Changeset 40740 in vbox

Timestamp:

Apr 2, 2012 11:54:41 AM (13 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

77217

Message:

SUPDrv: Update GIP data behind a spinlock for online/offline race conditions.

Location:

trunk

Files:

• include/VBox/sup.h (modified) (1 diff)
• include/VBox/sup.mac (modified) (1 diff)
• src/VBox/HostDrivers/Support/SUPDrv.c (modified) (7 diffs)

trunk/include/VBox/sup.h

@@ -208 +208 @@
     /** The max CPU ID (RTMpGetMaxCpuId). */
     RTCPUID             idCpuMax;
+    /** Padding to 8 byte alignment. */
+    uint16_t            au16Padding1[2];
+    /** Spinlock protecting the GIP array members. */
+    RTSPINLOCK          Spinlock;                       /* 144 */
 
     /** Padding / reserved space for future data. */
-    uint32_t            au32Padding1[29];
+    uint32_t            au32Padding1[26];
 
     /** Table indexed by the CPU APIC ID to get the CPU table index. */

trunk/include/VBox/sup.mac

@@ -63 +63 @@
     .u16Padding0                resw 1
     .idCpuMax                   resd 1
-    .au32Padding1               resd 29
+    .au16Padding1               resw 2
+    .Spinlock                   RTR0PTR_RES 1
+    .au32Padding1               resd 26
     .aiCpuFromApicId            resw 256
     .aiCpuFromCpuSetIdx         resw 256

trunk/src/VBox/HostDrivers/Support/SUPDrv.c

@@ -4908 +4908 @@
     supdrvGipInit(pDevExt, pGip, HCPhysGip, RTTimeSystemNanoTS(), 1000000000 / u32Interval /*=Hz*/, cCpus);
 
+    rc = RTSpinlockCreate(&pGip->Spinlock);
+    if (RT_FAILURE(rc))
+    {
+        supdrvGipDestroy(pDevExt);
+        return rc;
+    }
+
     /*
      * Create the timer.
@@ -4976 +4983 @@
     {
         supdrvGipTerm(pDevExt->pGip);
+        if (pDevExt->pGip->Spinlock)
+        {
+            RTSpinlockDestroy(pDevExt->pGip->Spinlock);
+            pDevExt->pGip->Spinlock = NIL_RTSPINLOCK;
+        }
+
         pDevExt->pGip = NULL;
     }
@@ -5096 +5109 @@
     uint32_t    i = 0;
     uint64_t    u64NanoTS = 0;
+    RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
 
     AssertRelease(idCpu == RTMpCpuId());
     Assert(pGip->cPossibleCpus == RTMpGetCount());
+
+    /*
+     * Do this behind a spinlock with interrupts disabled as this can fire
+     * on all CPUs simultaneously, see #6110.
+     */
+    RTSpinlockAcquireNoInts(pGip->Spinlock, &SpinlockTmp);
 
     /*
@@ -5132 +5152 @@
     /* commit it */
     ASMAtomicWriteSize(&pGip->aCPUs[i].enmState, SUPGIPCPUSTATE_ONLINE);
+
+    RTSpinlockReleaseNoInts(pGip->Spinlock, &SpinlockTmp);
 }
 
@@ -5147 +5169 @@
     int         iCpuSet;
     unsigned    i;
+
+    RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
+    RTSpinlockAcquireNoInts(pGip->Spinlock, &SpinlockTmp);
 
     iCpuSet = RTMpCpuIdToSetIndex(idCpu);
@@ -5160 +5185 @@
     /* commit it */
     ASMAtomicWriteSize(&pGip->aCPUs[i].enmState, SUPGIPCPUSTATE_OFFLINE);
+
+    RTSpinlockReleaseNoInts(pGip->Spinlock, &SpinlockTmp);
 }
 
@@ -5469 +5496 @@
     pGip->cPossibleCpus         = RTMpGetCount();
     pGip->idCpuMax              = RTMpGetMaxCpuId();
+    pGip->Spinlock              = NULL;
     for (i = 0; i < RT_ELEMENTS(pGip->aiCpuFromApicId); i++)
         pGip->aiCpuFromApicId[i]    = 0;