From patchwork Tue May 16 07:59:24 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
X-Patchwork-Id: 9728505
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C6A77602B4 for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 16 May 2017 08:02:19 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7E20283FE
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 16 May 2017 08:02:19 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AC4422875D; Tue, 16 May 2017 08:02:19 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CE670283FE
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 16 May 2017 08:02:18 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dAXOM-0007lm-LO; Tue, 16 May 2017 07:59:38 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=302023821=roger.pau@citrix.com>)
	id 1dAXOL-0007lV-JD
	for xen-devel@lists.xenproject.org; Tue, 16 May 2017 07:59:37 +0000
Received: from [85.158.143.35] by server-2.bemta-6.messagelabs.com id
	01/9A-03058-861BA195; Tue, 16 May 2017 07:59:36 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLIsWRWlGSWpSXmKPExsXitHRDpG7GRql
	Igz2v+C2+b5nM5MDocfjDFZYAxijWzLyk/IoE1oz1t5+yFpxSrFj2YA9zA+MqyS5GTg4JAX+J
	bZ1HmEBsNgEdiYtzd7J1MXJwiAioSNzea9DFyMXBLDCTUaK1oY0VpEZYIEDiQscsRhCbRUBVo
	qe3EczmFbCUaG09zggxU0/i7cQXYDangJXExp+XweYLAdVsfH+QGaJeUOLkzCcsIDazgKZE6/
	bf7BC2vETz1tnMEPWKEv3zHrBNYOSbhaRlFpKWWUhaFjAyr2LUKE4tKkst0jU00EsqykzPKMl
	NzMwB8sz0clOLixPTU3MSk4r1kvNzNzECg40BCHYw3lsWcIhRkoNJSZQ3rVoqUogvKT+lMiOx
	OCO+qDQntfgQowwHh5IEb8sGoJxgUWp6akVaZg4w7GHSEhw8SiK8W0DSvMUFibnFmekQqVOMi
	lLivP/XAyUEQBIZpXlwbbBYu8QoKyXMywh0iBBPQWpRbmYJqvwrRnEORiVh3iaQ8TyZeSVw01
	8BLWYCWhz2UhxkcUkiQkqqgTH3yLqMqVeeOtYqLDR+tbG/8lbB+/UB2wP8toeeO8todbDvx7r
	+xEe7Ot9GWa/q7nqj891GVvnpG+/Ovv8PC+5Y/s09HWX4fv/XrUlri8JvupYvENOrzd0SNcF8
	w12fjheTgtmvnl4i7ajL4Pzvee6pc9NT3Z5/Wfrjx/0Ln7gWJJT71Idvl5VSYinOSDTUYi4qT
	gQAsZhKX7ACAAA=
X-Env-Sender: prvs=302023821=roger.pau@citrix.com
X-Msg-Ref: server-8.tower-21.messagelabs.com!1494921573!68691449!2
X-Originating-IP: [66.165.176.89]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 9.4.12; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 22069 invoked from network); 16 May 2017 07:59:35 -0000
Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89)
	by server-8.tower-21.messagelabs.com with RC4-SHA encrypted SMTP;
	16 May 2017 07:59:35 -0000
X-IronPort-AV: E=Sophos;i="5.38,348,1491264000"; d="scan'208";a="423919452"
From: Roger Pau Monne <roger.pau@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Tue, 16 May 2017 08:59:24 +0100
Message-ID: <20170516075925.46047-3-roger.pau@citrix.com>
X-Mailer: git-send-email 2.11.0 (Apple Git-81)
In-Reply-To: <20170516075925.46047-1-roger.pau@citrix.com>
References: <20170516075925.46047-1-roger.pau@citrix.com>
MIME-Version: 1.0
Cc: Wei Liu <wei.liu2@citrix.com>, Julien Grall <julien.grall@arm.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Roger Pau Monne <roger.pau@citrix.com>
Subject: [Xen-devel] [PATCH v3 for-4.9 2/3] libxl/devd: correctly manipulate
	the dguest list
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Current code in backend_watch_callback has two issues when manipulating the
dguest list:

1. backend_watch_callback forgets to remove a libxl__ddomain_guest from the
list of tracked domains when the related data is freed, causing dereferences
later on when the list is traversed. Make sure that a domain is always removed
from the list when freed.

