Simon Gaiser
6 years ago
parent
67e33e0360
commit
e4913200f6
@ -0,0 +1,49 @@
|
||||
From 2a22ee6c3ab1d761bc9c04f1e4117edd55b82f09 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Thu, 15 Mar 2018 03:43:20 +0100
|
||||
Subject: [PATCH 1/3] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling
|
||||
|
||||
Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple
|
||||
concurrent xenstore accesses") made a subtle change to the semantic of
|
||||
xenbus_dev_request_and_reply() and xenbus_transaction_end().
|
||||
|
||||
Before on an error response to XS_TRANSACTION_END
|
||||
xenbus_dev_request_and_reply() would not decrement the active
|
||||
transaction counter. But xenbus_transaction_end() has always counted the
|
||||
transaction as finished regardless of the response.
|
||||
|
||||
The new behavior is that xenbus_dev_request_and_reply() and
|
||||
xenbus_transaction_end() will always count the transaction as finished
|
||||
regardless the response code (handled in xs_request_exit()).
|
||||
|
||||
But xenbus_dev_frontend tries to end a transaction on closing of the
|
||||
device if the XS_TRANSACTION_END failed before. Trying to close the
|
||||
transaction twice corrupts the reference count. So fix this by also
|
||||
considering a transaction closed if we have sent XS_TRANSACTION_END once
|
||||
regardless of the return code.
|
||||
|
||||
Cc: <stable@vger.kernel.org> # 4.11
|
||||
Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses")
|
||||
Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
index a493e99bed21..81a84b3c1c50 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
@@ -365,7 +365,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req)
|
||||
if (WARN_ON(rc))
|
||||
goto out;
|
||||
}
|
||||
- } else if (req->msg.type == XS_TRANSACTION_END) {
|
||||
+ } else if (req->type == XS_TRANSACTION_END) {
|
||||
trans = xenbus_get_transaction(u, req->msg.tx_id);
|
||||
if (WARN_ON(!trans))
|
||||
goto out;
|
||||
--
|
||||
2.16.2
|
||||
|
||||
@ -0,0 +1,55 @@
|
||||
From 8fe5ab411209ac6e2c7021131e622fd004506d1a Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Thu, 15 Mar 2018 03:43:22 +0100
|
||||
Subject: [PATCH 3/3] xen: xenbus_dev_frontend: Verify body of
|
||||
XS_TRANSACTION_END
|
||||
|
||||
By guaranteeing that the argument of XS_TRANSACTION_END is valid we can
|
||||
assume that the transaction has been closed when we get an XS_ERROR
|
||||
response from xenstore (Note that we already verify that it's a valid
|
||||
transaction id).
|
||||
|
||||
Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_dev_frontend.c | 14 +++++++++++---
|
||||
1 file changed, 11 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
index 81a84b3c1c50..0d6d9264d6a9 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
@@ -429,6 +429,10 @@ static int xenbus_write_transaction(unsigned msg_type,
|
||||
{
|
||||
int rc;
|
||||
struct xenbus_transaction_holder *trans = NULL;
|
||||
+ struct {
|
||||
+ struct xsd_sockmsg hdr;
|
||||
+ char body[];
|
||||
+ } *msg = (void *)u->u.buffer;
|
||||
|
||||
if (msg_type == XS_TRANSACTION_START) {
|
||||
trans = kzalloc(sizeof(*trans), GFP_KERNEL);
|
||||
@@ -437,11 +441,15 @@ static int xenbus_write_transaction(unsigned msg_type,
|
||||
goto out;
|
||||
}
|
||||
list_add(&trans->list, &u->transactions);
|
||||
- } else if (u->u.msg.tx_id != 0 &&
|
||||
- !xenbus_get_transaction(u, u->u.msg.tx_id))
|
||||
+ } else if (msg->hdr.tx_id != 0 &&
|
||||
+ !xenbus_get_transaction(u, msg->hdr.tx_id))
|
||||
return xenbus_command_reply(u, XS_ERROR, "ENOENT");
|
||||
+ else if (msg_type == XS_TRANSACTION_END &&
|
||||
+ !(msg->hdr.len == 2 &&
|
||||
+ (!strcmp(msg->body, "T") || !strcmp(msg->body, "F"))))
|
||||
+ return xenbus_command_reply(u, XS_ERROR, "EINVAL");
|
||||
|
||||
- rc = xenbus_dev_request_and_reply(&u->u.msg, u);
|
||||
+ rc = xenbus_dev_request_and_reply(&msg->hdr, u);
|
||||
if (rc && trans) {
|
||||
list_del(&trans->list);
|
||||
kfree(trans);
|
||||
--
|
||||
2.16.2
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
