From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sheng Yang Subject: Re: [PATCH 15/15] KVM: Fix racy in kvm_free_assigned_irq Date: Mon, 29 Dec 2008 21:49:20 +0800 Message-ID: <200812292149.21226.sheng@linux.intel.com> References: <20081225115609.GA10087@syang10-desktop> <200812292023.29565.sheng@linux.intel.com> <4958D2B0.6050904@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Cc: Avi Kivity , Amit Shah , Marcelo Tosatti , Amit Shah , "Han, Weidong" To: kvm@vger.kernel.org Return-path: Received: from mga06.intel.com ([134.134.136.21]:40725 "EHLO orsmga101.jf.intel.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751703AbYL2NtY (ORCPT ); Mon, 29 Dec 2008 08:49:24 -0500 In-Reply-To: <4958D2B0.6050904@redhat.com> Content-Disposition: inline Sender: kvm-owner@vger.kernel.org List-ID: On Monday 29 December 2008 21:37:52 Avi Kivity wrote: > Sheng Yang wrote: > > The free assigned device in the destroy path of VM, so as free irq. And > > we got cancel_work_sync() in free irq which can sync with the execution > > of scheduled work. And now before cancel_work_sync(), we disable the > > interrupt so that no more schedule work happen again. So after > > cancel_work_sync(), everything(I think it's irq handler and schedule work > > here) asynchronously should quiet down. > > > > Or I miss something? > > Suppose the work_struct gets scheduled, but is delayed somewhere in the > scheduler. Some kill -9s the VM, and it starts getting destroyed. > cancel_work_sync() can no longer truly cancel the work, so it has to > schedule and wait for its completion. > > So now we have kvm_assigned_dev_interrupt_work_handler() running in a > partially destroyed VM. It may work or not, but it's a fragile > situation (changing the order of destruction of components will likely > break things) and it's easy to avoid by keeping the reference count > elevated. OK, got it. Thanks for explaining! -- regards Yang, Sheng