Simon Gaiser
6 years ago
parent
7ac215aaba
commit
a790a45b7b
@ -0,0 +1,49 @@
|
||||
From 2a22ee6c3ab1d761bc9c04f1e4117edd55b82f09 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Thu, 15 Mar 2018 03:43:20 +0100
|
||||
Subject: [PATCH 1/3] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling
|
||||
|
||||
Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple
|
||||
concurrent xenstore accesses") made a subtle change to the semantic of
|
||||
xenbus_dev_request_and_reply() and xenbus_transaction_end().
|
||||
|
||||
Before on an error response to XS_TRANSACTION_END
|
||||
xenbus_dev_request_and_reply() would not decrement the active
|
||||
transaction counter. But xenbus_transaction_end() has always counted the
|
||||
transaction as finished regardless of the response.
|
||||
|
||||
The new behavior is that xenbus_dev_request_and_reply() and
|
||||
xenbus_transaction_end() will always count the transaction as finished
|
||||
regardless the response code (handled in xs_request_exit()).
|
||||
|
||||
But xenbus_dev_frontend tries to end a transaction on closing of the
|
||||
device if the XS_TRANSACTION_END failed before. Trying to close the
|
||||
transaction twice corrupts the reference count. So fix this by also
|
||||
considering a transaction closed if we have sent XS_TRANSACTION_END once
|
||||
regardless of the return code.
|
||||
|
||||
Cc: <stable@vger.kernel.org> # 4.11
|
||||
Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses")
|
||||
Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
index a493e99bed21..81a84b3c1c50 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
@@ -365,7 +365,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req)
|
||||
if (WARN_ON(rc))
|
||||
goto out;
|
||||
}
|
||||
- } else if (req->msg.type == XS_TRANSACTION_END) {
|
||||
+ } else if (req->type == XS_TRANSACTION_END) {
|
||||
trans = xenbus_get_transaction(u, req->msg.tx_id);
|
||||
if (WARN_ON(!trans))
|
||||
goto out;
|
||||
--
|
||||
2.16.2
|
||||
|
||||
@ -0,0 +1,55 @@
|
||||
From 8fe5ab411209ac6e2c7021131e622fd004506d1a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Thu, 15 Mar 2018 03:43:22 +0100
|
||||
Subject: [PATCH 3/3] xen: xenbus_dev_frontend: Verify body of
|
||||
XS_TRANSACTION_END
|
||||
|
||||
By guaranteeing that the argument of XS_TRANSACTION_END is valid we can
|
||||
assume that the transaction has been closed when we get an XS_ERROR
|
||||
response from xenstore (Note that we already verify that it's a valid
|
||||
transaction id).
|
||||
|
||||
Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_dev_frontend.c | 14 +++++++++++---
|
||||
1 file changed, 11 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
index 81a84b3c1c50..0d6d9264d6a9 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
@@ -429,6 +429,10 @@ static int xenbus_write_transaction(unsigned msg_type,
|
||||
{
|
||||
int rc;
|
||||
struct xenbus_transaction_holder *trans = NULL;
|
||||
+ struct {
|
||||
+ struct xsd_sockmsg hdr;
|
||||
+ char body[];
|
||||
+ } *msg = (void *)u->u.buffer;
|
||||
|
||||
if (msg_type == XS_TRANSACTION_START) {
|
||||
trans = kzalloc(sizeof(*trans), GFP_KERNEL);
|
||||
@@ -437,11 +441,15 @@ static int xenbus_write_transaction(unsigned msg_type,
|
||||
goto out;
|
||||
}
|
||||
list_add(&trans->list, &u->transactions);
|
||||
- } else if (u->u.msg.tx_id != 0 &&
|
||||
- !xenbus_get_transaction(u, u->u.msg.tx_id))
|
||||
+ } else if (msg->hdr.tx_id != 0 &&
|
||||
+ !xenbus_get_transaction(u, msg->hdr.tx_id))
|
||||
return xenbus_command_reply(u, XS_ERROR, "ENOENT");