From 7eed8836d3046a93848b891399ebbeee1d56e4f5 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 30 Jan 2018 07:34:49 +0100
|
||||
Subject: [PATCH 2/4] Revert "xen: avoid deadlock in xenbus driver"
|
||||
|
||||
This reverts commit 1a3fc2c402810bf336882e695abd1678dbc8d279.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_comms.c | 21 +++++++++++----------
|
||||
1 file changed, 11 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c
|
||||
index 5b081a01779d..856ada5d39c9 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_comms.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_comms.c
|
||||
@@ -299,7 +299,17 @@ static int process_msg(void)
|
||||
mutex_lock(&xb_write_mutex);
|
||||
list_for_each_entry(req, &xs_reply_list, list) {
|
||||
if (req->msg.req_id == state.msg.req_id) {
|
||||
- list_del(&req->list);
|
||||
+ if (req->state == xb_req_state_wait_reply) {
|
||||
+ req->msg.type = state.msg.type;
|
||||
+ req->msg.len = state.msg.len;
|
||||
+ req->body = state.body;
|
||||
+ req->state = xb_req_state_got_reply;
|
||||
+ list_del(&req->list);
|
||||
+ req->cb(req);
|
||||
+ } else {
|
||||
+ list_del(&req->list);
|
||||
+ kfree(req);
|
||||
+ }
|
||||
err = 0;
|
||||
break;
|
||||
}
|
||||
@@ -307,15 +317,6 @@ static int process_msg(void)
|
||||
mutex_unlock(&xb_write_mutex);
|
||||
if (err)
|
||||
goto out;
|
||||
-
|
||||
- if (req->state == xb_req_state_wait_reply) {
|
||||
- req->msg.type = state.msg.type;
|
||||
- req->msg.len = state.msg.len;
|
||||
- req->body = state.body;
|
||||
- req->state = xb_req_state_got_reply;
|
||||
- req->cb(req);
|
||||
- } else
|
||||
- kfree(req);
|
||||
}
|
||||
|
||||
mutex_unlock(&xs_response_mutex);
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
From f9d9d4c0a6bf6d693d882ea99f0e57b0241b3370 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 30 Jan 2018 07:34:40 +0100
|
||||
Subject: [PATCH 1/4] Revert "xen: avoid deadlock in xenbus"
|
||||
|
||||
This reverts commit 529871bb3c0675d0b425e2070d5a739db097be98.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_xs.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
|
||||
index 3e59590c7254..e46080214955 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_xs.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_xs.c
|
||||
@@ -857,8 +857,6 @@ static int xenwatch_thread(void *unused)
|
||||
struct list_head *ent;
|
||||
struct xs_watch_event *event;
|
||||
|
||||
- xenwatch_pid = current->pid;
|
||||
-
|
||||
for (;;) {
|
||||
wait_event_interruptible(watch_events_waitq,
|
||||
!list_empty(&watch_events));
|
||||
@@ -927,6 +925,7 @@ int xs_init(void)
|
||||
task = kthread_run(xenwatch_thread, NULL, "xenwatch");
|
||||
if (IS_ERR(task))
|
||||
return PTR_ERR(task);
|
||||
+ xenwatch_pid = task->pid;
|
||||
|
||||
/* shutdown watches for kexec boot */
|
||||
xs_reset_watches();
|
||||
--
|
||||
2.15.1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,30 +0,0 @@
|
||||
From 9622a541f049137fef086e45cc6ddf4dd56bb99e Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 30 Jan 2018 07:38:17 +0100
|
||||
Subject: [PATCH 3/4] Revert "xenbus: remove transaction holder from list
|
||||
before freeing"
|
||||
|
||||
This reverts commit ac4cde398a96c1d28b1c28a0f69b6efd892a1c8a.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_dev_frontend.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
index f3b089b7c0b6..1f4733b80c87 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
|
||||
@@ -442,10 +442,8 @@ static int xenbus_write_transaction(unsigned msg_type,
|
||||
return xenbus_command_reply(u, XS_ERROR, "ENOENT");
|
||||
|
||||
rc = xenbus_dev_request_and_reply(&u->u.msg, u);
|
||||
- if (rc && trans) {
|
||||
- list_del(&trans->list);
|
||||
+ if (rc)
|
||||
kfree(trans);
|
||||
- }
|
||||
|
||||
out:
|
||||
return rc;
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,60 +0,0 @@
|
||||
From 137e4287ebd6ccdc0982c622825c90bba940f7cf Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Tue, 27 Feb 2018 18:14:15 +0100
|
||||
Subject: [PATCH] Revert "xenbus: track caller request id"
|
||||
|
||||
This reverts commit 54de83d07a18bfa30bd90294bebced839bb7132f.
