From: Stefano Stabellini <sstabellini@kernel.org>
To: julien.grall@arm.com
Cc: xen-devel@lists.xenproject.org, sstabellini@kernel.org
Subject: [PATCH v2 4/4] The locking order is: first rank lock, then vgic lock. The order is respected everywhere, except for gic_update_one_lr.
Date: Wed, 21 Dec 2016 18:15:13 -0800 [thread overview]
Message-ID: <1482372913-18366-4-git-send-email-sstabellini@kernel.org> (raw)
In-Reply-To: <1482372913-18366-1-git-send-email-sstabellini@kernel.org>
gic_update_one_lr is called with the vgic lock held, but it calls
vgic_get_target_vcpu, which tries to obtain the rank lock. This can
cause deadlocks.
We already have a version of vgic_get_target_vcpu that doesn't take the
rank lock: __vgic_get_target_vcpu.
Solve the lock inversion problem, by not taking the rank lock in
gic_update_one_lr (calling __vgic_get_target_vcpu instead of
vgic_get_target_vcpu). This is safe, because vcpu target modifications
are protected by the same vgic vcpu lock.
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
---
xen/arch/arm/gic.c | 2 +-
xen/arch/arm/vgic.c | 4 +---
xen/include/asm-arm/vgic.h | 1 +
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index 51148b4..28ab2f9 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -509,7 +509,7 @@ static void gic_update_one_lr(struct vcpu *v, int i)
list_del_init(&p->inflight);
if ( test_and_clear_bit(GIC_IRQ_GUEST_MIGRATING, &p->status) )
{
- struct vcpu *v_target = vgic_get_target_vcpu(v, irq);
+ struct vcpu *v_target = __vgic_get_target_vcpu(v, irq);
irq_set_affinity(p->desc, cpumask_of(v_target->processor));
}
/*
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index cceac24..c89b85f 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -221,12 +221,10 @@ int vcpu_vgic_free(struct vcpu *v)
}
/* The function should be called by rank lock taken. */
-static struct vcpu *__vgic_get_target_vcpu(struct vcpu *v, unsigned int virq)
+struct vcpu *__vgic_get_target_vcpu(struct vcpu *v, unsigned int virq)
{
struct vgic_irq_rank *rank = vgic_rank_irq(v, virq);
- ASSERT(spin_is_locked(&rank->lock));
-
return v->domain->vcpu[rank->vcpu[virq & INTERRUPT_RANK_MASK]];
}
diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
index dce2f84..26594b0 100644
--- a/xen/include/asm-arm/vgic.h
+++ b/xen/include/asm-arm/vgic.h
@@ -295,6 +295,7 @@ extern int domain_vgic_init(struct domain *d, unsigned int nr_spis);
extern void domain_vgic_free(struct domain *d);
extern int vcpu_vgic_init(struct vcpu *v);
extern struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int virq);
+extern struct vcpu *__vgic_get_target_vcpu(struct vcpu *v, unsigned int virq);
extern void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq);
extern void vgic_vcpu_inject_spi(struct domain *d, unsigned int virq);
extern void vgic_clear_pending_irqs(struct vcpu *v);
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-12-22 2:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 2:14 [PATCH v2 0/4] xen/arm: fix rank/vgic lock inversion bug Stefano Stabellini
2016-12-22 2:15 ` [PATCH v2 1/4] xen/arm: fix GIC_INVALID_LR Stefano Stabellini
2016-12-22 2:15 ` [PATCH v2 2/4] arm: store vcpu id in struct irq_pending Stefano Stabellini
2016-12-22 11:52 ` Andrew Cooper
2016-12-22 2:15 ` [PATCH v2 3/4] arm, vgic_migrate_irq: take the right vgic lock Stefano Stabellini
2016-12-28 16:42 ` Julien Grall
2017-01-03 23:30 ` Stefano Stabellini
2017-01-16 16:31 ` Julien Grall
2016-12-22 2:15 ` Stefano Stabellini [this message]
2016-12-28 16:55 ` [PATCH v2 4/4] The locking order is: first rank lock, then vgic lock. The order is respected everywhere, except for gic_update_one_lr Julien Grall
2017-01-03 22:51 ` Stefano Stabellini
2017-01-16 16:55 ` Julien Grall
2017-01-16 19:10 ` Stefano Stabellini
2017-01-19 12:51 ` Julien Grall
2016-12-28 17:30 ` [PATCH v2 1/4] xen/arm: fix GIC_INVALID_LR Julien Grall
2017-01-03 22:52 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1482372913-18366-4-git-send-email-sstabellini@kernel.org \
--to=sstabellini@kernel.org \
--cc=julien.grall@arm.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.