[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] Fix failure cleanup in EvtchnFifoAcquire

  • To: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Durrant, Paul" <pdurrant@xxxxxxxxxxxx>
  • Date: Fri, 18 Jul 2025 09:13:54 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amazon.co.uk; dmarc=pass action=none header.from=amazon.co.uk; dkim=pass header.d=amazon.co.uk; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nNV8vay7USW/mq4ilrBrrAHsqfCEIrr7JBi6tUTg8gM=; b=DOfKwaIDfpjWhfwJQrv1Nupp3/qtIqEBCcyOaAG5xgDW1cgHzFT//QwVa0gsuflYQg1oNmNI8q6iVANlJvm5DlOSKZT9+EObzYg+UAq63sZ1JKa8e6yrOjtoqKQhC/qxILcUcBfuCHt12Z8A1q2Z75f7bMyEcuVLrrtH+5dVZtaeMadIQA1UZUMzU8UFfh7h5U9dffkXMbgk0pJul3Z74uL/G28LwwgZ+ndeYgfsWH/T0LVJogRB/DfiZ39MXX12AV97cb2hWhWbwf1X08ux7lPNs8UStd8jSnVVa0Fi3H0euBAfp0b0Rcr5gf2UYyljrqeMPgCB5NuGsRZLJ1djog==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tVKRZCk2MlkWuBVhUTQxyuhRneTiNWiE6Azy30gtxrpvGU45Yq+Bhbdx/JrwkpjHOkLD5opZIx8RiYjXZg9AN+W6tFa61holxQ0xQ+YGFt5S7wrBbRmVpBe7t/7hemmqCDPy3/6uQZ84wJWN1GfbF+mUX4DjC9RFvkg9NKxfoVFLzIyGERmuqDlCpyXrtHT/V6ed8hN4EJjyGu11AKJTvCCTts32MVafelPouenza1u3vczNjawOmIEwbK5IsyLlBB1L3FBamKPrIG/tw+Vd1kHMQn6ab/8lgvRBvwPDdT9tbZi1xM0BbYsJ5eWHfIg8dTcp5BX9cABr8uz9Mjp0Kw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amazon.co.uk;
  • Cc: Owen Smith <owen.smith@xxxxxxxxx>
  • Delivery-date: Fri, 18 Jul 2025 09:14:12 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
  • Thread-index: AQHb94C0z/qpxQRpNEOFwkCMZij8nrQ3gWNwgAAJCYCAAAWvkIAAB4OAgAABg8A=
  • Thread-topic: [PATCH] Fix failure cleanup in EvtchnFifoAcquire
> -----Original Message-----
> From: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>
> Sent: Friday, July 18, 2025 10:07 AM
> To: Durrant, Paul <pdurrant@xxxxxxxxxxxx>; win-pv-
> devel@xxxxxxxxxxxxxxxxxxxx
> Cc: Owen Smith <owen.smith@xxxxxxxxx>
> Subject: RE: [EXTERNAL] [PATCH] Fix failure cleanup in EvtchnFifoAcquire
> 
> CAUTION: This email originated from outside of the organization. Do not
> click links or open attachments unless you can confirm the sender and know
> the content is safe.
> 
> 
> 
> Hi Paul,
> 
> On 18/07/2025 11:04, Durrant, Paul wrote:
> [...]
> >
> > Hi Tu,
> >
> >    Are we looking at the same function? This is what I see...
> >
> >    The loop starts at
> https://xenbits.xen.org/gitweb/?p=pvdrivers/win/xenbus.git;a=blob;f=src/xe
> nbus/evtchn_fifo.c;hb=HEAD#l505:
> >
> >   505     Index = 0;
> >   506     while (Index < ProcessorCount) {
> >   507         unsigned int        vcpu_id;
> >   508         PFN_NUMBER          Pfn;
> >   509         PHYSICAL_ADDRESS    Address;
> >   510
> >   511         status = SystemProcessorVcpuId(Index, &vcpu_id);
> >   512
> >   513         Index++;
> >   514
> >
> > So Index is incremented before the checks:
> >
> >   515         if (status == STATUS_NOT_SUPPORTED)
> >   516             continue;
> >   517
> >   518         if (!NT_SUCCESS(status))
> >   519             goto fail1;
> >
> > So, say we have done one loop round then we'll have set up the control
> block for the vcpu_id corresponding to Index 0. Index will now be 1 and
> let's say we hit the fail.
> 
> After doing one successful loop round, Index will be 1. But as soon as
> you enter the second loop round, Index would have become 2 before you
> could hit any failure, due to the Index++ near the very top.

Ok, yes I see it now. Just moving the increment below line 519 appears to be 
the correct fix then.

Cheers,

  Paul

> 
> >
> >   559 fail1:
> >   560     Error("fail1 (%08x)\n", status);
> >   561
> >   562     EvtchnReset();
> >   563
> >   564     while (--Index >= 0) {
> >
> > Index will be decremented back to 0...
> >
> >   565         unsigned int    vcpu_id;
> >   566
> >   567         status = SystemProcessorVcpuId(Index, &vcpu_id);
> >
> > We look up the corresponding vcpu_id again...
> >
> >   568         if (status == STATUS_NOT_SUPPORTED)
> >   569             continue;
> >   570
> >   571         BUG_ON(!NT_SUCCESS(status));
> >   572
> >   573         Mdl = Context->ControlBlockMdl[vcpu_id];
> >   574         Context->ControlBlockMdl[vcpu_id] = NULL;
> >
> > ... and we free off the control block that was allocated before.
> >
> >   575
> >   576         __FreePage(Mdl);
> >   577     }
> >
> > I don't see any evidence of a double increment. The existing code looks
> correct to me.
> >
> >    Paul
> >
> [...]
> 
> 
> 
> Ngoc Tu Dinh | Vates XCP-ng Developer
> 
> XCP-ng & Xen Orchestra - Vates solutions
> 
> web: https://vates.tech

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.