2. A spurious device state change can cause a dguest to be freed, with active
devices and without being removed from the list. Fix this by always checking if
a dguest has active devices before freeing and removing it.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reported-by: Reinis Martinsons <admin@frp.lv>
Suggested-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Julien Grall <julien.grall@arm.com>

Changes since v2:
 - Introduce check_and_maybe_remove_guest.
 - Add a comment explaining why it's safe to free structures with pending async
   ops.

Changes since v1:
 - Fix commit message
---
 tools/libxl/libxl_device.c | 38 +++++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
index cd4ad05a6f..c82ac3cace 100644
--- a/tools/libxl/libxl_device.c
+++ b/tools/libxl/libxl_device.c
@@ -1493,6 +1493,24 @@ static libxl__ddomain_device *search_for_device(libxl__ddomain_guest *dguest,
     return NULL;
 }
 
+static void check_and_maybe_remove_guest(libxl__gc *gc,
+                                         libxl__ddomain *ddomain,
+                                         libxl__ddomain_guest *dguest)
+{
+    assert(ddomain);
+
+    if (dguest != NULL &&
+        dguest->num_vifs + dguest->num_vbds + dguest->num_qdisks == 0) {
+        LIBXL_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest,
+                           next);
+        LOGD(DEBUG, dguest->domid, "Removed domain from the list of active guests");
+        /* Clear any leftovers in libxl/<domid> */
+        libxl__xs_rm_checked(gc, XBT_NULL,
+                             GCSPRINTF("libxl/%u", dguest->domid));
+        free(dguest);
+    }
+}
+
 /*
  * The following comment applies to both add_device and remove_device.
  *
@@ -1602,7 +1620,7 @@ static void backend_watch_callback(libxl__egc *egc, libxl__ev_xswatch *watch,
     STATE_AO_GC(nested_ao);
     char *p, *path;
     const char *sstate, *sonline;
-    int state, online, rc, num_devs;
+    int state, online, rc;
     libxl__device *dev;
     libxl__ddomain_device *ddev = NULL;
     libxl__ddomain_guest *dguest = NULL;
@@ -1677,6 +1695,10 @@ static void backend_watch_callback(libxl__egc *egc, libxl__ev_xswatch *watch,
         /*
          * Removal of an active device, remove it from the list and
          * free it's data structures if they are no longer needed.
+         *
+         * NB: the freeing is safe because all the async ops launched from
+         * backend_watch_callback make a copy of the data they use, so
+         * there's no risk of dereferencing.
          */
         LIBXL_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device,
                            next);
@@ -1688,17 +1710,7 @@ static void backend_watch_callback(libxl__egc *egc, libxl__ev_xswatch *watch,
 
         free(ddev->dev);
         free(ddev);
-        /* If this was the last device in the domain, remove it from the list */
-        num_devs = dguest->num_vifs + dguest->num_vbds + dguest->num_qdisks;
-        if (num_devs == 0) {
-            LIBXL_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest,
-                               next);
-            LOGD(DEBUG, dguest->domid, "Removed domain from the list of active guests");
-            /* Clear any leftovers in libxl/<domid> */
-            libxl__xs_rm_checked(gc, XBT_NULL,
-                                 GCSPRINTF("libxl/%u", dguest->domid));
-            free(dguest);
-        }
+        check_and_maybe_remove_guest(gc, ddomain, dguest);
     }
 
     if (free_ao)
@@ -1711,7 +1723,7 @@ skip:
     if (ddev)
         free(ddev->dev);
     free(ddev);
-    free(dguest);
+    check_and_maybe_remove_guest(gc, ddomain, dguest);
     return;
 }