> -----Original Message----- > From: Vitaly Kuznetsov [mailto:vkuznets@xxxxxxxxxx] > Sent: Wednesday, February 4, 2015 1:01 AM > To: KY Srinivasan; devel@xxxxxxxxxxxxxxxxxxxxxx > Cc: Haiyang Zhang; linux-kernel@xxxxxxxxxxxxxxx; Dexuan Cui; Jason Wang > Subject: [PATCH 2/4] Drivers: hv: vmbus: do not lose rescind offer on failure in > vmbus_process_offer() > > In case we hit a failure condition in vmbus_process_offer() and a rescind offer > was pending for the channel we just do free_channel() so > CHANNELMSG_RELID_RELEASED > will never be send to the host. We have to follow vmbus_process_rescind_offer() > path anyway. > > To support the change we need to protect list_del in > vmbus_process_rescind_offer() > hitting an uninitialized list. > > Reported-by: Dexuan Cui <decui@xxxxxxxxxxxxx> > Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> > --- > drivers/hv/channel_mgmt.c | 20 ++++++++++++++++++-- > 1 file changed, 18 insertions(+), 2 deletions(-) > > diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c > index eb9ce94..fdccd16 100644 > --- a/drivers/hv/channel_mgmt.c > +++ b/drivers/hv/channel_mgmt.c > @@ -152,6 +152,7 @@ static struct vmbus_channel *alloc_channel(void) > spin_lock_init(&channel->inbound_lock); > spin_lock_init(&channel->lock); > > + INIT_LIST_HEAD(&channel->listentry); > INIT_LIST_HEAD(&channel->sc_list); > INIT_LIST_HEAD(&channel->percpu_list); > > @@ -308,6 +309,7 @@ static void vmbus_process_offer(struct work_struct > *work) > struct vmbus_channel *channel; > bool fnew = true; > bool enq = false; > + bool failure = false; > int ret; > unsigned long flags; > > @@ -408,19 +410,33 @@ static void vmbus_process_offer(struct work_struct > *work) > spin_lock_irqsave(&vmbus_connection.channel_lock, flags); > list_del(&newchannel->listentry); > spin_unlock_irqrestore(&vmbus_connection.channel_lock, > flags); > + /* > + * Init listentry again as vmbus_process_rescind_offer can try > + * doing list_del again. > + */ > + INIT_LIST_HEAD(&channel->listentry); > kfree(newchannel->device_obj); > + newchannel->device_obj = NULL; > goto err_free_chan; > } > + goto done_init_rescind; > +err_free_chan: > + failure = true; > done_init_rescind: > + /* > + * Get additional reference as vmbus_put_channel() can be called > + * either directly or through vmbus_process_rescind_offer(). > + */ > + vmbus_get_channel(newchannel); > spin_lock_irqsave(&newchannel->lock, flags); here we get the lock. > /* The next possible work is rescind handling */ > INIT_WORK(&newchannel->work, vmbus_process_rescind_offer); > /* Check if rescind offer was already received */ > if (newchannel->rescind) > queue_work(newchannel->controlwq, &newchannel->work); > + else if (failure) > + vmbus_put_channel(newchannel); Here in vmbus_put_channel(), we try to get the same spinlock -- dead lock. -- Dexuan > spin_unlock_irqrestore(&newchannel->lock, flags); > - return; > -err_free_chan: > vmbus_put_channel(newchannel); > } > > -- > 1.9.3 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
