Avi Kivity wrote:
> On 07/02/2009 06:50 PM, Avi Kivity wrote:
>> On 07/02/2009 06:37 PM, Gregory Haskins wrote:
>>> (Applies to kvm.git/master:1f9050fd)
>>>
>>> The following is the latest attempt to fix the races in
>>> irqfd/eventfd, as
>>> well as restore DEASSIGN support. For more details, please read the
>>> patch
>>> headers.
>>>
>>> As always, this series has been tested against the kvm-eventfd unit
>>> test
>>> and everything appears to be functioning properly. You can download
>>> this
>>> test here:
>>
>> Applied, thanks.
>>
>
> ... and unapplied. There's a refcounting mismatch in irqfd_cleanup: a
> reference is taken for each irqfd, but dropped for each guest. This
> causes an oops if a guest with no irqfds is created and destroyed:
I was able to reproduce this issue. The problem turned out to be that I
inadvertently always did a flush_workqueue(), even if the work-queue was
never initialized.
The following interdiff applied to the reverted patch has been confirmed
to fix the issue:
-------------------
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index fcc3469..52b0e04 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -318,6 +318,9 @@ kvm_irqfd_deassign(struct kvm *kvm, int fd, int gsi)
struct _irqfd *irqfd, *tmp;
struct eventfd_ctx *eventfd;
+ if (!kvm->irqfds.init)
+ return -ENOENT;
+
eventfd = eventfd_ctx_fdget(fd);
if (IS_ERR(eventfd))
return PTR_ERR(eventfd);
@@ -360,6 +363,9 @@ kvm_irqfd_release(struct kvm *kvm)
{
struct _irqfd *irqfd, *tmp;
+ if (!kvm->irqfds.init)
+ return;
+
spin_lock_irq(&kvm->irqfds.lock);
list_for_each_entry_safe(irqfd, tmp, &kvm->irqfds.items, list)
---------------------
You can pick up this fix folded into the original v9:5/5 patch here:
git pull
git://git.kernel.org/pub/scm/linux/kernel/git/ghaskins/linux-2.6-hacks.git
for-avi
Sorry for the sloppy patch in v9. :( Will strive to do better next time.
Regards,
-Greg
Attachment:
signature.asc
Description: OpenPGP digital signature
