From patchwork Fri Mar 6 16:02:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 11424277 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2CBA714B7 for ; Fri, 6 Mar 2020 16:04:22 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 124E7208CD for ; Fri, 6 Mar 2020 16:04:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 124E7208CD Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jAFRG-0002uF-A1; Fri, 06 Mar 2020 16:03:02 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jAFRF-0002u9-J2 for xen-devel@lists.xenproject.org; Fri, 06 Mar 2020 16:03:01 +0000 X-Inumbo-ID: f3a3f270-5fc3-11ea-a828-12813bfff9fa Received: from smtp-fw-9102.amazon.com (unknown [207.171.184.29]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id f3a3f270-5fc3-11ea-a828-12813bfff9fa; Fri, 06 Mar 2020 16:03:00 +0000 (UTC) IronPort-SDR: h3EMjcEhLFrl3AWTqNghFICFUcDazPRJCAOStAqqzvlyy05jC3Xd392jo3QKBAVKAdnyeqG47x Kx1FEkmPm+Cw== X-IronPort-AV: E=Sophos;i="5.70,522,1574121600"; d="scan'208";a="29708598" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2a-f14f4a47.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP; 06 Mar 2020 16:02:59 +0000 Received: from EX13MTAUEA002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan2.pdx.amazon.com [10.170.41.162]) by email-inbound-relay-2a-f14f4a47.us-west-2.amazon.com (Postfix) with ESMTPS id B59F6A27BA; Fri, 6 Mar 2020 16:02:58 +0000 (UTC) Received: from EX13D22EUB002.ant.amazon.com (10.43.166.131) by EX13MTAUEA002.ant.amazon.com (10.43.61.77) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Fri, 6 Mar 2020 16:02:58 +0000 Received: from EX13MTAUEA001.ant.amazon.com (10.43.61.82) by EX13D22EUB002.ant.amazon.com (10.43.166.131) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 6 Mar 2020 16:02:57 +0000 Received: from u2f063a87eabd5f.cbg10.amazon.com (10.125.106.135) by mail-relay.amazon.com (10.43.61.243) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Fri, 6 Mar 2020 16:02:55 +0000 From: To: Date: Fri, 6 Mar 2020 16:02:54 +0000 Message-ID: <20200306160254.8465-1-paul@xen.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH v4] x86: irq: Do not BUG_ON multiple unbind calls for shared pirqs X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Julien Grall , Paul Durrant , Andrew Cooper , Varad Gautam , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Varad Gautam XEN_DOMCTL_destroydomain creates a continuation if domain_kill -ERESTARTS. In that scenario, it is possible to receive multiple __pirq_guest_unbind calls for the same pirq from domain_kill, if the pirq has not yet been removed from the domain's pirq_tree, as: domain_kill() -> domain_relinquish_resources() -> pci_release_devices() -> pci_clean_dpci_irq() -> pirq_guest_unbind() -> __pirq_guest_unbind() For a shared pirq (nr_guests > 1), the first call would zap the current domain from the pirq's guests[] list, but the action handler is never freed as there are other guests using this pirq. As a result, on the second call, __pirq_guest_unbind searches for the current domain which has been removed from the guests[] list, and hits a BUG_ON. Make __pirq_guest_unbind safe to be called multiple times by letting xen continue if a shared pirq has already been unbound from this guest. The PIRQ will be cleaned up from the domain's pirq_tree during the destruction in complete_domain_destroy anyway. Signed-off-by: Varad Gautam [taking over from Varad at v4] Signed-off-by: Paul Durrant Reported-by: Varad Gautam Signed-off-by: Jan Beulich Tested-by: Varad Gautam --- Cc: Jan Beulich Cc: Julien Grall Cc: Roger Pau Monné Cc: Andrew Cooper Roger suggested cleaning the entry from the domain pirq_tree so that we need not make it safe to re-call __pirq_guest_unbind(). This seems like a reasonable suggestion but the semantics of the code are almost impenetrable (e.g. 'pirq' is used to mean an index, a pointer and is also the name of struct so you generally have little idea what it actally means) so I prefer to stick with a small fix that I can actually reason about. v4: - Re-work the guest array search to make it clearer v3: - Style fixups v2: - Split the check on action->nr_guests > 0 and make it an ASSERT --- xen/arch/x86/irq.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index cc2eb8e925..32fcb624dc 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1680,9 +1680,23 @@ static irq_guest_action_t *__pirq_guest_unbind( BUG_ON(!(desc->status & IRQ_GUEST)); - for ( i = 0; (i < action->nr_guests) && (action->guest[i] != d); i++ ) - continue; - BUG_ON(i == action->nr_guests); + for ( i = 0; i < action->nr_guests; i++ ) + if ( action->guest[i] == d ) + break; + + if ( i == action->nr_guests ) /* No matching entry */ + { + /* + * In case the pirq was shared, unbound for this domain in an earlier + * call, but still existed on the domain's pirq_tree, we still reach + * here if there are any later unbind calls on the same pirq. Return + * if such an unbind happens. + */ + ASSERT(action->shareable); + return NULL; + } + + ASSERT(action->nr_guests > 0); memmove(&action->guest[i], &action->guest[i+1], (action->nr_guests-i-1) * sizeof(action->guest[0])); action->nr_guests--;