and the adjustment of the local per-cpu masks
where an event may be lost.  The hypervisor upcalls the new VCPU but
the kernel thinks that event is still bound to the old VCPU and
ignores it.

There is even a problem when the event is being bound to the same VCPU
as there is a small window beween the clear_bit() and set_bit() calls
in bind_evtchn_to_cpu().  When scanning for pending events, the kernel
may read the bit when it is momentarily clear and ignore the event.

Avoid this by masking the event during the whole bind operation.

Signed-off-by: David Vrabel <>
Signed-off-by: Konrad Rzeszutek Wilk <>
Reviewed-by: Jan Beulich <>
[bwh: Backported to 3.2: remove the BM() cast]
Signed-off-by: Ben Hutchings <>
Cc: Yijing Wang <>
Signed-off-by: Greg Kroah-Hartman <>

 drivers/xen/events.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -1422,8 +1422,10 @@ void rebind_evtchn_irq(int evtchn, int i
 /* Rebind an evtchn so that it gets delivered to a specific cpu */
 static int rebind_irq_to_cpu(unsigned irq, unsigned tcpu)
+	struct shared_info *s = HYPERVISOR_shared_info;
 	struct evtchn_bind_vcpu bind_vcpu;
 	int evtchn = evtchn_from_irq(irq);
+	int masked;
 	if (!VALID_EVTCHN(evtchn))
 		return -1;
@@ -1440,6 +1442,12 @@ static int rebind_irq_to_cpu(unsigned ir
 	bind_vcpu.vcpu = tcpu;
+	 * Mask the event while changing the VCPU binding to prevent
+	 * it being delivered on an unexpected VCPU.
+	 */
+	masked = sync_test_and_set_bit(evtchn, s->evtchn_mask);
+	/*
 	 * If this fails, it usually just indicates that we're dealing with a
 	 * virq or IPI channel, which don't actually need to be rebound. Ignore
 	 * it, but don't do the xenlinux-level rebind in that case.
@@ -1447,6 +1455,9 @@ static int rebind_irq_to_cpu(unsigned ir
 	if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_vcpu, &bind_vcpu) >= 0)
 		bind_evtchn_to_cpu(evtchn, tcpu);
+	if (!masked)
+		unmask_evtchn(evtchn);
 	return 0;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists