[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [hypervisor deadlock] Re: [PATCH v9 for Xen 4.7 1/4] xen: enable per-VCPU parameter for RTDS



On Mon, Apr 4, 2016 at 10:14 AM, Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> wrote:
> On 01/04/16 05:59, Chong Li wrote:
>> diff --git a/xen/common/sched_credit.c b/xen/common/sched_credit.c
>> index 305889a..e5d15d8 100644
>> --- a/xen/common/sched_credit.c
>> +++ b/xen/common/sched_credit.c
>> @@ -1080,15 +1080,13 @@ csched_dom_cntl(
>>       * lock. Runq lock not needed anywhere in here. */
>>      spin_lock_irqsave(&prv->lock, flags);
>>
>> -    if ( op->cmd == XEN_DOMCTL_SCHEDOP_getinfo )
>> +    switch ( op->cmd )
>>      {
>> +    case XEN_DOMCTL_SCHEDOP_getinfo:
>>          op->u.credit.weight = sdom->weight;
>>          op->u.credit.cap = sdom->cap;
>> -    }
>> -    else
>> -    {
>> -        ASSERT(op->cmd == XEN_DOMCTL_SCHEDOP_putinfo);
>> -
>> +        break;
>> +    case XEN_DOMCTL_SCHEDOP_putinfo:
>>          if ( op->u.credit.weight != 0 )
>>          {
>>              if ( !list_empty(&sdom->active_sdom_elem) )
>> @@ -1101,7 +1099,9 @@ csched_dom_cntl(
>>
>>          if ( op->u.credit.cap != (uint16_t)~0U )
>>              sdom->cap = op->u.credit.cap;
>> -
>> +        break;
>> +    default:
>> +        return -EINVAL;
>
> This path returns without unlocking prv->lock.
>
>>      }
>>
>>      spin_unlock_irqrestore(&prv->lock, flags);
>> diff --git a/xen/common/sched_credit2.c b/xen/common/sched_credit2.c
>> index 7ddad38..d48ed5a 100644
>> --- a/xen/common/sched_credit2.c
>> +++ b/xen/common/sched_credit2.c
>> @@ -1421,14 +1421,12 @@ csched2_dom_cntl(
>>       * runq lock to update csvcs. */
>>      spin_lock_irqsave(&prv->lock, flags);
>>
>> -    if ( op->cmd == XEN_DOMCTL_SCHEDOP_getinfo )
>> +    switch ( op->cmd )
>>      {
>> +    case XEN_DOMCTL_SCHEDOP_getinfo:
>>          op->u.credit2.weight = sdom->weight;
>> -    }
>> -    else
>> -    {
>> -        ASSERT(op->cmd == XEN_DOMCTL_SCHEDOP_putinfo);
>> -
>> +        break;
>> +    case XEN_DOMCTL_SCHEDOP_putinfo:
>>          if ( op->u.credit2.weight != 0 )
>>          {
>>              struct vcpu *v;
>> @@ -1457,6 +1455,9 @@ csched2_dom_cntl(
>>                  vcpu_schedule_unlock(lock, svc->vcpu);
>>              }
>>          }
>> +        break;
>> +    default:
>> +        return -EINVAL;
>
> As does this.
>
> Please submit a bugfix ASAP.  This will become a security vulnerability
> if Xen 4.7 is shipped without it being fixed.
>
>>      }
>>
>>      spin_unlock_irqrestore(&prv->lock, flags);
>
Thanks for pointing this out.

Dario, do you want to include this bugfix in your cleanup patch, or
let me submit this?

Chong


-- 
Chong Li
Department of Computer Science and Engineering
Washington University in St.louis

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.