[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 4/4] hw: replace most qemu_bh_new calls with qemu_bh_new_guarded

To: Alexander Bulekov <alxndr@xxxxxx>, qemu-devel@xxxxxxxxxx
From: Thomas Huth <thuth@xxxxxxxxxx>
Date: Fri, 10 Mar 2023 11:38:52 +0100
Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>, Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>, Mauro Matteo Cascella <mcascell@xxxxxxxxxx>, Peter Xu <peterx@xxxxxxxxxx>, Jason Wang <jasowang@xxxxxxxxxx>, David Hildenbrand <david@xxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>, Laurent Vivier <lvivier@xxxxxxxxxx>, Bandan Das <bsd@xxxxxxxxxx>, "Edgar E . Iglesias" <edgar.iglesias@xxxxxxxxx>, Darren Kenny <darren.kenny@xxxxxxxxxx>, Bin Meng <bin.meng@xxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, "Michael S . Tsirkin" <mst@xxxxxxxxxx>, Marcel Apfelbaum <marcel.apfelbaum@xxxxxxxxx>, Daniel P . Berrangé <berrange@xxxxxxxxxx>, Eduardo Habkost <eduardo@xxxxxxxxxxx>, Jon Maloy <jmaloy@xxxxxxxxxx>, Siqi Chen <coc.cyqh@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Kevin Wolf <kwolf@xxxxxxxxxx>, Hanna Reitz <hreitz@xxxxxxxxxx>, Amit Shah <amit@xxxxxxxxxx>, Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>, John Snow <jsnow@xxxxxxxxxx>, Peter Maydell <peter.maydell@xxxxxxxxxx>, Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>, Keith Busch <kbusch@xxxxxxxxxx>, Klaus Jensen <its@xxxxxxxxxxxxx>, Fam Zheng <fam@xxxxxxxxxx>, Dmitry Fleytman <dmitry.fleytman@xxxxxxxxx>, "Gonglei (Arei)" <arei.gonglei@xxxxxxxxxx>, "open list:X86 Xen CPUs" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "open list:virtio-blk" <qemu-block@xxxxxxxxxx>, "open list:i.MX31 (kzm)" <qemu-arm@xxxxxxxxxx>, "open list:Old World (g3beige)" <qemu-ppc@xxxxxxxxxx>
Delivery-date: Fri, 10 Mar 2023 10:39:27 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05/02/2023 05.07, Alexander Bulekov wrote:

This protects devices from bh->mmio reentrancy issues.

Reviewed-by: Darren Kenny <darren.kenny@xxxxxxxxxx>
Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
Signed-off-by: Alexander Bulekov <alxndr@xxxxxx>
---

...

diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
index 65c4979c3c..f077c1b255 100644
--- a/hw/9pfs/xen-9p-backend.c
+++ b/hw/9pfs/xen-9p-backend.c
@@ -441,7 +441,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev)
          xen_9pdev->rings[i].ring.out = xen_9pdev->rings[i].data +
                                         XEN_FLEX_RING_SIZE(ring_order);

- xen_9pdev->rings[i].bh = qemu_bh_new(xen_9pfs_bh, &xen_9pdev->rings[i]);

+        xen_9pdev->rings[i].bh = qemu_bh_new_guarded(xen_9pfs_bh,
+                                                     &xen_9pdev->rings[i],
+                                                     
&DEVICE(xen_9pdev)->mem_reentrancy_guard);

xen_9pdev is not derived from DeviceState, so you must not cast it withDEVICE().

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 7ce001cacd..37091150cb 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1508,7 +1508,8 @@ static void ahci_cmd_done(const IDEDMA *dma)
      ahci_write_fis_d2h(ad);

if (ad->port_regs.cmd_issue && !ad->check_bh) {

-        ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad);
+        ad->check_bh = qemu_bh_new_guarded(ahci_check_cmd_bh, ad,
+                                           &DEVICE(ad)->mem_reentrancy_guard);
          qemu_bh_schedule(ad->check_bh);
      }
  }


Dito - ad is not derived from DeviceState, so you cannot use DEVICE() here.

(This was causing the crash in the macOS CI job)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 5d1039378f..8c8d1a8ec2 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -519,7 +519,8 @@ BlockAIOCB *ide_issue_trim(

iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);

      iocb->s = s;
-    iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
+    iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb,
+                                   &DEVICE(s)->mem_reentrancy_guard);

IDEState s is also not directly derived from DeviceState. Not sure, butmaybe you can get to the device here in a similar way that is done inide_identify() :


     IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;

?

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 746f07c4d2..309cebacc6 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -908,8 +908,9 @@ static void virtio_balloon_device_realize(DeviceState *dev, 
Error **errp)
          precopy_add_notifier(&s->free_page_hint_notify);

object_ref(OBJECT(s->iothread));

-        s->free_page_bh = aio_bh_new(iothread_get_aio_context(s->iothread),
-                                     virtio_ballloon_get_free_page_hints, s);
+        s->free_page_bh = 
aio_bh_new_guarded(iothread_get_aio_context(s->iothread),
+                                             
virtio_ballloon_get_free_page_hints, s,
+                                             &DEVICE(s)->mem_reentrancy_guard);


You could use "dev" instead of "s" here to get rid of the DEVICE() cast.

The remaining changes look fine to me.

 Thomas

Prev by Date: Re: [PATCH v2] hvc/xen: prevent concurrent accesses to the shared ring
Next by Date: Re: API/ABIs: Re: [RFC PATCH v2 0/2] Add a new acquire resource to query vcpu statistics
Previous by thread: Re: [PATCH v6 4/4] hw: replace most qemu_bh_new calls with qemu_bh_new_guarded
Next by thread: Re: [PATCH v2] x86/SVM: restrict hardware SSBD update upon guest VIRT_SPEC_CTRL write
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.