Here is fix for bug 1706.

ROOT-CAUSE:
In the end of domain_destroy fn, call_rcu(&d->rcu, complete_domain_destroy) make it possible that complete_domain_destroy fn be executed in different vcpu context. So the IS_PRIV_FOR check in unmap_domain_pirq fn is not suitable. In fact, all necessary privilege checks have already been done in the start of hypercalls, we need only simply remove this check from unmap_domain_pirq.

Signed-off-by: Wei Gang <gang.wei@inte.com>

diff -r d1631540bcc4 xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c	Tue Jan 18 17:23:24 2011 +0000
+++ b/xen/arch/x86/irq.c	Thu Jan 27 20:53:28 2011 +0800
@@ -1567,9 +1567,6 @@ int unmap_domain_pirq(struct domain *d, 
     if ( (pirq < 0) || (pirq >= d->nr_pirqs) )
         return -EINVAL;
 
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EINVAL;
-
     ASSERT(spin_is_locked(&pcidevs_lock));
     ASSERT(spin_is_locked(&d->event_lock));

Jimmy