@@ -991,7 +991,8 @@ void send_global_virq(uint32_t virq)
int set_global_virq_handler(struct domain *d, uint32_t virq)
{
- struct domain *old;
+ struct domain *old, *hdl;
+ const struct vcpu *v;
int rc = 0;
if (virq >= NR_VIRQS)
@@ -1023,7 +1024,22 @@ int set_global_virq_handler(struct domain *d, uint32_t virq)
else
{
old = global_virq_handlers[virq];
- global_virq_handlers[virq] = d;
+ hdl = get_global_virq_handler(virq);
+ if ( hdl != d )
+ {
+ read_lock(&hdl->event_lock);
+
+ v = hdl->vcpu[0];
+ if ( v && read_atomic(&v->virq_to_evtchn[virq]) )
+ {
+ rc = -EBUSY;
+ old = d;
+ }
+ else
+ global_virq_handlers[virq] = d;
+
+ read_unlock(&hdl->event_lock);
+ }
}
spin_unlock(&global_virq_handlers_lock);
XEN_DOMCTL_set_virq_handler will happily steal a global virq from the current domain having bound it and assign it to another domain. The former domain will just never receive any further events for that virq without knowing what happened. Change the behavior to allow XEN_DOMCTL_set_virq_handler only if the virq in question is not bound by the current domain allowed to use it. Currently the only user of XEN_DOMCTL_set_virq_handler in the Xen code base is init-xenstore-domain, so changing the behavior like above will not cause any problems. Signed-off-by: Juergen Gross <jgross@suse.com> --- V6: - new patch --- xen/common/event_channel.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-)