diff options
author | Vitaly Kuznetsov <vkuznets@redhat.com> | 2016-06-09 17:08:57 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-08-31 13:05:41 +0200 |
commit | e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c (patch) | |
tree | eca99eab2e08b93de6b4efc951afd97a301c66e3 /drivers/hv/hv_snapshot.c | |
parent | 396e287fa2ff46e83ae016cdcb300c3faa3b02f6 (diff) | |
download | lwn-e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c.tar.gz lwn-e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c.zip |
Drivers: hv: utils: fix a race on userspace daemons registration
Background: userspace daemons registration protocol for Hyper-V utilities
drivers has two steps:
1) daemon writes its own version to kernel
2) kernel reads it and replies with module version
at this point we consider the handshake procedure being completed and we
do hv_poll_channel() transitioning the utility device to HVUTIL_READY
state. At this point we're ready to handle messages from kernel.
When hvutil_transport is in HVUTIL_TRANSPORT_CHARDEV mode we have a
single buffer for outgoing message. hvutil_transport_send() puts to this
buffer and till the buffer is cleared with hvt_op_read() returns -EFAULT
to all consequent calls. Host<->guest protocol guarantees there is no more
than one request at a time and we will not get new requests till we reply
to the previous one so this single message buffer is enough.
Now to the race. When we finish negotiation procedure and send kernel
module version to userspace with hvutil_transport_send() it goes into the
above mentioned buffer and if the daemon is slow enough to read it from
there we can get a collision when a request from the host comes, we won't
be able to put anything to the buffer so the request will be lost. To
solve the issue we need to know when the negotiation is really done (when
the version message is read by the daemon) and transition to HVUTIL_READY
state after this happens. Implement a callback on read to support this.
Old style netlink communication is not affected by the change, we don't
really know when these messages are delivered but we don't have a single
message buffer there.
Reported-by: Barry Davis <barry_davis@stormagic.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/hv/hv_snapshot.c')
-rw-r--r-- | drivers/hv/hv_snapshot.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/drivers/hv/hv_snapshot.c b/drivers/hv/hv_snapshot.c index 3fba14e88f03..fde45865579a 100644 --- a/drivers/hv/hv_snapshot.c +++ b/drivers/hv/hv_snapshot.c @@ -95,6 +95,12 @@ static void vss_timeout_func(struct work_struct *dummy) hv_poll_channel(vss_transaction.recv_channel, vss_poll_wrapper); } +static void vss_register_done(void) +{ + hv_poll_channel(vss_transaction.recv_channel, vss_poll_wrapper); + pr_debug("VSS: userspace daemon registered\n"); +} + static int vss_handle_handshake(struct hv_vss_msg *vss_msg) { u32 our_ver = VSS_OP_REGISTER1; @@ -105,16 +111,16 @@ static int vss_handle_handshake(struct hv_vss_msg *vss_msg) dm_reg_value = VSS_OP_REGISTER; break; case VSS_OP_REGISTER1: - /* Daemon expects us to reply with our own version*/ - if (hvutil_transport_send(hvt, &our_ver, sizeof(our_ver))) + /* Daemon expects us to reply with our own version */ + if (hvutil_transport_send(hvt, &our_ver, sizeof(our_ver), + vss_register_done)) return -EFAULT; dm_reg_value = VSS_OP_REGISTER1; break; default: return -EINVAL; } - hv_poll_channel(vss_transaction.recv_channel, vss_poll_wrapper); - pr_debug("VSS: userspace daemon ver. %d registered\n", dm_reg_value); + pr_debug("VSS: userspace daemon ver. %d connected\n", dm_reg_value); return 0; } @@ -168,7 +174,7 @@ static void vss_send_op(struct work_struct *dummy) vss_msg->vss_hdr.operation = op; vss_transaction.state = HVUTIL_USERSPACE_REQ; - rc = hvutil_transport_send(hvt, vss_msg, sizeof(*vss_msg)); + rc = hvutil_transport_send(hvt, vss_msg, sizeof(*vss_msg), NULL); if (rc) { pr_warn("VSS: failed to communicate to the daemon: %d\n", rc); if (cancel_delayed_work_sync(&vss_timeout_work)) { |