From fae65ef3a148079103ae935107c62f7830ab52c5 Mon Sep 17 00:00:00 2001 From: Juergen Gross Date: Tue, 28 Mar 2023 10:45:49 +0200 Subject: xen/pciback: don't call pcistub_device_put() under lock pcistub_device_put() shouldn't be called under spinlock, as it can sleep. For this reason pcistub_device_get_pci_dev() needs to be modified: instead of always calling pcistub_device_get() just do the call of pcistub_device_get() only if it is really needed. This removes the need to call pcistub_device_put(). Reported-by: Dan Carpenter Link: https://lore.kernel.org/lkml/Y+JUIl64UDmdkboh@kadam/ Signed-off-by: Juergen Gross Reviewed-by: Oleksandr Tyshchenko Link: https://lore.kernel.org/r/20230328084549.20695-1-jgross@suse.com Signed-off-by: Juergen Gross --- drivers/xen/xen-pciback/pci_stub.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'drivers/xen') diff --git a/drivers/xen/xen-pciback/pci_stub.c b/drivers/xen/xen-pciback/pci_stub.c index bba527620507..e34b623e4b41 100644 --- a/drivers/xen/xen-pciback/pci_stub.c +++ b/drivers/xen/xen-pciback/pci_stub.c @@ -194,8 +194,6 @@ static struct pci_dev *pcistub_device_get_pci_dev(struct xen_pcibk_device *pdev, struct pci_dev *pci_dev = NULL; unsigned long flags; - pcistub_device_get(psdev); - spin_lock_irqsave(&psdev->lock, flags); if (!psdev->pdev) { psdev->pdev = pdev; @@ -203,8 +201,8 @@ static struct pci_dev *pcistub_device_get_pci_dev(struct xen_pcibk_device *pdev, } spin_unlock_irqrestore(&psdev->lock, flags); - if (!pci_dev) - pcistub_device_put(psdev); + if (pci_dev) + pcistub_device_get(psdev); return pci_dev; } -- cgit v1.2.3 From b2c042cc802fe96d431821bf1cf2f0f04a3eda7d Mon Sep 17 00:00:00 2001 From: Juergen Gross Date: Tue, 28 Mar 2023 10:46:02 +0200 Subject: xen/scsiback: don't call scsiback_free_translation_entry() under lock scsiback_free_translation_entry() shouldn't be called under spinlock, as it can sleep. This requires to split removing a translation entry from the v2p list from actually calling kref_put() for the entry. Reported-by: Dan Carpenter Link: https://lore.kernel.org/lkml/Y+JUIl64UDmdkboh@kadam/ Signed-off-by: Juergen Gross Reviewed-by: Oleksandr Tyshchenko Link: https://lore.kernel.org/r/20230328084602.20729-1-jgross@suse.com Signed-off-by: Juergen Gross --- drivers/xen/xen-scsiback.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'drivers/xen') diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c index 954188b0b858..294f29cdc7aa 100644 --- a/drivers/xen/xen-scsiback.c +++ b/drivers/xen/xen-scsiback.c @@ -1010,12 +1010,6 @@ out_free: return err; } -static void __scsiback_del_translation_entry(struct v2p_entry *entry) -{ - list_del(&entry->l); - kref_put(&entry->kref, scsiback_free_translation_entry); -} - /* Delete the translation entry specified */ @@ -1024,18 +1018,20 @@ static int scsiback_del_translation_entry(struct vscsibk_info *info, { struct v2p_entry *entry; unsigned long flags; - int ret = 0; spin_lock_irqsave(&info->v2p_lock, flags); /* Find out the translation entry specified */ entry = scsiback_chk_translation_entry(info, v); if (entry) - __scsiback_del_translation_entry(entry); - else - ret = -ENOENT; + list_del(&entry->l); spin_unlock_irqrestore(&info->v2p_lock, flags); - return ret; + + if (!entry) + return -ENOENT; + + kref_put(&entry->kref, scsiback_free_translation_entry); + return 0; } static void scsiback_do_add_lun(struct vscsibk_info *info, const char *state, @@ -1239,14 +1235,19 @@ static void scsiback_release_translation_entry(struct vscsibk_info *info) { struct v2p_entry *entry, *tmp; struct list_head *head = &(info->v2p_entry_lists); + struct list_head tmp_list; unsigned long flags; spin_lock_irqsave(&info->v2p_lock, flags); - list_for_each_entry_safe(entry, tmp, head, l) - __scsiback_del_translation_entry(entry); + list_cut_before(&tmp_list, head, head); spin_unlock_irqrestore(&info->v2p_lock, flags); + + list_for_each_entry_safe(entry, tmp, &tmp_list, l) { + list_del(&entry->l); + kref_put(&entry->kref, scsiback_free_translation_entry); + } } static