From: "K. Y. Srinivasan" <kys@microsoft.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
devel@linuxdriverproject.org, olaf@aepfle.de, apw@canonical.com,
vkuznets@redhat.com, jasowang@redhat.com
Cc: Dexuan Cui <decui@microsoft.com>, "K. Y. Srinivasan" <kys@microsoft.com>
Subject: [PATCH V2 06/12] Drivers: hv: vmbus: serialize process_chn_event() and vmbus_close_internal()
Date: Wed, 11 Nov 2015 18:26:18 -0800 [thread overview]
Message-ID: <1447295184-9051-6-git-send-email-kys@microsoft.com> (raw)
In-Reply-To: <1447295184-9051-1-git-send-email-kys@microsoft.com>
From: Dexuan Cui <decui@microsoft.com>
process_chn_event(), running in the tasklet, can race with
vmbus_close_internal() in the case of SMP guest, e.g., when the former is
accessing channel->inbound.ring_buffer, the latter could be freeing the
ring_buffer pages.
To resolve the race, we can serialize them by disabling the tasklet when
the latter is running here.
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
---
drivers/hv/channel.c | 21 +++++++++++++++++++--
1 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index c4dcab0..f7f3d5c 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
@@ -28,6 +28,7 @@
#include <linux/module.h>
#include <linux/hyperv.h>
#include <linux/uio.h>
+#include <linux/interrupt.h>
#include "hyperv_vmbus.h"
@@ -496,8 +497,21 @@ static void reset_channel_cb(void *arg)
static int vmbus_close_internal(struct vmbus_channel *channel)
{
struct vmbus_channel_close_channel *msg;
+ struct tasklet_struct *tasklet;
int ret;
+ /*
+ * process_chn_event(), running in the tasklet, can race
+ * with vmbus_close_internal() in the case of SMP guest, e.g., when
+ * the former is accessing channel->inbound.ring_buffer, the latter
+ * could be freeing the ring_buffer pages.
+ *
+ * To resolve the race, we can serialize them by disabling the
+ * tasklet when the latter is running here.
+ */
+ tasklet = hv_context.event_dpc[channel->target_cpu];
+ tasklet_disable(tasklet);
+
channel->state = CHANNEL_OPEN_STATE;
channel->sc_creation_callback = NULL;
/* Stop callback and cancel the timer asap */
@@ -525,7 +539,7 @@ static int vmbus_close_internal(struct vmbus_channel *channel)
* If we failed to post the close msg,
* it is perhaps better to leak memory.
*/
- return ret;
+ goto out;
}
/* Tear down the gpadl for the channel's ring buffer */
@@ -538,7 +552,7 @@ static int vmbus_close_internal(struct vmbus_channel *channel)
* If we failed to teardown gpadl,
* it is perhaps better to leak memory.
*/
- return ret;
+ goto out;
}
}
@@ -555,6 +569,9 @@ static int vmbus_close_internal(struct vmbus_channel *channel)
if (channel->rescind)
hv_process_channel_removal(channel,
channel->offermsg.child_relid);
+out:
+ tasklet_enable(tasklet);
+
return ret;
}
--
1.7.4.1
next prev parent reply other threads:[~2015-11-12 0:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-12 2:25 [PATCH V2 00/12] Drivers: hv: vmbus: Miscellaneous fixes and cleanup K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 01/12] Drivers: hv: vss: run only on supported host versions K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 02/12] Drivers: hv: vmbus: Use uuid_le type consistently K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 03/12] Drivers: hv: vmbus: Use uuid_le_cmp() for comparing GUIDs K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 04/12] Drivers: hv: vmbus: Get rid of the unused macro K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 05/12] Drivers: hv: vmbus: Get rid of the unused irq variable K. Y. Srinivasan
2015-11-12 2:26 ` K. Y. Srinivasan [this message]
2015-11-12 2:26 ` [PATCH V2 07/12] Drivers: hv: vmbus: do sanity check of channel state in vmbus_close_internal() K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 08/12] Drivers: hv: vmbus: fix rescind-offer handling for device without a driver K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 09/12] Drivers: hv: vmbus: release relid on error in vmbus_process_offer() K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH V2 10/12] Drivers: hv: vmbus: channge vmbus_connection.channel_lock to mutex K. Y. Srinivasan
2015-11-12 10:41 ` Vitaly Kuznetsov
2015-11-12 13:10 ` Dexuan Cui
2015-11-12 2:26 ` [PATCH V2 11/12] drivers:hv: Allow for MMIO claims that span ACPI _CRS records K. Y. Srinivasan
2015-11-12 2:26 ` [PATCH 12/12] tools/hv: Use include/uapi with __EXPORTED_HEADERS__ K. Y. Srinivasan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447295184-9051-6-git-send-email-kys@microsoft.com \
--to=kys@microsoft.com \
--cc=apw@canonical.com \
--cc=decui@microsoft.com \
--cc=devel@linuxdriverproject.org \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.