Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
xen.17119
5edf6ad8-ioreq-pending-emulation-server-destruc...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch of Package xen.17119
# Commit f7039ee41b3d3448775a1623f230037fd0455104 # Date 2020-06-09 12:56:24 +0200 # Author Paul Durrant <pdurrant@amazon.com> # Committer Jan Beulich <jbeulich@suse.com> ioreq: handle pending emulation racing with ioreq server destruction When an emulation request is initiated in hvm_send_ioreq() the guest vcpu is blocked on an event channel until that request is completed. If, however, the emulator is killed whilst that emulation is pending then the ioreq server may be destroyed. Thus when the vcpu is awoken the code in handle_hvm_io_completion() will find no pending request to wait for, but will leave the internal vcpu io_req.state set to IOREQ_READY and the vcpu shutdown deferall flag in place (because hvm_io_assist() will never be called). The emulation request is then completed anyway. This means that any subsequent call to hvmemul_do_io() will find an unexpected value in io_req.state and will return X86EMUL_UNHANDLEABLE, which in some cases will result in continuous re-tries. This patch fixes the issue by moving the setting of io_req.state and clearing of shutdown deferral (as will as MSI-X write completion) out of hvm_io_assist() and directly into handle_hvm_io_completion(). Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Paul Durrant <pdurrant@amazon.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -113,15 +113,7 @@ static void hvm_io_assist(struct hvm_ior struct hvm_vcpu_io *vio = &v->arch.hvm_vcpu.hvm_io; if ( hvm_vcpu_io_need_completion(vio) ) - { - vio->io_req.state = STATE_IORESP_READY; vio->io_req.data = data; - } - else - vio->io_req.state = STATE_IOREQ_NONE; - - msix_write_completion(v); - vcpu_end_shutdown_deferral(v); sv->pending = false; } @@ -207,6 +199,12 @@ bool handle_hvm_io_completion(struct vcp } } + vio->io_req.state = hvm_vcpu_io_need_completion(vio) ? + STATE_IORESP_READY : STATE_IOREQ_NONE; + + msix_write_completion(v); + vcpu_end_shutdown_deferral(v); + io_completion = vio->io_completion; vio->io_completion = HVMIO_no_completion;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor