Replace xenbus workaround with upstreamed fix

2018-04-17 04:57:47 +02:00 · 2018-04-17 04:57:47 +02:00 · e4913200f6
commit e4913200f6
parent 67e33e0360
9 changed files with 143 additions and 1701 deletions
--- a/patches.xen/2a22ee6c3ab1-xen-xenbus_dev_frontend-Fix-XS_TRANSACTION_END-handl.patch
+++ b/patches.xen/2a22ee6c3ab1-xen-xenbus_dev_frontend-Fix-XS_TRANSACTION_END-handl.patch
@ -0,0 +1,49 @@
+From 2a22ee6c3ab1d761bc9c04f1e4117edd55b82f09 Mon Sep 17 00:00:00 2001
+From: Simon Gaiser <simon@invisiblethingslab.com>
+Date: Thu, 15 Mar 2018 03:43:20 +0100
+Subject: [PATCH 1/3] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling
+
+Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple
+concurrent xenstore accesses") made a subtle change to the semantic of
+xenbus_dev_request_and_reply() and xenbus_transaction_end().
+
+Before on an error response to XS_TRANSACTION_END
+xenbus_dev_request_and_reply() would not decrement the active
+transaction counter. But xenbus_transaction_end() has always counted the
+transaction as finished regardless of the response.
+
+The new behavior is that xenbus_dev_request_and_reply() and
+xenbus_transaction_end() will always count the transaction as finished
+regardless the response code (handled in xs_request_exit()).
+
+But xenbus_dev_frontend tries to end a transaction on closing of the
+device if the XS_TRANSACTION_END failed before. Trying to close the
+transaction twice corrupts the reference count. So fix this by also
+considering a transaction closed if we have sent XS_TRANSACTION_END once
+regardless of the return code.
+
+Cc: <stable@vger.kernel.org> # 4.11
+Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses")
+Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+---
+ drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
+index a493e99bed21..81a84b3c1c50 100644
+--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
+@@ -365,7 +365,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req)
+ 			if (WARN_ON(rc))
+ 				goto out;
+ 		}
+-	} else if (req->msg.type == XS_TRANSACTION_END) {
+	} else if (req->type == XS_TRANSACTION_END) {
+ 		trans = xenbus_get_transaction(u, req->msg.tx_id);
+ 		if (WARN_ON(!trans))
+ 			goto out;
+-- 
+2.16.2
+
--- a/patches.xen/8fe5ab411209-xen-xenbus_dev_frontend-Verify-body-of-XS_TRANSACTIO.patch
+++ b/patches.xen/8fe5ab411209-xen-xenbus_dev_frontend-Verify-body-of-XS_TRANSACTIO.patch
@ -0,0 +1,55 @@
+From 8fe5ab411209ac6e2c7021131e622fd004506d1a Mon Sep 17 00:00:00 2001
+From: Simon Gaiser <simon@invisiblethingslab.com>
+Date: Thu, 15 Mar 2018 03:43:22 +0100
+Subject: [PATCH 3/3] xen: xenbus_dev_frontend: Verify body of
+ XS_TRANSACTION_END
+
+By guaranteeing that the argument of XS_TRANSACTION_END is valid we can
+assume that the transaction has been closed when we get an XS_ERROR
+response from xenstore (Note that we already verify that it's a valid
+transaction id).