void scsiback_remove(struct xenbus_device *dev) -- cgit v1.2.3 From c66bb48edd58c3a22072b4f68312c225dc1b0009 Mon Sep 17 00:00:00 2001 From: Juergen Gross Date: Mon, 3 Apr 2023 11:27:11 +0200 Subject: xen/pvcalls: don't call bind_evtchn_to_irqhandler() under lock bind_evtchn_to_irqhandler() shouldn't be called under spinlock, as it can sleep. This requires to move the calls of create_active() out of the locked regions. This is no problem, as the worst which could happen would be a spurious call of the interrupt handler, causing a spurious wake_up(). Reported-by: Dan Carpenter Link: https://lore.kernel.org/lkml/Y+JUIl64UDmdkboh@kadam/ Signed-off-by: Juergen Gross Reviewed-by: Oleksandr Tyshchenko Reviewed-by: Stefano Stabellini Link: https://lore.kernel.org/r/20230403092711.15285-1-jgross@suse.com Signed-off-by: Juergen Gross --- drivers/xen/pvcalls-front.c | 46 +++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 20 deletions(-) (limited to 'drivers/xen') diff --git a/drivers/xen/pvcalls-front.c b/drivers/xen/pvcalls-front.c index d5d589bda243..b72ee9379d77 100644 --- a/drivers/xen/pvcalls-front.c +++ b/drivers/xen/pvcalls-front.c @@ -227,22 +227,30 @@ again: static void free_active_ring(struct sock_mapping *map); -static void pvcalls_front_free_map(struct pvcalls_bedata *bedata, - struct sock_mapping *map) +static void pvcalls_front_destroy_active(struct pvcalls_bedata *bedata, + struct sock_mapping *map) { int i; unbind_from_irqhandler(map->active.irq, map); - spin_lock(&bedata->socket_lock); - if (!list_empty(&map->list)) - list_del_init(&map->list); - spin_unlock(&bedata->socket_lock); + if (bedata) { + spin_lock(&bedata->socket_lock); + if (!list_empty(&map->list)) + list_del_init(&map->list); + spin_unlock(&bedata->socket_lock); + } for (i = 0; i < (1 << PVCALLS_RING_ORDER); i++) gnttab_end_foreign_access(map->active.ring->ref[i], NULL); gnttab_end_foreign_access(map->active.ref, NULL); free_active_ring(map); +} + +static void pvcalls_front_free_map(struct pvcalls_bedata *bedata, + struct sock_mapping *map) +{ + pvcalls_front_destroy_active(bedata, map); kfree(map); } @@ -433,19 +441,18 @@ int pvcalls_front_connect(struct socket *sock, struct sockaddr *addr, pvcalls_exit_sock(sock); return ret; } - - spin_lock(&bedata->socket_lock); - ret = get_request(bedata, &req_id); + ret = create_active(map, &evtchn); if (ret < 0) { - spin_unlock(&bedata->socket_lock); free_active_ring(map); pvcalls_exit_sock(sock); return ret; } - ret = create_active(map, &evtchn); + + spin_lock(&bedata->socket_lock); + ret = get_request(bedata, &req_id); if (ret < 0) { spin_unlock(&bedata->socket_lock); - free_active_ring(map); + pvcalls_front_destroy_active(NULL, map); pvcalls_exit_sock(sock); return ret; } @@ -821,28 +828,27 @@ int pvcalls_front_accept(struct socket *sock, struct socket *newsock, int flags) pvcalls_exit_sock(sock); return ret; } - spin_lock(&bedata->socket_lock); - ret = get_request(bedata, &req_id); + ret = create_active(map2, &evtchn); if (ret < 0) { - clear_bit(PVCALLS_FLAG_ACCEPT_INFLIGHT, - (void *)&map->passive.flags); - spin_unlock(&bedata->socket_lock); free_active_ring(map2); kfree(map2); + clear_bit(PVCALLS_FLAG_ACCEPT_INFLIGHT, + (void *)&map->passive.flags); pvcalls_exit_sock(sock); return ret; } - ret = create_active(map2, &evtchn); + spin_lock(&bedata->socket_lock); + ret = get_request(bedata, &req_id); if (ret < 0) { - free_active_ring(map2); - kfree(map2); clear_bit(PVCALLS_FLAG_ACCEPT_INFLIGHT, (void *)&map->passive.flags); spin_unlock(&bedata->socket_lock); + pvcalls_front_free_map(bedata, map2); pvcalls_exit_sock(sock); return ret; } + list_add_tail(&map2->list, &bedata->socket_mappings); req = RING_GET_REQUEST(&bedata->ring, req_id); -- cgit v1.2.3