On Tue, Nov 03, 2020 at 02:58:11PM +0100, Jürgen Groß wrote: > On 03.11.20 14:15, Pavel Machek wrote: > > Hi! > > > > > Today it can happen that an event channel is being removed from the > > > system while the event handling loop is active. This can lead to a > > > race resulting in crashes or WARN() splats when trying to access the > > > irq_info structure related to the event channel. > > > > > > Fix this problem by using a rwlock taken as reader in the event > > > handling loop and as writer when deallocating the irq_info structure. > > > > > > As the observed problem was a NULL dereference in evtchn_from_irq() > > > make this function more robust against races by testing the irq_info > > > pointer to be not NULL before dereferencing it. > > > > > > And finally make all accesses to evtchn_to_irq[row][col] atomic ones > > > in order to avoid seeing partial updates of an array element in irq > > > handling. Note that irq handling can be entered only for event channels > > > which have been valid before, so any not populated row isn't a problem > > > in this regard, as rows are only ever added and never removed. > > > > > > This is XSA-331. > > > > > > This is upstream commit 073d0552ead5bfc7a3a9c01de590e924f11b5dd2 > > > > This one is mismerged. > > Thanks for noticing! > > Greg, do you want me to send the series again or only this patch? Please resend the whole series, that's much easier for me than to try to pick one out and replace it with another. thanks, greg k-h
