[PATCH] vhost: Avoid that vhost_work_flush() locks up

[PATCH] vhost: Avoid that vhost_work_flush() locks up

[Bart Van Assche]

Wake up work->done waiters even if the TIF_NEED_RESCHED task flag
has been set. This patch fixes a regression introduced in commit
d550dda (kernel v3.4).

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60505
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Asias He <asias@redhat.com>
Cc: Nadav Har'El <nyh@math.technion.ac.il>
Cc: Abel Gordon <abelg@il.ibm.com>
Cc: <stable@vger.kernel.org> # v3.4+
---
 drivers/vhost/vhost.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 60aa5ad..cd544ae 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -227,8 +227,16 @@ static int vhost_worker(void *data)
 		if (work) {
 			__set_current_state(TASK_RUNNING);
 			work->fn(work);
-			if (need_resched())
+			if (need_resched()) {
+				spin_lock_irq(&dev->work_lock);
+				work->done_seq = seq;
+				if (work->flushing)
+					wake_up_all(&work->done);
+				spin_unlock_irq(&dev->work_lock);
+
+				work = NULL;
 				schedule();
+			}
 		} else
 			schedule();
 
-- 
1.7.10.4

Re: [PATCH] vhost: Avoid that vhost_work_flush() locks up

[Bart Van Assche]

On 07/05/13 10:36, Bart Van Assche wrote:
> Wake up work->done waiters even if the TIF_NEED_RESCHED task flag
> has been set. This patch fixes a regression introduced in commit
> d550dda (kernel v3.4).
>
> Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60505

(replying to my own e-mail)

Please ignore this patch. Although it might help to wake up 
vhost_work_flush() earlier, the patch description does not match the 
patch itself and the patch does not fix the vhost_work_flush() lockup.

Bart.

Re: [PATCH] vhost: Avoid that vhost_work_flush() locks up

[Michael S. Tsirkin]

On Fri, Jul 05, 2013 at 10:36:46AM +0200, Bart Van Assche wrote:
> Wake up work->done waiters even if the TIF_NEED_RESCHED task flag
> has been set. This patch fixes a regression introduced in commit
> d550dda (kernel v3.4).
> 
> Signed-off-by: Bart Van Assche <bvanassche@acm.org>
> Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60505
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Asias He <asias@redhat.com>
> Cc: Nadav Har'El <nyh@math.technion.ac.il>
> Cc: Abel Gordon <abelg@il.ibm.com>
> Cc: <stable@vger.kernel.org> # v3.4+

I just posted a patch fixing a bug in this function.
[PATCHv3] vhost-net: fix use-after-free in vhost_net_flush
could you please try with this patch applied?

> ---
>  drivers/vhost/vhost.c |   10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index 60aa5ad..cd544ae 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -227,8 +227,16 @@ static int vhost_worker(void *data)
>  		if (work) {
>  			__set_current_state(TASK_RUNNING);
>  			work->fn(work);
> -			if (need_resched())
> +			if (need_resched()) {
> +				spin_lock_irq(&dev->work_lock);
> +				work->done_seq = seq;
> +				if (work->flushing)
> +					wake_up_all(&work->done);
> +				spin_unlock_irq(&dev->work_lock);
> +
> +				work = NULL;
>  				schedule();
> +			}
>  		} else
>  			schedule();
>  
> -- 
> 1.7.10.4