+
+Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+---
+ drivers/xen/xenbus/xenbus_dev_frontend.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
+index 81a84b3c1c50..0d6d9264d6a9 100644
+--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
+@@ -429,6 +429,10 @@ static int xenbus_write_transaction(unsigned msg_type,
+ {
+ 	int rc;
+ 	struct xenbus_transaction_holder *trans = NULL;
+	struct {
+		struct xsd_sockmsg hdr;
+		char body[];
+	} *msg = (void *)u->u.buffer;
+ 
+ 	if (msg_type == XS_TRANSACTION_START) {
+ 		trans = kzalloc(sizeof(*trans), GFP_KERNEL);
+@@ -437,11 +441,15 @@ static int xenbus_write_transaction(unsigned msg_type,
+ 			goto out;
+ 		}
+ 		list_add(&trans->list, &u->transactions);
+-	} else if (u->u.msg.tx_id != 0 &&
+-		   !xenbus_get_transaction(u, u->u.msg.tx_id))
+	} else if (msg->hdr.tx_id != 0 &&
+		   !xenbus_get_transaction(u, msg->hdr.tx_id))
+ 		return xenbus_command_reply(u, XS_ERROR, "ENOENT");
+	else if (msg_type == XS_TRANSACTION_END &&
+		 !(msg->hdr.len == 2 &&
+		   (!strcmp(msg->body, "T") || !strcmp(msg->body, "F"))))
+		return xenbus_command_reply(u, XS_ERROR, "EINVAL");
+ 
+-	rc = xenbus_dev_request_and_reply(&u->u.msg, u);
+	rc = xenbus_dev_request_and_reply(&msg->hdr, u);
+ 	if (rc && trans) {
+ 		list_del(&trans->list);
+ 		kfree(trans);
+-- 
+2.16.2
+
--- a/patches.xen/Revert-xen-avoid-deadlock-in-xenbus-driver.patch
+++ b/patches.xen/Revert-xen-avoid-deadlock-in-xenbus-driver.patch
@ -1,52 +0,0 @@
-From 7eed8836d3046a93848b891399ebbeee1d56e4f5 Mon Sep 17 00:00:00 2001
-From: Simon Gaiser <simon@invisiblethingslab.com>
-Date: Tue, 30 Jan 2018 07:34:49 +0100
-Subject: [PATCH 2/4] Revert "xen: avoid deadlock in xenbus driver"
-
-This reverts commit 1a3fc2c402810bf336882e695abd1678dbc8d279.
---
- drivers/xen/xenbus/xenbus_comms.c | 21 +++++++++++----------
- 1 file changed, 11 insertions(+), 10 deletions(-)
-
-diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c
-index 5b081a01779d..856ada5d39c9 100644
--- a/drivers/xen/xenbus/xenbus_comms.c
-+++ b/drivers/xen/xenbus/xenbus_comms.c
-@@ -299,7 +299,17 @@ static int process_msg(void)
- 		mutex_lock(&xb_write_mutex);
- 		list_for_each_entry(req, &xs_reply_list, list) {
- 			if (req->msg.req_id == state.msg.req_id) {
-				list_del(&req->list);
-+				if (req->state == xb_req_state_wait_reply) {
-+					req->msg.type = state.msg.type;
-+					req->msg.len = state.msg.len;
-+					req->body = state.body;
-+					req->state = xb_req_state_got_reply;
-+					list_del(&req->list);
-+					req->cb(req);
-+				} else {
-+					list_del(&req->list);
-+					kfree(req);
-+				}
- 				err = 0;
- 				break;
- 			}
-@@ -307,15 +317,6 @@ static int process_msg(void)
- 		mutex_unlock(&xb_write_mutex);
- 		if (err)
- 			goto out;
-
-		if (req->state == xb_req_state_wait_reply) {
-			req->msg.type = state.msg.type;
-			req->msg.len = state.msg.len;
-			req->body = state.body;
-			req->state = xb_req_state_got_reply;
-			req->cb(req);
-		} else
-			kfree(req);
- 	}
- 
- 	mutex_unlock(&xs_response_mutex);
-- 
-2.15.1
-
--- a/patches.xen/Revert-xen-avoid-deadlock-in-xenbus.patch
+++ b/patches.xen/Revert-xen-avoid-deadlock-in-xenbus.patch
@ -1,34 +0,0 @@
-From f9d9d4c0a6bf6d693d882ea99f0e57b0241b3370 Mon Sep 17 00:00:00 2001
-From: Simon Gaiser <simon@invisiblethingslab.com>
-Date: Tue, 30 Jan 2018 07:34:40 +0100
-Subject: [PATCH 1/4] Revert "xen: avoid deadlock in xenbus"
-
-This reverts commit 529871bb3c0675d0b425e2070d5a739db097be98.
