[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.17] sched/null: avoid crash after failed domU creation

commit 8a13397211b6f6495d095f1214ed122db8f2081d
Author:     Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
AuthorDate: Tue May 23 14:56:04 2023 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue May 23 14:56:04 2023 +0200

    sched/null: avoid crash after failed domU creation
    
    When creating a domU, but the creation fails, there is a corner case that 
may
    lead to a crash in the null scheduler when running a debug build of Xen.
    
    (XEN) ****************************************
    (XEN) Panic on CPU 0:
    (XEN) Assertion 'npc->unit == unit' failed at common/sched/null.c:379
    (XEN) ****************************************
    
    The events leading to the crash are:
    
    * null_unit_insert() was invoked with the unit offline. Since the unit was
      offline, unit_assign() was not called, and null_unit_insert() returned.
    * Later during domain creation, the unit was onlined
    * Eventually, domain creation failed due to bad configuration
    * null_unit_remove() was invoked with the unit still online. Since the unit 
was
      online, it called unit_deassign() and triggered an ASSERT.
    
    To fix this, only call unit_deassign() when npc->unit is non-NULL in
    null_unit_remove.
    
    Signed-off-by: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Acked-by: Dario Faggioli <dfaggioli@xxxxxxxx>
    master commit: c2eae2614c8f04e384cd3334c3f06f31a6cb5f41
    master date: 2023-05-22 16:11:40 +0200
---
 xen/common/sched/null.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/xen/common/sched/null.c b/xen/common/sched/null.c
index 65a0a6c531..2091337fcd 100644
--- a/xen/common/sched/null.c
+++ b/xen/common/sched/null.c
@@ -522,6 +522,8 @@ static void cf_check null_unit_remove(
 {
     struct null_private *prv = null_priv(ops);
     struct null_unit *nvc = null_unit(unit);
+    struct null_pcpu *npc;
+    unsigned int cpu;
     spinlock_t *lock;
 
     ASSERT(!is_idle_unit(unit));
@@ -531,8 +533,6 @@ static void cf_check null_unit_remove(
     /* If offline, the unit shouldn't be assigned, nor in the waitqueue */
     if ( unlikely(!is_unit_online(unit)) )
     {
-        struct null_pcpu *npc;
-
         npc = unit->res->sched_priv;
         ASSERT(npc->unit != unit);
         ASSERT(list_empty(&nvc->waitq_elem));
@@ -549,7 +549,10 @@ static void cf_check null_unit_remove(
         goto out;
     }
 
-    unit_deassign(prv, unit);
+    cpu = sched_unit_master(unit);
+    npc = get_sched_res(cpu)->sched_priv;
+    if ( npc->unit )
+        unit_deassign(prv, unit);
 
  out:
     unit_schedule_unlock_irq(lock, unit);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.17

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.