|
||||
+ else if (msg_type == XS_TRANSACTION_END &&
|
||||
+ !(msg->hdr.len == 2 &&
|
||||
+ (!strcmp(msg->body, "T") || !strcmp(msg->body, "F"))))
|
||||
+ return xenbus_command_reply(u, XS_ERROR, "EINVAL");
|
||||
|
||||
- rc = xenbus_dev_request_and_reply(&u->u.msg, u);
|
||||
+ rc = xenbus_dev_request_and_reply(&msg->hdr, u);
|
||||
if (rc && trans) {
|
||||
list_del(&trans->list);
|
||||
kfree(trans);
|
||||
--
|
||||
2.16.2
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
From 7eed8836d3046a93848b891399ebbeee1d56e4f5 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 30 Jan 2018 07:34:49 +0100
|
||||
Subject: [PATCH 2/4] Revert "xen: avoid deadlock in xenbus driver"
|
||||
|
||||
This reverts commit 1a3fc2c402810bf336882e695abd1678dbc8d279.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_comms.c | 21 +++++++++++----------
|
||||
1 file changed, 11 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c
|
||||
index 5b081a01779d..856ada5d39c9 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_comms.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_comms.c
|
||||
@@ -299,7 +299,17 @@ static int process_msg(void)
|
||||
mutex_lock(&xb_write_mutex);
|
||||
list_for_each_entry(req, &xs_reply_list, list) {
|
||||
if (req->msg.req_id == state.msg.req_id) {
|
||||
- list_del(&req->list);
|
||||
+ if (req->state == xb_req_state_wait_reply) {
|
||||
+ req->msg.type = state.msg.type;
|
||||
+ req->msg.len = state.msg.len;
|
||||
+ req->body = state.body;
|
||||
+ req->state = xb_req_state_got_reply;
|
||||
+ list_del(&req->list);
|
||||
+ req->cb(req);
|
||||
+ } else {
|
||||
+ list_del(&req->list);
|
||||
+ kfree(req);
|
||||
+ }
|
||||
err = 0;
|
||||
break;
|
||||
}
|
||||
@@ -307,15 +317,6 @@ static int process_msg(void)
|
||||
mutex_unlock(&xb_write_mutex);
|
||||
if (err)
|
||||
goto out;
|
||||
-
|
||||
- if (req->state == xb_req_state_wait_reply) {
|
||||
- req->msg.type = state.msg.type;
|
||||
- req->msg.len = state.msg.len;
|
||||
- req->body = state.body;
|
||||
- req->state = xb_req_state_got_reply;
|
||||
- req->cb(req);
|
||||
- } else
|
||||
- kfree(req);
|
||||
}
|
||||
|
||||
mutex_unlock(&xs_response_mutex);
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
From f9d9d4c0a6bf6d693d882ea99f0e57b0241b3370 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 30 Jan 2018 07:34:40 +0100
|
||||
Subject: [PATCH 1/4] Revert "xen: avoid deadlock in xenbus"
|
||||
|
||||
This reverts commit 529871bb3c0675d0b425e2070d5a739db097be98.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_xs.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
|
||||
index 3e59590c7254..e46080214955 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_xs.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_xs.c
|
||||
@@ -857,8 +857,6 @@ static int xenwatch_thread(void *unused)
|
||||
struct list_head *ent;
|
||||
struct xs_watch_event *event;
|
||||
|
||||
- xenwatch_pid = current->pid;
|
||||
-
|
||||
for (;;) {
|
||||
wait_event_interruptible(watch_events_waitq,
|
||||
!list_empty(&watch_events));
|
||||
@@ -927,6 +925,7 @@ int xs_init(void)
|
||||
task = kthread_run(xenwatch_thread, NULL, "xenwatch");
|
||||
if (IS_ERR(task))
|
||||
return PTR_ERR(task);
|
||||
+ xenwatch_pid = task->pid;
|
||||
|
||||
/* shutdown watches for kexec boot */
|
||||
xs_reset_watches();
|
||||
--
|
||||
2.15.1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,30 +0,0 @@
|
||||
From 9622a541f049137fef086e45cc6ddf4dd56bb99e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 30 Jan 2018 07:38:17 +0100