---
- drivers/xen/xenbus/xenbus_xs.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
-index 3e59590c7254..e46080214955 100644
--- a/drivers/xen/xenbus/xenbus_xs.c
-+++ b/drivers/xen/xenbus/xenbus_xs.c
-@@ -857,8 +857,6 @@ static int xenwatch_thread(void *unused)
- 	struct list_head *ent;
- 	struct xs_watch_event *event;
- 
-	xenwatch_pid = current->pid;
-
- 	for (;;) {
- 		wait_event_interruptible(watch_events_waitq,
- 					 !list_empty(&watch_events));
-@@ -927,6 +925,7 @@ int xs_init(void)
- 	task = kthread_run(xenwatch_thread, NULL, "xenwatch");
- 	if (IS_ERR(task))
- 		return PTR_ERR(task);
-+	xenwatch_pid = task->pid;
- 
- 	/* shutdown watches for kexec boot */
- 	xs_reset_watches();
-- 
-2.15.1
-
--- a/patches.xen/Revert-xen-optimize-xenbus-driver-for-multiple-concu.patch
+++ b/patches.xen/Revert-xen-optimize-xenbus-driver-for-multiple-concu.patch
--- a/patches.xen/Revert-xenbus-remove-transaction-holder-from-list-be.patch
+++ b/patches.xen/Revert-xenbus-remove-transaction-holder-from-list-be.patch
@ -1,30 +0,0 @@
-From 9622a541f049137fef086e45cc6ddf4dd56bb99e Mon Sep 17 00:00:00 2001
-From: Simon Gaiser <simon@invisiblethingslab.com>
-Date: Tue, 30 Jan 2018 07:38:17 +0100
-Subject: [PATCH 3/4] Revert "xenbus: remove transaction holder from list
- before freeing"
-
-This reverts commit ac4cde398a96c1d28b1c28a0f69b6efd892a1c8a.
---
- drivers/xen/xenbus/xenbus_dev_frontend.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
-index f3b089b7c0b6..1f4733b80c87 100644
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
-+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
-@@ -442,10 +442,8 @@ static int xenbus_write_transaction(unsigned msg_type,
- 		return xenbus_command_reply(u, XS_ERROR, "ENOENT");
- 
- 	rc = xenbus_dev_request_and_reply(&u->u.msg, u);
-	if (rc && trans) {
-		list_del(&trans->list);
-+	if (rc)
- 		kfree(trans);
-	}
- 
- out:
- 	return rc;
-- 
-2.15.1
-
--- a/patches.xen/Revert-xenbus-track-caller-request-id.patch
+++ b/patches.xen/Revert-xenbus-track-caller-request-id.patch
@ -1,60 +0,0 @@
-From 137e4287ebd6ccdc0982c622825c90bba940f7cf Mon Sep 17 00:00:00 2001
-From: Simon Gaiser <simon@invisiblethingslab.com>
-Date: Tue, 27 Feb 2018 18:14:15 +0100
-Subject: [PATCH] Revert "xenbus: track caller request id"
-
-This reverts commit 54de83d07a18bfa30bd90294bebced839bb7132f.
