Red Hat Bugzilla – Bug 451807
xenkbd's test for ring empty is wrong
Last modified: 2008-07-21 12:43:12 EDT
Description of problem:
The test in input_handler() compares against out_cons instead of in_cons.
out_cons is always zero with the current code.
The broken test can misbehave in two ways:
* If input_handler() runs when a multiple of 2^32 events have been put into the
ring buffer, in_prod is zero, and the test decides the ring buffer is empty even
when it is not.
When this happens, the bug delays processing keyboard and mouse events until
more arrive. It deadlocks the virtual keyboard and mouse if the ring buffer
happens to be full. Possible, but quite unlikely.
* If input_handler() runs when another number of events have been put into the
ring buffer, in_prod is non-zero, and the test decides the ring buffer isn't
empty even when it is.
When this happens, the bug makes us execute superfluous memory barriers and
send a bogus event to the backend, which the backend ignores.
Steps to Reproduce:
Proposed fix is in the patch for bug 434802.
Upstream fix: http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/418
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
See bug 434802 for a proposed fix.
The proposed fix from bug 434802 has been committed as a fix for bug 434800.
Turning this one into a duplicate of 434800 to keep things simple and sane.
*** This bug has been marked as a duplicate of 434800 ***