|
||||
Subject: [PATCH 3/4] Revert "xenbus: remove transaction holder from list
|
||||
before freeing"
|
||||
|
||||
This reverts commit ac4cde398a96c1d28b1c28a0f69b6efd892a1c8a.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_dev_frontend.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
index f3b089b7c0b6..1f4733b80c87 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
@@ -442,10 +442,8 @@ static int xenbus_write_transaction(unsigned msg_type,
|
||||
return xenbus_command_reply(u, XS_ERROR, "ENOENT");
|
||||
|
||||
rc = xenbus_dev_request_and_reply(&u->u.msg, u);
|
||||
- if (rc && trans) {
|
||||
- list_del(&trans->list);
|
||||
+ if (rc)
|
||||
kfree(trans);
|
||||
- }
|
||||
|
||||
out:
|
||||
return rc;
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From b93008d1ac657dc67819330c5995e65e7c3e7978 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Thu, 15 Mar 2018 03:43:21 +0100
|
||||
Subject: [PATCH 2/3] xen: xenbus: Catch closing of non existent transactions
|
||||
|
||||
Users of the xenbus functions should never close a non existent
|
||||
transaction (for example by trying to closing the same transaction
|
||||
twice) but better catch it in xs_request_exit() than to corrupt the
|
||||
reference counter.
|
||||
|
||||
Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_xs.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
|
||||
index 3f3b29398ab8..49a3874ae6bb 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_xs.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_xs.c
|
||||
@@ -140,7 +140,9 @@ void xs_request_exit(struct xb_req_data *req)
|
||||
spin_lock(&xs_state_lock);
|
||||
xs_state_users--;
|
||||
if ((req->type == XS_TRANSACTION_START && req->msg.type == XS_ERROR) ||
|
||||
- req->type == XS_TRANSACTION_END)
|
||||
+ (req->type == XS_TRANSACTION_END &&
|
||||
+ !WARN_ON_ONCE(req->msg.type == XS_ERROR &&
|
||||
+ !strcmp(req->body, "ENOENT"))))
|
||||
xs_state_users--;
|
||||
spin_unlock(&xs_state_lock);
|
||||
|
||||
--
|
||||
2.16.2
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
From c71b9388cef5106ad8aa4f8db3d03388e74e5b89 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Fri, 5 Jan 2018 18:28:39 +0100
|
||||
Subject: [PATCH] xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating
|
||||
guests
|
||||
|
||||
Commit 82616f9599a7 ("xen: remove tests for pvh mode in pure pv paths")
|
||||
removed the check for autotranslation from {set,clear}_foreign_p2m_mapping
|
||||
but those are called by grant-table.c also on PVH/HVM guests.
|
||||
---
|
||||
arch/x86/xen/p2m.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
|
||||
index 6083ba462f35..15812e553b95 100644
|
||||
--- a/arch/x86/xen/p2m.c
|
||||
+++ b/arch/x86/xen/p2m.c
|
||||
@@ -694,6 +694,9 @@ int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops,
|
||||
int i, ret = 0;
|
||||
pte_t *pte;
|
||||
|
||||
+ if (xen_feature(XENFEAT_auto_translated_physmap))
|
||||
+ return 0;
|
||||
+
|
||||
if (kmap_ops) {
|
||||
ret = HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref,
|
||||
kmap_ops, count);
|
||||
@@ -736,6 +739,9 @@ int clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops,
|
||||
{
|
||||
int i, ret = 0;
|
||||
|
||||
+ if (xen_feature(XENFEAT_auto_translated_physmap))
|
||||
+ return 0;
|
||||
+
|
||||
for (i = 0; i < count; i++) {
|
||||
unsigned long mfn = __pfn_to_mfn(page_to_pfn(pages[i]));
|
||||
unsigned long pfn = page_to_pfn(pages[i]);
|
||||
--
|
||||
2.15.1
|
||||
|
||||
Loading…
Reference in new issue