[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/vpci: initialize msix->next


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
  • Date: Mon, 17 Apr 2023 10:12:44 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ibMEOXHgyM91Y55EGpty08iDY8dRjzTXs1I1Jn2SKIA=; b=nbEYzjaCq/E0t/pvW/A2rotep0dLdXLcgoYR3yYKjCC5FFRN2lQKVaFTSPA7UCIup1m6X266mXbRSvSbUQTRnSzhvlXhPeb1jlgXoNXSmXpH90w8WzI4anRMr/e0Uiw79TDiXZiOPBsACN0XxoC/DfRxEv+Bz+/NW97easN6snmwi7lVnG82gWgV/EAH/hn0sH5jJnwKJCLrIPvEjel5hH5bKYi2BhdBz72ZB1VUQHoCuki144sDwbOq1zH7MZmZyeCLM3CLhTCy0eN4KQV0PNbbKc2Jo0+HaQ7GaL268FBrx7zCWPVxAl9SkWpEfP1d7bxBWWenOZu3f5gwcyQ/UQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UlY4dTigtg+XEouTXwfVx12y5p/xqAdKQx8zJTvt8lg/KwOC35PYaZxH9GQO8oLuG7OxCtN/Uauwf5/K0NC/ufPEtlw5ypaSpUOa76WLJ5j3QOJ6LSB7/a4suLRqfFlXJfIGEWiA0me8AGkX2Nz3oysGv2nGQcWqbfJHac9MP+LDQz0GdDRc59PMEaIRKw60JS0e5Di/odNrRASkWQqp42J3QCOxUHdaeMM2nw/7KSgRuPl/LbPHAi02BN2cpnHRKGu8FN0RVW16Bv8FAZvlVuwVVTeYKujmVhv06X0zgp2Ov0OepvQQva1FDfSIFQVyeS3xGGd0h7+PxgFy0wTuKQ==
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Rahul Singh <Rahul.Singh@xxxxxxx>
  • Delivery-date: Mon, 17 Apr 2023 14:12:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 4/17/23 05:09, Jan Beulich wrote:
> On 14.04.2023 22:29, Stewart Hildebrand wrote:
>> The list was not being initialized, which could result in a crash in
>> vpci_remove_device if no list items were added.
> 
> Can you please point out the code path which may lead to such a crash?

It would be
xen/drivers/vpci/vpci.c:59:        list_del(&pdev->vpci->msix->next);

The crash was observed when msix->next had not been initialized (nor added to a 
list_head). It was uninitialized because ...

>> --- a/xen/drivers/vpci/msix.c
>> +++ b/xen/drivers/vpci/msix.c
>> @@ -678,6 +678,8 @@ static int cf_check init_msix(struct pci_dev *pdev)
>>      if ( !msix )
>>          return -ENOMEM;
>>
>> +    INIT_LIST_HEAD(&msix->next);
>> +
>>      rc = vpci_add_register(pdev->vpci, control_read, control_write,
>>                             msix_control_reg(msix_offset), 2, msix);
>>      if ( rc )
> 
> The error path below here frees msix again, so can't be a problem. The
> only other return path from the function is after a suitable list_add().

... when I wrote this I had applied patch that removed the list_add() in 
question (on ARM). See [1].

> "... if no list items were added" is misleading too - this isn't a list
> head, but a list element. The list head is d->arch.hvm.msix_tables.

I can see now that the crash should more appropriately be resolved in the 
referenced patch where the crash was actually observed [1]. In the current vpci 
on ARM work-in-progress, there's no equivalent struct list_head msix_tables...

Sorry for the noise.

[1] 
https://gitlab.com/xen-project/people/bmarquis/xen-arm-poc/-/commit/9f36d1b1dffcca1ae3fcb2dfcac4709c39d1b3bc



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.