Description of problem: The test in input_handler() compares against out_cons instead of in_cons. out_cons is always zero with the current code. The broken test can misbehave in two ways: * If input_handler() runs when a multiple of 2^32 events have been put into the ring buffer, in_prod is zero, and the test decides the ring buffer is empty even when it is not. When this happens, the bug delays processing keyboard and mouse events until more arrive. It deadlocks the virtual keyboard and mouse if the ring buffer happens to be full. Possible, but quite unlikely. * If input_handler() runs when another number of events have been put into the ring buffer, in_prod is non-zero, and the test decides the ring buffer isn't empty even when it is. When this happens, the bug makes us execute superfluous memory barriers and send a bogus event to the backend, which the backend ignores. Steps to Reproduce: Haven't tried. Additional info: Proposed fix is in the patch for bug 434802. Upstream fix: http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/418
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
See bug 434802 for a proposed fix.
The proposed fix from bug 434802 has been committed as a fix for bug 434800. Turning this one into a duplicate of 434800 to keep things simple and sane. *** This bug has been marked as a duplicate of 434800 ***