xen-devel

[Top] [All Lists]

Re: [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwat

from [Ian Campbell]

[Permanent Link][Original]

To:	Olaf Hering <olaf@xxxxxxxxx>
Subject:	Re: [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive
From:	Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date:	Tue, 16 Aug 2011 15:14:32 +0100
Cc:	Jeremy Fitzhardinge <jeremy@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, Konrad <konrad.wilk@xxxxxxxxxx>
Delivery-date:	Tue, 16 Aug 2011 07:15:57 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<1313500613-21394-2-git-send-email-olaf@xxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization:	Citrix Systems, Inc.
References:	<1313500613-21394-1-git-send-email-olaf@xxxxxxxxx> <1313500613-21394-2-git-send-email-olaf@xxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On Tue, 2011-08-16 at 14:16 +0100, Olaf Hering wrote:
> During repeated kexec boots xenwatch_thread() can crash because
> xenbus_watch->callback is cleared by xenbus_watch_path() if a node/token
> combo for a new watch happens to match an already registered watch from
> an old kernel.  In this case xs_watch returns -EEXISTS, then
> register_xenbus_watch() does not remove the to-be-registered watch from
> the list of active watches but returns the -EEXISTS to the caller
> anyway.

Isn't this behaviour the root cause of the issue (which should be fixed)
rather than papering over it during watch processing. IOW should't
register_xenbus_watch cleanup after itself if xs_watch fails.

> 
> Because the watch is still active in xenstored it will cause an event
> which will arrive in the new kernel. process_msg() will find the
> encapsulated struct xenbus_watch in its list of registered watches and
> puts the "empty" watch handle in the queue for xenwatch_thread().
> xenwatch_thread() then calls ->callback which was cleared earlier by
> xenbus_watch_path().
> 
> To prevent that crash in a guest running on an old xen toolstack, add a
> check wether xenbus_watch->callback is active.
> 
> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
> ---
>  drivers/xen/xenbus/xenbus_xs.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
> index 5534690..64248b2 100644
> --- a/drivers/xen/xenbus/xenbus_xs.c
> +++ b/drivers/xen/xenbus/xenbus_xs.c
> @@ -828,7 +828,7 @@ static int process_msg(void)
>               spin_lock(&watches_lock);
>               msg->u.watch.handle = find_watch(
>                       msg->u.watch.vec[XS_WATCH_TOKEN]);
> -             if (msg->u.watch.handle != NULL) {
> +             if (msg->u.watch.handle && msg->u.watch.handle->callback) {
>                       spin_lock(&watch_events_lock);
>                       list_add_tail(&msg->list, &watch_events);
>                       wake_up(&watch_events_waitq);



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH 0/3] [v5] kexec and kdump for Xen PVonHVM guests, Olaf Hering [Xen-devel] [PATCH 3/3] xen/pv-on-hvm kexec+kdump: reset PV devices in kexec or crash kernel, Olaf Hering [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Olaf Hering Re: [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Ian Campbell <= Re: [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Olaf Hering Re: [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Keir Fraser [Xen-devel] [PATCH 2/3] xen/pv-on-hvm kexec: rebind virqs to existing eventchannel ports, Olaf Hering

Previous by Date:	Re: [Xen-devel] [PATCH] xen/x86: replace order-based range checking of M2P table by linear one, Konrad Rzeszutek Wilk
Next by Date:	[Xen-devel] Re: [PATCH 1/3] xen: allow balloon driver to use more than one memory region, David Vrabel
Previous by Thread:	[Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Olaf Hering
Next by Thread:	Re: [Xen-devel] [PATCH 1/3] xen/pv-on-hvm kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Olaf Hering
Indexes:	[Date] [Thread] [Top] [All Lists]