* [PATCH v3] x86: Fix possible ASSERT(cpu < nr_cpu_ids)
@ 2018-04-19 10:20 Davidwang
2018-04-19 12:10 ` Jan Beulich
[not found] ` <5AD8872302000078001BCA98@suse.com>
0 siblings, 2 replies; 3+ messages in thread
From: Davidwang @ 2018-04-19 10:20 UTC (permalink / raw)
To: xen-devel; +Cc: fionali, jbeulich
From: David Wang <davidwang@zhaoxin.com>
CPUs may share an in-use channel. Hence clearing of a bit from
the cpumask (in hpet_broadcast_exit()) as well as setting one
(in hpet_broadcast_enter()) must not race evaluation of that same
cpumask. Therefore avoid evaluating the cpumask twice in
hpet_detach_channel(). Otherwise cpumask_empty() may e.g.return
false while the subsequent cpumask_first() could return nr_cpu_ids,
which then triggers the assertion in cpumask_of() reached through
set_channel_irq_affinity().
Sign-off-by: David Wang <davidwang@zhaoxin.com>
---
xen/arch/x86/hpet.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c
index bc7a851..fda0431 100644
--- a/xen/arch/x86/hpet.c
+++ b/xen/arch/x86/hpet.c
@@ -509,15 +509,18 @@ static void hpet_attach_channel(unsigned int cpu,
static void hpet_detach_channel(unsigned int cpu,
struct hpet_event_channel *ch)
{
+ unsigned int next;
+
spin_lock_irq(&ch->lock);
ASSERT(ch == per_cpu(cpu_bc_channel, cpu));
per_cpu(cpu_bc_channel, cpu) = NULL;
+ next = cpumask_first(ch->cpumask);
if ( cpu != ch->cpu )
spin_unlock_irq(&ch->lock);
- else if ( cpumask_empty(ch->cpumask) )
+ else if ( next == nr_cpu_ids )
{
ch->cpu = -1;
clear_bit(HPET_EVT_USED_BIT, &ch->flags);
@@ -525,7 +528,7 @@ static void hpet_detach_channel(unsigned int cpu,
}
else
{
- ch->cpu = cpumask_first(ch->cpumask);
+ ch->cpu = next;
set_channel_irq_affinity(ch);
local_irq_enable();
}
--
2.7.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3] x86: Fix possible ASSERT(cpu < nr_cpu_ids)
2018-04-19 10:20 [PATCH v3] x86: Fix possible ASSERT(cpu < nr_cpu_ids) Davidwang
@ 2018-04-19 12:10 ` Jan Beulich
[not found] ` <5AD8872302000078001BCA98@suse.com>
1 sibling, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2018-04-19 12:10 UTC (permalink / raw)
To: Davidwang; +Cc: Juergen Gross, xen-devel, Fiona Li(BJ-RD)
>>> On 19.04.18 at 12:20, <Davidwang@zhaoxin.com> wrote:
> From: David Wang <davidwang@zhaoxin.com>
>
> CPUs may share an in-use channel. Hence clearing of a bit from
> the cpumask (in hpet_broadcast_exit()) as well as setting one
> (in hpet_broadcast_enter()) must not race evaluation of that same
> cpumask. Therefore avoid evaluating the cpumask twice in
> hpet_detach_channel(). Otherwise cpumask_empty() may e.g.return
> false while the subsequent cpumask_first() could return nr_cpu_ids,
> which then triggers the assertion in cpumask_of() reached through
> set_channel_irq_affinity().
>
> Sign-off-by: David Wang <davidwang@zhaoxin.com>
Signed-off-by
> --- a/xen/arch/x86/hpet.c
> +++ b/xen/arch/x86/hpet.c
> @@ -509,15 +509,18 @@ static void hpet_attach_channel(unsigned int cpu,
> static void hpet_detach_channel(unsigned int cpu,
> struct hpet_event_channel *ch)
> {
> + unsigned int next;
> +
> spin_lock_irq(&ch->lock);
>
> ASSERT(ch == per_cpu(cpu_bc_channel, cpu));
>
> per_cpu(cpu_bc_channel, cpu) = NULL;
> + next = cpumask_first(ch->cpumask);
>
> if ( cpu != ch->cpu )
> spin_unlock_irq(&ch->lock);
> - else if ( cpumask_empty(ch->cpumask) )
> + else if ( next == nr_cpu_ids )
This should be >= .
Also I'd prefer if the cpumask_first() was avoided in the cpu != ch->cpu
case.
With these
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(and the changes are easy enough to make while committing)
Also Cc Jürgen.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v3] x86: Fix possible ASSERT(cpu < nr_cpu_ids)
[not found] ` <5AD8872302000078001BCA98@suse.com>
@ 2018-04-19 13:24 ` Juergen Gross
0 siblings, 0 replies; 3+ messages in thread
From: Juergen Gross @ 2018-04-19 13:24 UTC (permalink / raw)
To: Jan Beulich, Davidwang; +Cc: xen-devel, Fiona Li(BJ-RD)
On 19/04/18 14:10, Jan Beulich wrote:
>>>> On 19.04.18 at 12:20, <Davidwang@zhaoxin.com> wrote:
>> From: David Wang <davidwang@zhaoxin.com>
>>
>> CPUs may share an in-use channel. Hence clearing of a bit from
>> the cpumask (in hpet_broadcast_exit()) as well as setting one
>> (in hpet_broadcast_enter()) must not race evaluation of that same
>> cpumask. Therefore avoid evaluating the cpumask twice in
>> hpet_detach_channel(). Otherwise cpumask_empty() may e.g.return
>> false while the subsequent cpumask_first() could return nr_cpu_ids,
>> which then triggers the assertion in cpumask_of() reached through
>> set_channel_irq_affinity().
>>
>> Sign-off-by: David Wang <davidwang@zhaoxin.com>
>
> Signed-off-by
Release-acked-by: Juergen Gross <jgross@suse.com>
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-04-19 13:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-19 10:20 [PATCH v3] x86: Fix possible ASSERT(cpu < nr_cpu_ids) Davidwang
2018-04-19 12:10 ` Jan Beulich
[not found] ` <5AD8872302000078001BCA98@suse.com>
2018-04-19 13:24 ` Juergen Gross
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.