From: "Michael S. Tsirkin" <mst@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: virtualization <virtualization@lists.linux-foundation.org>,
Rafael Aquini <aquini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH RFC] virtio-balloon: fix add/get API use
Date: Mon, 2 Jul 2012 10:33:08 +0300 [thread overview]
Message-ID: <20120702073308.GB8268@redhat.com> (raw)
In-Reply-To: <87d34fx990.fsf@rustcorp.com.au>
In virtio balloon virtqueue_get_buf might now run concurrently with
virtqueue_kick. I audited both and this seems safe in practice but
this is not guaranteed by the API.
Additionally, a spurious interrupt might in theory make
virtqueue_get_buf run in parallel with virtqueue_add_buf, which is racy.
While we might try to protect against spurious callbacks it's
easier to fix the driver: balloon seems to be the only one
(mis)using the API like this, so let's just fix balloon.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
Warning: completely untested.
diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index bfbc15c..a26eb4f 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -47,7 +47,7 @@ struct virtio_balloon
struct task_struct *thread;
/* Waiting for host to ack the pages we released. */
- struct completion acked;
+ wait_queue_head_t acked;
/* Number of balloon pages we've told the Host we're not using. */
unsigned int num_pages;
@@ -89,29 +89,26 @@ static struct page *balloon_pfn_to_page(u32 pfn)
static void balloon_ack(struct virtqueue *vq)
{
- struct virtio_balloon *vb;
- unsigned int len;
+ struct virtio_balloon *vb = vq->vdev->priv;
- vb = virtqueue_get_buf(vq, &len);
- if (vb)
- complete(&vb->acked);
+ wake_up(&vb->acked);
}
static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
{
struct scatterlist sg;
+ unsigned int len;
+ void *buf;
sg_init_one(&sg, vb->pfns, sizeof(vb->pfns[0]) * vb->num_pfns);
- init_completion(&vb->acked);
-
/* We should always be able to add one buffer to an empty queue. */
if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
BUG();
virtqueue_kick(vq);
/* When host has read buffer, this completes via balloon_ack */
- wait_for_completion(&vb->acked);
+ wait_event(vb->acked, virtqueue_get_buf(vq, &len));
}
static void set_page_pfns(u32 pfns[], struct page *page)
@@ -231,12 +228,8 @@ static void update_balloon_stats(struct virtio_balloon *vb)
*/
static void stats_request(struct virtqueue *vq)
{
- struct virtio_balloon *vb;
- unsigned int len;
+ struct virtio_balloon *vb = vq->vdev->priv;
- vb = virtqueue_get_buf(vq, &len);
- if (!vb)
- return;
vb->need_stats_update = 1;
wake_up(&vb->config_change);
}
@@ -245,11 +238,14 @@ static void stats_handle_request(struct virtio_balloon *vb)
{
struct virtqueue *vq;
struct scatterlist sg;
+ unsigned int len;
vb->need_stats_update = 0;
update_balloon_stats(vb);
vq = vb->stats_vq;
+ if (!virtqueue_get_buf(vq, &len))
+ return;
sg_init_one(&sg, vb->stats, sizeof(vb->stats));
if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
BUG();
@@ -358,6 +354,7 @@ static int virtballoon_probe(struct virtio_device *vdev)
INIT_LIST_HEAD(&vb->pages);
vb->num_pages = 0;
init_waitqueue_head(&vb->config_change);
+ init_waitqueue_head(&vb->acked);
vb->vdev = vdev;
vb->need_stats_update = 0;
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Rafael Aquini <aquini@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
virtualization <virtualization@lists.linux-foundation.org>
Subject: [PATCH RFC] virtio-balloon: fix add/get API use
Date: Mon, 2 Jul 2012 10:33:08 +0300 [thread overview]
Message-ID: <20120702073308.GB8268@redhat.com> (raw)
In-Reply-To: <87d34fx990.fsf@rustcorp.com.au>
In virtio balloon virtqueue_get_buf might now run concurrently with
virtqueue_kick. I audited both and this seems safe in practice but
this is not guaranteed by the API.
Additionally, a spurious interrupt might in theory make
virtqueue_get_buf run in parallel with virtqueue_add_buf, which is racy.
While we might try to protect against spurious callbacks it's
easier to fix the driver: balloon seems to be the only one
(mis)using the API like this, so let's just fix balloon.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
Warning: completely untested.
diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index bfbc15c..a26eb4f 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -47,7 +47,7 @@ struct virtio_balloon
struct task_struct *thread;
/* Waiting for host to ack the pages we released. */
- struct completion acked;
+ wait_queue_head_t acked;
/* Number of balloon pages we've told the Host we're not using. */
unsigned int num_pages;
@@ -89,29 +89,26 @@ static struct page *balloon_pfn_to_page(u32 pfn)
static void balloon_ack(struct virtqueue *vq)
{
- struct virtio_balloon *vb;
- unsigned int len;
+ struct virtio_balloon *vb = vq->vdev->priv;
- vb = virtqueue_get_buf(vq, &len);
- if (vb)
- complete(&vb->acked);
+ wake_up(&vb->acked);
}
static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
{
struct scatterlist sg;
+ unsigned int len;
+ void *buf;
sg_init_one(&sg, vb->pfns, sizeof(vb->pfns[0]) * vb->num_pfns);
- init_completion(&vb->acked);
-
/* We should always be able to add one buffer to an empty queue. */
if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
BUG();
virtqueue_kick(vq);
/* When host has read buffer, this completes via balloon_ack */
- wait_for_completion(&vb->acked);
+ wait_event(vb->acked, virtqueue_get_buf(vq, &len));
}
static void set_page_pfns(u32 pfns[], struct page *page)
@@ -231,12 +228,8 @@ static void update_balloon_stats(struct virtio_balloon *vb)
*/
static void stats_request(struct virtqueue *vq)
{
- struct virtio_balloon *vb;
- unsigned int len;
+ struct virtio_balloon *vb = vq->vdev->priv;
- vb = virtqueue_get_buf(vq, &len);
- if (!vb)
- return;
vb->need_stats_update = 1;
wake_up(&vb->config_change);
}
@@ -245,11 +238,14 @@ static void stats_handle_request(struct virtio_balloon *vb)
{
struct virtqueue *vq;
struct scatterlist sg;
+ unsigned int len;
vb->need_stats_update = 0;
update_balloon_stats(vb);
vq = vb->stats_vq;
+ if (!virtqueue_get_buf(vq, &len))
+ return;
sg_init_one(&sg, vb->stats, sizeof(vb->stats));
if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
BUG();
@@ -358,6 +354,7 @@ static int virtballoon_probe(struct virtio_device *vdev)
INIT_LIST_HEAD(&vb->pages);
vb->num_pages = 0;
init_waitqueue_head(&vb->config_change);
+ init_waitqueue_head(&vb->acked);
vb->vdev = vdev;
vb->need_stats_update = 0;
next prev parent reply other threads:[~2012-07-02 7:33 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <patchbomb.1320306168@localhost6.localdomain6>
2011-11-03 7:42 ` [PATCH 1 of 5] virtio: document functions better Rusty Russell
2011-11-03 7:42 ` Rusty Russell
2011-11-03 7:49 ` Christoph Hellwig
2011-11-03 7:49 ` Christoph Hellwig
2011-11-03 7:42 ` [PATCH 2 of 5] virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf Rusty Russell
2011-11-03 7:42 ` Rusty Russell
2011-11-03 7:50 ` Christoph Hellwig
2011-11-03 7:50 ` Christoph Hellwig
2011-11-03 7:42 ` [PATCH 3 of 5] virtio: support unlocked queue kick Rusty Russell
2011-11-03 7:42 ` Rusty Russell
2011-11-03 7:52 ` Christoph Hellwig
2011-11-04 10:09 ` Stefan Hajnoczi
2011-11-04 10:09 ` Stefan Hajnoczi
2011-11-04 10:36 ` Rusty Russell
2011-11-04 10:36 ` Rusty Russell
2011-11-04 10:36 ` Rusty Russell
2011-11-03 7:52 ` Christoph Hellwig
2011-11-03 7:42 ` [PATCH 4 of 5] virtio: avoid modulus operation Rusty Russell
2011-11-03 7:42 ` Rusty Russell
2011-11-03 7:51 ` Pekka Enberg
2011-11-03 10:18 ` Rusty Russell
2011-11-03 10:18 ` Rusty Russell
2011-11-03 7:51 ` Pekka Enberg
2011-11-03 7:42 ` [PATCH 5 of 5] virtio: expose added descriptors immediately Rusty Russell
2011-11-03 7:42 ` Rusty Russell
2011-11-13 21:03 ` Michael S. Tsirkin
2011-11-13 21:03 ` Michael S. Tsirkin
2011-11-14 0:43 ` Rusty Russell
2011-11-14 0:43 ` Rusty Russell
2011-11-14 0:43 ` Rusty Russell
2011-11-14 6:56 ` Michael S. Tsirkin
2011-11-16 0:21 ` Rusty Russell
2011-11-16 7:18 ` Michael S. Tsirkin
2011-11-21 1:48 ` Rusty Russell
2011-11-21 11:57 ` Michael S. Tsirkin
2011-11-22 0:33 ` Rusty Russell
2011-11-22 6:29 ` Michael S. Tsirkin
2011-11-23 1:19 ` Rusty Russell
2011-11-23 8:30 ` Michael S. Tsirkin
2012-07-01 9:20 ` RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately) Michael S. Tsirkin
2012-07-01 9:20 ` Michael S. Tsirkin
2012-07-02 1:05 ` Rusty Russell
2012-07-02 1:05 ` Rusty Russell
2012-07-02 7:25 ` Michael S. Tsirkin
2012-07-02 7:25 ` Michael S. Tsirkin
2012-07-02 16:08 ` Rafael Aquini
2012-07-02 16:08 ` Rafael Aquini
2012-07-03 0:47 ` Rusty Russell
2012-07-03 16:26 ` Rafael Aquini
2012-07-03 16:26 ` Rafael Aquini
2012-07-04 10:55 ` Michael S. Tsirkin
2012-07-04 10:55 ` Michael S. Tsirkin
2012-07-08 23:39 ` Rusty Russell
2012-07-08 23:39 ` Rusty Russell
2012-07-04 10:55 ` Michael S. Tsirkin
2012-07-04 10:55 ` Michael S. Tsirkin
2012-07-02 7:33 ` Michael S. Tsirkin [this message]
2012-07-02 7:33 ` [PATCH RFC] virtio-balloon: fix add/get API use Michael S. Tsirkin
2012-07-04 3:27 ` Rusty Russell
2012-07-04 3:27 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120702073308.GB8268@redhat.com \
--to=mst@redhat.com \
--cc=aquini@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.