This is a note to let you know that I've just added the patch titled
xenbus/backend: Protect xenbus callback with lock
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xenbus-backend-protect-xenbus-callback-with-lock.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 687767a63056cbd1cadbd9daba0952e79bc78612
Author: SeongJae Park <sjpark@xxxxxxxxx>
Date: Mon Jan 27 09:18:09 2020 +0100
xenbus/backend: Protect xenbus callback with lock
[ Upstream commit 060eabe8fbe726aca341b518366da4d79e338100 ]
A driver's 'reclaim_memory' callback can race with 'probe' or 'remove'
because it will be called whenever memory pressure is detected. To
avoid such race, this commit embeds a spinlock in each 'xenbus_device'
and make 'xenbus' to hold the lock while the corresponded callbacks are
running.
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
Signed-off-by: SeongJae Park <sjpark@xxxxxxxxx>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Stable-dep-of: afc545da381b ("xen: Fix the issue of resource not being properly released in xenbus_dev_probe()")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c
index 9215099caad61..1ad5bc9dd6cc4 100644
--- a/drivers/xen/xenbus/xenbus_probe.c
+++ b/drivers/xen/xenbus/xenbus_probe.c
@@ -240,7 +240,9 @@ int xenbus_dev_probe(struct device *_dev)
goto fail;
}
+ spin_lock(&dev->reclaim_lock);
err = drv->probe(dev, id);
+ spin_unlock(&dev->reclaim_lock);
if (err)
goto fail_put;
@@ -270,8 +272,11 @@ int xenbus_dev_remove(struct device *_dev)
free_otherend_watch(dev);
- if (drv->remove)
+ if (drv->remove) {
+ spin_lock(&dev->reclaim_lock);
drv->remove(dev);
+ spin_unlock(&dev->reclaim_lock);
+ }
module_put(drv->driver.owner);
@@ -484,6 +489,7 @@ int xenbus_probe_node(struct xen_bus_type *bus,
goto fail;
dev_set_name(&xendev->dev, "%s", devname);
+ spin_lock_init(&xendev->reclaim_lock);
/* Register with generic device framework. */
err = device_register(&xendev->dev);
diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c
index 386a1348694a7..54aefbbbbff9e 100644
--- a/drivers/xen/xenbus/xenbus_probe_backend.c
+++ b/drivers/xen/xenbus/xenbus_probe_backend.c
@@ -258,12 +258,18 @@ static int backend_probe_and_watch(struct notifier_block *notifier,
static int backend_reclaim_memory(struct device *dev, void *data)
{
const struct xenbus_driver *drv;
+ struct xenbus_device *xdev;
if (!dev->driver)
return 0;
drv = to_xenbus_driver(dev->driver);
- if (drv && drv->reclaim_memory)
- drv->reclaim_memory(to_xenbus_device(dev));
+ if (drv && drv->reclaim_memory) {
+ xdev = to_xenbus_device(dev);
+ if (!spin_trylock(&xdev->reclaim_lock))
+ return 0;
+ drv->reclaim_memory(xdev);
+ spin_unlock(&xdev->reclaim_lock);
+ }
return 0;
}
diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
index cf37b2d93560f..0d166dfe48334 100644
--- a/include/xen/xenbus.h
+++ b/include/xen/xenbus.h
@@ -85,6 +85,7 @@ struct xenbus_device {
enum xenbus_state state;
struct completion down;
struct work_struct work;
+ spinlock_t reclaim_lock;
};
static inline struct xenbus_device *to_xenbus_device(struct device *dev)
