[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen-devel][PATCH] concurrency control issues in netback

I have been looking at the netback code (netback.c) and I think there
may be a bug in the way concurrency is managed here. Specifically, the
function that cleans up completed requests (net_tx_action_dealloc()) is
executed only from within a tasklet and hence does not acquire any locks
to manipulate global state that could potentially be modified from other
cpus. The code seems to assume writes are ordered without explicitly
forcing the ordering. The problematic  global state is the index that
keeps track of the last valid index to be dealloced (dealloc_prod). This
 could potentially be manipulated outside of the tasklet. 

The dealloc_ring[] is populated and the dealloc_prod variable is
advanced in the function netif_idx_release() under the protection of a
spin lock. However, if the two memory writes (assigning at the current
dealloc_prod index and advancing the dealloc_prod index) in
netif_idx_release() are seen out of order on the cpu executing
net_tx_action_dealloc(), we can get into a situation where we could
attempt to operate on an index that has invalid data. The fix would be
fairly simple. We could snapshot the current value of dealloc_prod in
net_tx_action_dealloc() under the protection of the same spin lock that
is used to advance the dealloc_prod index in netif_idx_release. This
would give a consistent snapshot of the dealloc_prod index and deal with
the problem described above.  The attached patch does just that. 

Signed-    off-    by K. Y. Srinivasan <ksrinivasan@xxxxxxxxxx

Attachment: netback-testing.patch
Description: Text document

Attachment: netback-unstable.patch
Description: Text document

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.