---
- drivers/xen/xenbus/xenbus.h       | 1 -
- drivers/xen/xenbus/xenbus_comms.c | 1 -
- drivers/xen/xenbus/xenbus_xs.c    | 3 ---
- 3 files changed, 5 deletions(-)
-
-diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h
-index 092981171df1..149c5e7efc89 100644
--- a/drivers/xen/xenbus/xenbus.h
-+++ b/drivers/xen/xenbus/xenbus.h
-@@ -76,7 +76,6 @@ struct xb_req_data {
- 	struct list_head list;
- 	wait_queue_head_t wq;
- 	struct xsd_sockmsg msg;
-	uint32_t caller_req_id;
- 	enum xsd_sockmsg_type type;
- 	char *body;
- 	const struct kvec *vec;
-diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c
-index d239fc3c5e3d..5b081a01779d 100644
--- a/drivers/xen/xenbus/xenbus_comms.c
-+++ b/drivers/xen/xenbus/xenbus_comms.c
-@@ -309,7 +309,6 @@ static int process_msg(void)
- 			goto out;
- 
- 		if (req->state == xb_req_state_wait_reply) {
-			req->msg.req_id = req->caller_req_id;
- 			req->msg.type = state.msg.type;
- 			req->msg.len = state.msg.len;
- 			req->body = state.body;
-diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
-index 3f3b29398ab8..3e59590c7254 100644
--- a/drivers/xen/xenbus/xenbus_xs.c
-+++ b/drivers/xen/xenbus/xenbus_xs.c
-@@ -227,8 +227,6 @@ static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg)
- 	req->state = xb_req_state_queued;
- 	init_waitqueue_head(&req->wq);
- 
-	/* Save the caller req_id and restore it later in the reply */
-	req->caller_req_id = req->msg.req_id;
- 	req->msg.req_id = xs_request_enter(req);
- 
- 	mutex_lock(&xb_write_mutex);
-@@ -312,7 +310,6 @@ static void *xs_talkv(struct xenbus_transaction t,
- 	req->num_vecs = num_vecs;
- 	req->cb = xs_wake_up;
- 
-	msg.req_id = 0;
- 	msg.tx_id = t.id;
- 	msg.type = type;
- 	msg.len = 0;
-- 
-2.16.1
-
--- a/patches.xen/b93008d1ac65-xen-xenbus-Catch-closing-of-non-existent-transaction.patch
+++ b/patches.xen/b93008d1ac65-xen-xenbus-Catch-closing-of-non-existent-transaction.patch
@ -0,0 +1,35 @@
+From b93008d1ac657dc67819330c5995e65e7c3e7978 Mon Sep 17 00:00:00 2001
+From: Simon Gaiser <simon@invisiblethingslab.com>
+Date: Thu, 15 Mar 2018 03:43:21 +0100
+Subject: [PATCH 2/3] xen: xenbus: Catch closing of non existent transactions
+
+Users of the xenbus functions should never close a non existent
+transaction (for example by trying to closing the same transaction
+twice) but better catch it in xs_request_exit() than to corrupt the
+reference counter.
+
+Signed-off-by: Simon Gaiser <simon@invisiblethingslab.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+---
+ drivers/xen/xenbus/xenbus_xs.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
+index 3f3b29398ab8..49a3874ae6bb 100644
+--- a/drivers/xen/xenbus/xenbus_xs.c
+++ b/drivers/xen/xenbus/xenbus_xs.c
+@@ -140,7 +140,9 @@ void xs_request_exit(struct xb_req_data *req)
+ 	spin_lock(&xs_state_lock);
+ 	xs_state_users--;
+ 	if ((req->type == XS_TRANSACTION_START && req->msg.type == XS_ERROR) ||
+-	    req->type == XS_TRANSACTION_END)
+	    (req->type == XS_TRANSACTION_END &&
+	     !WARN_ON_ONCE(req->msg.type == XS_ERROR &&
+			   !strcmp(req->body, "ENOENT"))))
+ 		xs_state_users--;
+ 	spin_unlock(&xs_state_lock);
+ 
+-- 
+2.16.2
+
--- a/series.conf
+++ b/series.conf
@ -25,12 +25,9 @@ patches.xen/pci_op-cleanup.patch
 # Fix for MSI support with stubdoms
 patches.xen/xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch

-# Workaround HVM suspend issue with >= 4.11 by reverting the change (and
-# followups) till fix lands upstream.
-patches.xen/Revert-xenbus-track-caller-request-id.patch
-patches.xen/Revert-xen-avoid-deadlock-in-xenbus.patch
-patches.xen/Revert-xen-avoid-deadlock-in-xenbus-driver.patch
-patches.xen/Revert-xenbus-remove-transaction-holder-from-list-be.patch
-patches.xen/Revert-xen-optimize-xenbus-driver-for-multiple-concu.patch
+# Upstreamed fix for HVM suspend issue with >= 4.11
+patches.xen/2a22ee6c3ab1-xen-xenbus_dev_frontend-Fix-XS_TRANSACTION_END-handl.patch
+patches.xen/b93008d1ac65-xen-xenbus-Catch-closing-of-non-existent-transaction.patch
+patches.xen/8fe5ab411209-xen-xenbus_dev_frontend-Verify-body-of-XS_TRANSACTIO.patch

 # Hardware-specific fixes, backported from newer kernel and/or developers branches