|
||||
---
|
||||
drivers/xen/xenbus/xenbus.h | 1 -
|
||||
drivers/xen/xenbus/xenbus_comms.c | 1 -
|
||||
drivers/xen/xenbus/xenbus_xs.c | 3 ---
|
||||
3 files changed, 5 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h
|
||||
index 092981171df1..149c5e7efc89 100644
|
||||
--- a/drivers/xen/xenbus/xenbus.h
|
||||
+++ b/drivers/xen/xenbus/xenbus.h
|
||||
@@ -76,7 +76,6 @@ struct xb_req_data {
|
||||
struct list_head list;
|
||||
wait_queue_head_t wq;
|
||||
struct xsd_sockmsg msg;
|
||||
- uint32_t caller_req_id;
|
||||
enum xsd_sockmsg_type type;
|
||||
char *body;
|
||||
const struct kvec *vec;
|
||||
diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c
|
||||
index d239fc3c5e3d..5b081a01779d 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_comms.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_comms.c
|
||||
@@ -309,7 +309,6 @@ static int process_msg(void)
|
||||
goto out;
|
||||
|
||||
if (req->state == xb_req_state_wait_reply) {
|
||||
- req->msg.req_id = req->caller_req_id;
|
||||
req->msg.type = state.msg.type;
|
||||
req->msg.len = state.msg.len;
|
||||
req->body = state.body;
|
||||
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
|
||||
index 3f3b29398ab8..3e59590c7254 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_xs.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_xs.c
|
||||
@@ -227,8 +227,6 @@ static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg)
|
||||
req->state = xb_req_state_queued;
|
||||
init_waitqueue_head(&req->wq);
|
||||
|
||||
- /* Save the caller req_id and restore it later in the reply */
|
||||
- req->caller_req_id = req->msg.req_id;
|
||||
req->msg.req_id = xs_request_enter(req);
|
||||
|
||||
mutex_lock(&xb_write_mutex);
|
||||
@@ -312,7 +310,6 @@ static void *xs_talkv(struct xenbus_transaction t,
|
||||
req->num_vecs = num_vecs;
|
||||
req->cb = xs_wake_up;
|
||||
|
||||
- msg.req_id = 0;
|
||||
msg.tx_id = t.id;
|
||||
msg.type = type;
|
||||
msg.len = 0;
|
||||
--
|
||||
2.16.1
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From b93008d1ac657dc67819330c5995e65e7c3e7978 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Date: Thu, 15 Mar 2018 03:43:21 +0100
|
||||
Subject: [PATCH 2/3] xen: xenbus: Catch closing of non existent transactions
|
||||
|
||||
Users of the xenbus functions should never close a non existent
|
||||
transaction (for example by trying to closing the same transaction
|
||||
twice) but better catch it in xs_request_exit() than to corrupt the
|
||||
reference counter.
|
||||
|
||||
Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
---
|
||||
drivers/xen/xenbus/xenbus_xs.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
|
||||
index 3f3b29398ab8..49a3874ae6bb 100644
|
||||
--- a/drivers/xen/xenbus/xenbus_xs.c
|
||||
+++ b/drivers/xen/xenbus/xenbus_xs.c
|
||||
@@ -140,7 +140,9 @@ void xs_request_exit(struct xb_req_data *req)
|
||||
spin_lock(&xs_state_lock);
|
||||
xs_state_users--;
|
||||
if ((req->type == XS_TRANSACTION_START && req->msg.type == XS_ERROR) ||
|
||||
- req->type == XS_TRANSACTION_END)
|
||||
+ (req->type == XS_TRANSACTION_END &&
|
||||
+ !WARN_ON_ONCE(req->msg.type == XS_ERROR &&
|
||||
+ !strcmp(req->body, "ENOENT"))))
|
||||
xs_state_users--;
|
||||
spin_unlock(&xs_state_lock);
|
||||
|
||||
--
|
||||
2.16.2
|
||||
|
||||
Loading…
Reference in new issue