From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH] x86: prevent call to xfree() in dump_irqs()
 while in an irq context
Date: Mon, 21 May 2012 14:59:36 +0100
Message-ID: <4FBA4A48.4010004@citrix.com>
References: <4FBA64420200007800084D93@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <4FBA64420200007800084D93@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 21/05/12 14:50, Jan Beulich wrote:
> Because of c/s 24707:96987c324a4f, dump_irqs() can now be called in an
> irq context when a bug condition is encountered. If this is the case,
> ignore the call to xsm_show_irq_ssid() and the subsequent call to
> xfree().
>
> This prevents an assertion failure in xfree(), and should allow all the
> debug information to be dumped, before failing with a BUG() because of
> the underlying race condition we are attempting to reproduce.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
> Rather than using the non-obvious conditional around an xfree() that
> would be passed NULL only in the inverse case (which could easily get
> removed by a future change on the basis that calling xfree(NULL) is
> benign), switch the order of checks in xfree() itself and only suppress
> the call to XSM that could potentially call xmalloc().
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

>
> --- 2012-04-23.orig/xen/arch/x86/irq.c	2012-05-14 17:43:58.000000000 +0200
> +++ 2012-04-23/xen/arch/x86/irq.c	2012-05-21 15:38:01.000000000 +0200
> @@ -2060,7 +2060,7 @@ static void dump_irqs(unsigned char key)
>          if ( !irq_desc_initialized(desc) || desc->handler == &no_irq_type )
>              continue;
>  
> -        ssid = xsm_show_irq_sid(irq);
> +        ssid = in_irq() ? NULL : xsm_show_irq_sid(irq);
>  
>          spin_lock_irqsave(&desc->lock, flags);
>  
> --- 2012-04-23.orig/xen/common/xmalloc_tlsf.c	2011-10-17 08:35:00.000000000 +0200
> +++ 2012-04-23/xen/common/xmalloc_tlsf.c	2012-05-21 15:38:31.000000000 +0200
> @@ -604,11 +604,11 @@ void xfree(void *p)
>  {
>      struct bhdr *b;
>  
> -    ASSERT(!in_irq());
> -
>      if ( p == NULL )
>          return;
>  
> +    ASSERT(!in_irq());
> +
>      /* Strip alignment padding. */
>      b = (struct bhdr *)((char *) p - BHDR_OVERHEAD);
>      if ( b->size & 1 )
>
>
>

-- 
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com