[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH for-4.17 3/6] vpci: don't assume that vpci per-device data exists unconditionally
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Mon, 24 Oct 2022 18:01:37 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PAJAk5Sf/jyvgnBaKzr7y6t3VDPFMx4lhZjIXYCMNJg=; b=hC60zy4G/UeEK85msF9Cq9x7wAIx2VARhR572NZPqPa/f6O0amBzCinFg4flNq/JFuUuorHw+/8Ki6aIqN8+GBCZDKmEvldwXBdHGKAAYBe7mf1JcX6faXym5iTW2c6gR88WodUgERYR47BnOHyajsostXBQT0nO4Lso+EAiCOLWCb6MTwsJ6ivmBSmDQimYLytKvJen7v6c8sZCbX4dXSLoEKDfVKwzjvtPH6P0jkW75y6ugRo4KNsiN42EWxIB5zh+MDNhj084ISlSAV22J2rIS984u2ANQCCji8XxohsmiVtCL1O8C2/0O9j8UVmlDAHf/jJVkLIxFq4H37Vk1w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YoedF3Z1Ji+DlkMs+ZEeWBDgZmHyIv5WJzH3t90xr/nQDhncZfq2U7AFkcDVopSvo7W6J/G6+JB6LGwSk9TIiRFPzrHHPnyfGUNwFzar/5OKguF18jisuKHqYJkVBNZ1v+j09QbBUvMnvZ3ofmP9wze6DyqQJEHFRF5RFid93NGwIzej0U8bkN+TUxeHLa2ZlKqy8TKDycx3rKgHclHZ0wUyE6yHsVd+4nUktMnpJ3pbyuYTwmsIPozu6kz6wGHzGfeOLnhl/B/rr6byUCvDYt6CF/4nn/wzlyaD2+2iZR9Lm+swSHYBm3sN54C5b8kFPf4Zq1z5ZcvuV/r8/KauLg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Mon, 24 Oct 2022 16:02:08 +0000
- Ironport-data: A9a23:uj8DcaBKerwQoBVW/z7iw5YqxClBgxIJ4kV8jS/XYbTApGgk1GFWy WAfXGuFM6rbYWKhetwnaNyw8UxQvcKDndRnQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8mk/ngqoPUUIbsIjp2SRJvVBAvgBdin/9RqoNziJ2yDhjlV ena+qUzA3f4nW8pWo4ow/jb8kk25K6u4GlwUmEWPpingnePzxH5M7pHTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiGtY+DyDX4pZlc/HKbix5jj4zys4G2M80Mi+7vdkrc+dZk 72hvbToIesg0zaldO41C3G0GAkmVUFKFSOuzdFSfqV/wmWfG0YAzcmCA2kdB5wC2u92MF1X3 vATJBsvUAKii+G5lefTpulE3qzPLeHNFaZG4zRM6G+cCvwrB5feX6/N+NlUmi8qgdxDFurfY MxfbidzaBPHYFtEPVJ/5JAWxb/0wCWgNWAH7gvK/cLb4ECKpOB1+KLqP9fPPMSDWO1en1qCp 3KA9GP8av0fHIzEmWPfqij07gPJtR+hBK41JaCHyqBj0GC2+0M9FT8Nf2Lu9JFVjWb7AbqzM Xc8+CAjsKwz/0yDVcTmUluzp3vslg4RXZ9cHvM37CmJy7HI+ECJC24cVDlDZdc68sgsSlQXO kShmtroAXljteOTQHfEr7OM92rtYW4SMHMIYjICQU0d+d7/rYovjxXJCNF+DKqyid6zEjb1q 9yXkBUDa3wopZZj/82GEZrv2lpAerChotYJ2zjq
- Ironport-hdrordr: A9a23:xEoub6w/3Gw7oD+TCBuLKrPxt+skLtp133Aq2lEZdPULSKGlfp GV9sjziyWetN9wYh4dcB67Scy9qFfnhOZICO4qTMyftWjdyRKVxeRZgbcKrAeBJ8STzJ8/6U 4kSdkFNDSSNykEsS+Z2njeLz9I+rDunsGVbKXlvhFQpGlRGt1dBmxCe2Km+yNNNWt77c1TLu vg2iMLnUvXRV0nKuCAQlUVVenKoNPG0LrgfB49HhYirC2Dlymh5rLWGwWRmk52aUIG/Z4StU z+1yDp7KSqtP+2jjfaym/o9pxT3P/s0MFKCsCggtUcbh/slgGrToJ8XKDqhkF9nMifrHIR1P XcqRYpOMp+r1vXY2GOuBPonzLt1T4/gkWSvGOwsD/Gm4jUVTg6A81OicZyaR3C8Xctu9l6ze Ziw3+Zn4A/N2KNoA3No/zzEz16nEu9pnQv1cQJiWZEbIcYYLhN6aQC4UJuFosaFi6S0vFrLA BXNrCT2B9qSyLaU5iA1VMfgOBEH05DVCtue3Jy9fB8iFNt7TNEJ0hx/r1sop5PzuN+d3B+3Z W1Dk1ZrsAxciYoV9MNOA4ge7rCNoWfe2O6DEuiZXLaKYogB1Xh77bK3ZRd3pDYRHVP9up4pK j8
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Oct 24, 2022 at 01:04:01PM +0200, Jan Beulich wrote:
> On 20.10.2022 11:46, Roger Pau Monne wrote:
> > It's possible for a device to be assigned to a domain but have no
> > vpci structure if vpci_process_pending() failed and called
> > vpci_remove_device() as a result. The unconditional accesses done by
> > vpci_{read,write}() and vpci_remove_device() to pdev->vpci would
> > then trigger a NULL pointer dereference.
> >
> > Add checks for pdev->vpci presence in the affected functions.
> >
> > Fixes: 9c244fdef7 ('vpci: add header handlers')
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> I wonder though whether these changes are enough. Is
> vpci_process_pending() immune to a pdev losing its ->vpci?
I think this is safe so far because the only place where
vpci_remove_device() gets called that doesn't also deassign the device
from the domain is vpci_process_pending(), and in that error path it
also clears any pending work. Since the device no longer has ->vpci
handlers no further calls to vpci_process_pending() can happen.
> Furthermore msix_find() iterates over d->arch.hvm.msix_tables, which
> looks to only ever be added to. Doesn't this list need pruning by
> vpci_remove_device()? I've noticed this only because of looking at
> derefs of ->vpci in msix.c - I don't think I can easily see that all
> of those derefs are once again immune to a pdev losing its ->vpci.
I think you are correct, we are missing a
list_del(&pdev->vpci->msix->next) in vpci_remove_device(). We will
however have locking issues with this, as msix_find() doesn't take any
locks, neither do it's callers. I guess this will be fixed as part of
the lager add vPCI locking series. Will add another patch to the
series with the MSIX table removal.
Thanks, Roger.
|
