from:"Munehisa Kamata"

[Xen-devel] [PATCH] xen-blkfront: use a right index when checking requests

2017-08-09 Thread Munehisa Kamata

Since commit d05d7f40791c ("Merge branch 'for-4.8/core' of
git://git.kernel.dk/linux-block") and 3fc9d690936f ("Merge branch
'for-4.8/drivers' of git://git.kernel.dk/linux-block"), blkfront_resume()
has been using an index for iterating ring_info to check request when
iterating blk_shadow in an inner loop. This seems to have been
accidentally introduced during the massive rewrite of the block layer
macros in the commits.

This may cause crash like this:

[11798.057074] BUG: unable to handle kernel NULL pointer dereference at 
0048
[11798.058832] IP: [] blkfront_resume+0x10a/0x610

[11798.061063] Call Trace:
[11798.061063]  [] xenbus_dev_resume+0x53/0x140
[11798.061063]  [] ? xenbus_dev_probe+0x150/0x150
[11798.061063]  [] dpm_run_callback+0x3e/0x110
[11798.061063]  [] device_resume+0x88/0x190
[11798.061063]  [] dpm_resume+0x100/0x2d0
[11798.061063]  [] dpm_resume_end+0x11/0x20
[11798.061063]  [] do_suspend+0xe8/0x1a0
[11798.061063]  [] shutdown_handler+0xfd/0x130
[11798.061063]  [] ? split+0x110/0x110
[11798.061063]  [] xenwatch_thread+0x86/0x120
[11798.061063]  [] ? prepare_to_wait_event+0x110/0x110
[11798.061063]  [] kthread+0xd7/0xf0
[11798.061063]  [] ? kfree+0x121/0x170
[11798.061063]  [] ? kthread_park+0x60/0x60
[11798.061063]  [] ?  call_usermodehelper_exec_work+0xb0/0xb0
[11798.061063]  [] ?  
call_usermodehelper_exec_async+0x13a/0x140
[11798.061063]  [] ret_from_fork+0x25/0x30

Use the right index in the inner loop.

Fixes: d05d7f40791c ("Merge branch 'for-4.8/core' of 
git://git.kernel.dk/linux-block")
Fixes: 3fc9d690936f ("Merge branch 'for-4.8/drivers' of 
git://git.kernel.dk/linux-block")
Signed-off-by: Munehisa Kamata <kama...@amazon.com>
Reviewed-by: Thomas Friebel <frieb...@amazon.de>
Reviewed-by: Eduardo Valentin <edu...@amazon.com>
Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
Cc: Juergen Gross <jgr...@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Cc: Roger Pau Monne <roger@citrix.com>
Cc: xen-de...@lists.xenproject.org
Cc: sta...@vger.kernel.org
---
 drivers/block/xen-blkfront.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
index 98e34e4c62b8..2468c28d4771 100644
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -2075,9 +2075,9 @@ static int blkfront_resume(struct xenbus_device *dev)
/*
 * Get the bios in the request so we can re-queue them.
 */
-   if (req_op(shadow[i].request) == REQ_OP_FLUSH ||
-   req_op(shadow[i].request) == REQ_OP_DISCARD ||
-   req_op(shadow[i].request) == REQ_OP_SECURE_ERASE ||
+   if (req_op(shadow[j].request) == REQ_OP_FLUSH ||
+   req_op(shadow[j].request) == REQ_OP_DISCARD ||
+   req_op(shadow[j].request) == REQ_OP_SECURE_ERASE ||
shadow[j].request->cmd_flags & REQ_FUA) {
/*
 * Flush operations don't contain bios, so
-- 
2.13.0


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCH] xen/events: don't migrate disabled IRQs

2016-05-20 Thread Munehisa Kamata

Commit ff1e22e7a638 ("xen/events: Mask a moving irq") introduced
a crash below. This can be triggered after being resumed from suspend
 (e.g. live migration) if there are disabled IRQs with
IRQD_SETAFFINITY_PENDING set.

kernel BUG at kernel/irq/migration.c:31!
...
CPU: 0 PID: 9 Comm: migration/0 Tainted: GE   4.4.8 #1
Hardware name: Xen HVM domU, BIOS 4.2.amazon 04/04/2016
task: 88020620 ti: 880206208000 task.ti: 880206208000
RIP: 0010:[]  [] 
irq_move_masked_irq+0xd9/0xf0
RSP: 0018:88020620bc88  EFLAGS: 00010046
...
Call Trace:
 [] eoi_pirq+0xa7/0xd0
 [] __startup_pirq+0xd7/0x140
 [] xen_irq_resume+0x2c7/0x330
 [] xen_suspend+0x86/0x140
 [] multi_cpu_stop+0xb3/0xe0
 [] ? cpu_stop_queue_work+0x80/0x80
 [] cpu_stopper_thread+0x7a/0x110
 [] ? finish_task_switch+0x72/0x1d0
 [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
 [] smpboot_thread_fn+0x10f/0x170
 [] ? sort_range+0x30/0x30
 [] kthread+0xc9/0xe0
 [] ? kthread_park+0x60/0x60
 [] ret_from_fork+0x3f/0x70
 [] ? kthread_park+0x60/0x60

The pending state may last until being suspended, because some IRQs may
show no activities after their affinity settings have been changed.

This change don't let ACK and EOI handlers of xen-pirq and xen-dyn chips
try to migrate disabled IRQs to avoid the BUG in that situation.

Fixes: ff1e22e7a638 ("xen/events: Mask a moving irq")
Reported-and-tested-by: Guilherme Wuensch Manika <gman...@amazon.de>
To: Boris Ostrovsky <boris.ostrov...@oracle.com>
To: David Vrabel <david.vra...@citrix.com>
Cc: xen-de...@lists.xenproject.org
Cc: linux-ker...@vger.kernel.org
Cc: sta...@vger.kernel.org
Cc: Matt Wilson <m...@amazon.com>
Signed-off-by: Munehisa Kamata <kama...@amazon.com>
---
 drivers/xen/events/events_base.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index cb7138c..be8410f 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -487,7 +487,8 @@ static void eoi_pirq(struct irq_data *data)
if (!VALID_EVTCHN(evtchn))
return;
 
-   if (unlikely(irqd_is_setaffinity_pending(data))) {
+   if (unlikely(irqd_is_setaffinity_pending(data) &&
+   !irqd_irq_disabled(data))) {
int masked = test_and_set_mask(evtchn);
 
clear_evtchn(evtchn);
@@ -1370,7 +1371,8 @@ static void ack_dynirq(struct irq_data *data)
if (!VALID_EVTCHN(evtchn))
return;
 
-   if (unlikely(irqd_is_setaffinity_pending(data))) {
+   if (unlikely(irqd_is_setaffinity_pending(data) &&
+   !irqd_irq_disabled(data))) {
int masked = test_and_set_mask(evtchn);
 
clear_evtchn(evtchn);
-- 
2.7.4


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [PATCH] xen-blkfront: use a right index when checking requests

[Xen-devel] [PATCH] xen/events: don't migrate disabled IRQs

2 matches

Site Navigation

Mail list logo

Footer information