From: SeongJae Park <sjpark@amazon.com>
To: <jgross@suse.com>, <axboe@kernel.dk>, <konrad.wilk@oracle.com>,
<roger.pau@citrix.com>
Cc: linux-block@vger.kernel.org, sjpark@amazon.com,
pdurrant@amazon.com, SeongJae Park <sjpark@amazon.de>,
linux-kernel@vger.kernel.org, sj38.park@gmail.com,
xen-devel@lists.xenproject.org
Subject: [Xen-devel] [PATCH v11 4/6] xen/blkback: Protect 'reclaim_memory()' with 'reclaim_lock'
Date: Tue, 17 Dec 2019 17:07:46 +0100 [thread overview]
Message-ID: <20191217160748.693-5-sjpark@amazon.com> (raw)
In-Reply-To: <20191217160748.693-1-sjpark@amazon.com>
From: SeongJae Park <sjpark@amazon.de>
The 'reclaim_memory()' callback of blkback could race with
'xen_blkbk_probe()' and 'xen_blkbk_remove()'. In the case, incompletely
linked 'backend_info' and 'blkif' might be exposed to the callback, thus
result in bad results including NULL dereference. This commit fixes the
problem by applying the 'reclaim_lock' protection to those.
Note that this commit is separated for review purpose only. As the
previous commit might result in race condition and might make bisect
confuse, please squash this commit into previous commit if possible.
Signed-off-by: SeongJae Park <sjpark@amazon.de>
---
drivers/block/xen-blkback/xenbus.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
index 4f6ea4feca79..20045827a391 100644
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -492,6 +492,7 @@ static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle,
static int xen_blkbk_remove(struct xenbus_device *dev)
{
struct backend_info *be = dev_get_drvdata(&dev->dev);
+ unsigned long flags;
pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
@@ -504,6 +505,7 @@ static int xen_blkbk_remove(struct xenbus_device *dev)
be->backend_watch.node = NULL;
}
+ spin_lock_irqsave(&dev->reclaim_lock, flags);
dev_set_drvdata(&dev->dev, NULL);
if (be->blkif) {
@@ -512,6 +514,7 @@ static int xen_blkbk_remove(struct xenbus_device *dev)
/* Put the reference we set in xen_blkif_alloc(). */
xen_blkif_put(be->blkif);
}
+ spin_unlock_irqrestore(&dev->reclaim_lock, flags);
return 0;
}
@@ -597,6 +600,7 @@ static int xen_blkbk_probe(struct xenbus_device *dev,
int err;
struct backend_info *be = kzalloc(sizeof(struct backend_info),
GFP_KERNEL);
+ unsigned long flags;
/* match the pr_debug in xen_blkbk_remove */
pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
@@ -607,6 +611,7 @@ static int xen_blkbk_probe(struct xenbus_device *dev,
return -ENOMEM;
}
be->dev = dev;
+ spin_lock_irqsave(&dev->reclaim_lock, flags);
dev_set_drvdata(&dev->dev, be);
be->blkif = xen_blkif_alloc(dev->otherend_id);
@@ -614,8 +619,10 @@ static int xen_blkbk_probe(struct xenbus_device *dev,
err = PTR_ERR(be->blkif);
be->blkif = NULL;
xenbus_dev_fatal(dev, err, "creating block interface");
+ spin_unlock_irqrestore(&dev->reclaim_lock, flags);
goto fail;
}
+ spin_unlock_irqrestore(&dev->reclaim_lock, flags);
err = xenbus_printf(XBT_NIL, dev->nodename,
"feature-max-indirect-segments", "%u",
@@ -838,6 +845,10 @@ static void reclaim_memory(struct xenbus_device *dev)
{
struct backend_info *be = dev_get_drvdata(&dev->dev);
+ /* Device is registered but not probed yet */
+ if (!be)
+ return;
+
be->blkif->buffer_squeeze_end = jiffies +
msecs_to_jiffies(buffer_squeeze_duration_ms);
}
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-12-17 16:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-17 16:07 [Xen-devel] [PATCH v11 0/6] xenbus/backend: Add a memory pressure handler callback SeongJae Park
2019-12-17 16:07 ` [Xen-devel] [PATCH v11 1/6] xenbus/backend: Add " SeongJae Park
2019-12-17 16:07 ` [Xen-devel] [PATCH v11 2/6] xenbus/backend: Protect xenbus callback with lock SeongJae Park
2019-12-17 16:13 ` Jürgen Groß
2019-12-17 16:24 ` SeongJae Park
2019-12-17 17:10 ` Jürgen Groß
2019-12-17 17:27 ` SeongJae Park
2019-12-17 16:07 ` [Xen-devel] [PATCH v11 3/6] xen/blkback: Squeeze page pools if a memory pressure is detected SeongJae Park
2019-12-17 16:07 ` SeongJae Park [this message]
2019-12-17 16:15 ` [Xen-devel] [PATCH v11 4/6] xen/blkback: Protect 'reclaim_memory()' with 'reclaim_lock' Jürgen Groß
2019-12-17 16:31 ` [Xen-devel] [PATCH 1/3] xen/blkback: Squeeze page pools if a memory pressure is detected SeongJae Park
2019-12-17 16:10 ` [Xen-devel] [PATCH v11 5/6] xen/blkback: Remove unnecessary static variable name prefixes SeongJae Park
2019-12-17 16:10 ` [Xen-devel] [PATCH v11 6/6] xen/blkback: Consistently insert one empty line between functions SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191217160748.693-5-sjpark@amazon.com \
--to=sjpark@amazon.com \
--cc=axboe@kernel.dk \
--cc=jgross@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pdurrant@amazon.com \
--cc=roger.pau@citrix.com \
--cc=sj38.park@gmail.com \
--cc=sjpark@amazon.de \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).