File 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch of Package xen.4687

# Commit b399386bcdb9d458f5647476a06fe86f5968d87e
# Date 2015-06-22 11:36:17 +0200
# Author David Vrabel <david.vrabel@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
evtchn: clear xen_consumer when clearing state

Freeing a xen event channel would clear xen_consumer before clearing
the channel state, leaving a window where the channel is in a funny
state (still bound but no consumer).

Move the clear of xen_consumer into free_evtchn() where the state is
also cleared.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>

Ditch the pointless evtchn_close() wrapper around __evtchn_close()
(renaming the latter) as well as some bogus casts of function results
to void.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

Index: xen-4.5.3-testing/xen/common/event_channel.c
===================================================================
--- xen-4.5.3-testing.orig/xen/common/event_channel.c
+++ xen-4.5.3-testing/xen/common/event_channel.c
@@ -205,6 +205,7 @@ static void free_evtchn(struct domain *d
     /* Reset binding to vcpu0 when the channel is freed. */
     chn->state          = ECS_FREE;
     chn->notify_vcpu_id = 0;
+    chn->xen_consumer   = 0;
 
     xsm_evtchn_close_post(chn);
 }
@@ -468,7 +469,7 @@ static long evtchn_bind_pirq(evtchn_bind
 }
 
 
-static long __evtchn_close(struct domain *d1, int port1)
+static long evtchn_close(struct domain *d1, int port1, bool_t guest)
 {
     struct domain *d2 = NULL;
     struct vcpu   *v;
@@ -488,7 +489,7 @@ static long __evtchn_close(struct domain
     chn1 = evtchn_from_port(d1, port1);
 
     /* Guest cannot close a Xen-attached event channel. */
-    if ( unlikely(consumer_is_xen(chn1)) )
+    if ( unlikely(consumer_is_xen(chn1)) && guest )
     {
         rc = -EINVAL;
         goto out;
@@ -597,12 +598,6 @@ static long __evtchn_close(struct domain
     return rc;
 }
 
-
-static long evtchn_close(evtchn_close_t *close)
-{
-    return __evtchn_close(current->domain, close->port);
-}
-
 int evtchn_send(struct domain *d, unsigned int lport)
 {
     struct evtchn *lchn, *rchn;
@@ -957,7 +952,7 @@ static long evtchn_reset(evtchn_reset_t
         goto out;
 
     for ( i = 0; port_is_valid(d, i); i++ )
-        (void)__evtchn_close(d, i);
+        evtchn_close(d, i, 1);
 
     spin_lock(&d->event_lock);
 
@@ -1064,7 +1059,7 @@ long do_event_channel_op(int cmd, XEN_GU
         struct evtchn_close close;
         if ( copy_from_guest(&close, arg, 1) != 0 )
             return -EFAULT;
-        rc = evtchn_close(&close);
+        rc = evtchn_close(current->domain, close.port, 1);
         break;
     }
 
@@ -1194,11 +1189,10 @@ void free_xen_event_channel(
     BUG_ON(!port_is_valid(d, port));
     chn = evtchn_from_port(d, port);
     BUG_ON(!consumer_is_xen(chn));
-    chn->xen_consumer = 0;
 
     spin_unlock(&d->event_lock);
 
-    (void)__evtchn_close(d, port);
+    evtchn_close(d, port, 0);
 }
 
 
@@ -1297,10 +1291,7 @@ void evtchn_destroy(struct domain *d)
 
     /* Close all existing event channels. */
     for ( i = 0; port_is_valid(d, i); i++ )
-    {
-        evtchn_from_port(d, i)->xen_consumer = 0;
-        (void)__evtchn_close(d, i);
-    }
+        evtchn_close(d, i, 0);
 
     /* Free all event-channel buckets. */
     spin_lock(&d->event_lock);