[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] analyze for the P1 bug 593(xensource bug tracker)




On 10 May 2006, at 07:26, Han, Zhu wrote:

My question is:
1) Does this possible race condition exist?

It certainly sounds plausible to me!

2) Why does the code closing the loop device been put to another out of
code workitem instead of finishing all work directly in
blkback_remove()? Any operation in free_blkif() could be blocked? Which
one?

Several are unsafe in interrupt context, for example:
 * unbind_from_irqhandler calls free_irq which can do procfs work
* vbd_free calls blkdev_put which takes a semaphore and probably does a whole load of blocking operations * free_vm_area calls remove_vm_area which acquires a rw spinlock which is not interrupt safe

Correctness dictates that we should be withholding the upcall to user space until the deferred operations are complete. Perhaps you could try doing a wait_for_completion() in blkback_remove, immediately after the blkif_put(). This would then block until kicked by free_blkif().

I may try to put some code together myself if I have time. I suspect netback has a similar issue also (although of course the remove operation tends to be non-critical for net devices, so it won't usually matter!).

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.