From patchwork Wed Jan 25 17:04:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olaf Hering X-Patchwork-Id: 13115880 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3B2DC54EAA for ; Wed, 25 Jan 2023 17:09:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234565AbjAYRJl (ORCPT ); Wed, 25 Jan 2023 12:09:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234903AbjAYRJV (ORCPT ); Wed, 25 Jan 2023 12:09:21 -0500 X-Greylist: delayed 270 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 25 Jan 2023 09:08:59 PST Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:400:100::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D7145AB5D for ; Wed, 25 Jan 2023 09:08:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674666260; cv=none; d=strato.com; s=strato-dkim-0002; b=Ozy43R5N4iHgaTJJCtnErFSh+5tKBrEwdju/s0SA8W0qTJs4T8304kFHfma3qVPrga g3lsB4I5P2+46UfoqGK2STnMqzyntqWZVe8QBJtq9OAxWQ1GhwC4+2uhnB7zB+Lci6Q2 s50JRpxwkpevidOk6TcC4unNazaTbxef2GAyD0CCiaFXcNCIPc6ZiQqx5fKS7VEaaj0F mjoUk7T25WfHKUISG/FjJOCO9t5PT5j5kfvesCnHjn9SBgHyQzXyvqc8wzOsXVicnREV 0z3ZKYAiTsgDFKdURcWQRZKRnL/QI392jemRf5s3OiG+acLvCLueYlFJXptq4Tz1ZZuU MDEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1674666260; s=strato-dkim-0002; d=strato.com; h=Message-ID:Subject:Cc:To:From:Date:Cc:Date:From:Subject:Sender; bh=W+SqnGs9QjmIZ9DXCX93i+A0oA65I5Caxl3ahi9O3u0=; b=QgrjCUsvB48gJOEOgHy5fLQ5MJeswizTOM1zZVMPgPBDwQF0K0a1k/VcObHFUgeaor 77NNneYvQcNDMBBMaQr9XuAVvPI7pwMJTTYnu4Dn3wJo4M2YpcYZjP4YQ3GC+pRdQN4P dMG4XXtNw0nOKZ1P+2MbtFyWGfj6iohwmQVmpQjJrcIF4e0viWATfa70XSQ9anfBMcEw 4HZ7/W6GJcQ0StRcGdvYNfqwYJCOw6qChdA5Xbn140/+W8B3x6xZ8VJuaICKi604g54+ 4d3rSTeImqqd01pBuXtd9HbRzt/paSqKPZ5h8Zm+LaozqcSGsVSfVq6Gh2HUmoj4TyFJ Ur+A== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1674666260; s=strato-dkim-0002; d=aepfle.de; h=Message-ID:Subject:Cc:To:From:Date:Cc:Date:From:Subject:Sender; bh=W+SqnGs9QjmIZ9DXCX93i+A0oA65I5Caxl3ahi9O3u0=; b=ninPPoKNj6kZcUCr5uN64VDF9fHhUH6tTGVw2LlH9z2FJ0T+KbFShEr+DiL8TLL1bA idLLvhOQDA+8afXr+KQmQ9hIpip0hGvpQggo8gmGNFyMOOgskiL/EliL5GtOEWfNs3qo RqH91Lk7wJcGo6vjJolk2RVPMeR57fI9MuyeMccjO5/jt33zSejzRnbhQDWfPxjHN7cB F5MLFEPAj2AGM4Tt0dFuYHnks7wcfq2rZgUiAS8SlmwWU50F6cYAltVi5taOxkNUseGN rbGIs5G/HFPD8yN7kA3eR8Qpmytk6DSD4f6e8xc7KSDseDTnjGquhlSCC499qmEYRNoP Bsvg== X-RZG-AUTH: ":P2EQZWCpfu+qG7CngxMFH1J+3q8wa/QLpd5ylWvMDX3y/OuD5rXVisR4U0KIPE/saK9bfzyVdurcrIu9Z6SKY+a6gtBCfg==" Received: from sender by smtp.strato.de (RZmta 49.2.2 AUTH) with ESMTPSA id m23e47z0PH4K8E3 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Wed, 25 Jan 2023 18:04:20 +0100 (CET) Date: Wed, 25 Jan 2023 18:04:11 +0100 From: Olaf Hering To: linux-hyperv@vger.kernel.org, Haiyang Zhang Cc: linux-pci@vger.kernel.org, Dexuan Cui Subject: unlocked access to struct irq_data->chip_data in pci_hyperv Message-ID: <20230125180411.4742f159.olaf@aepfle.de> X-Mailer: Claws Mail 20220819T065813.516423bc hat ein Softwareproblem, kann man nichts machen. MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-pci@vger.kernel.org Hello, there are several crash reports due to struct irq_data->chip_data being NULL. I was under the impression all the "recent changes" to pci-hyperv.c would fix them. But apparently this specific issue is still there. What does serialize read and write access to struct irq_data->chip_data? It seems hv_msi_free can run while other code paths still access at least ->chip_data. The change below may reduce the window, but I'm not confident this would actually resolve the concurrency issues. Olaf --- a/drivers/pci/controller/pci-hyperv.c +++ b/drivers/pci/controller/pci-hyperv.c @@ -1760,8 +1760,9 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg) msi_desc->nvec_used > 1; /* Reuse the previous allocation */ - if (data->chip_data && multi_msi) { - int_desc = data->chip_data; + virt_rmb(); + int_desc = READ_ONCE(data->chip_data); + if (int_desc && multi_msi) { msg->address_hi = int_desc->address >> 32; msg->address_lo = int_desc->address & 0xffffffff; msg->data = int_desc->data; @@ -1778,8 +1779,9 @@ static void hv_compose_msi_msg(struct irq_data *data, struct msi_msg *msg) goto return_null_message; /* Free any previous message that might have already been composed. */ - if (data->chip_data && !multi_msi) { - int_desc = data->chip_data; + virt_rmb(); + int_desc = READ_ONCE(data->chip_data); + if (int_desc && !multi_msi) { data->chip_data = NULL; hv_int_desc_free(hpdev, int_desc); }