search for: reply_mutex

...its rights to expect the "OK" first. Here''s what is happening: The userspace process xenstore-watch writes to /proc/xen/xenbus with msg_type==XS_WATCH. This is handled by xenbus_write_watch which calls register_xenbus_watch with watch_fired as a callback *before* acquiring the reply_mutex and sending the synthesised "OK" reply. This gives a fast xenstore the opportunity to cause the watch_fired to run (and briefly grab the reply_mutex for itself) before the fake "OK" message is sent. Below, I''ve included a putative patch for pre-3.3 xenfs that fixes th...

...ruct list_head transactions; + /* Active watches. */ + struct list_head watches; + /* Partial request. */ unsigned int len; union { @@ -70,6 +73,8 @@ struct xenbus_dev_data { char read_buffer[PAGE_SIZE]; unsigned int read_cons, read_prod; wait_queue_head_t read_waitq; + + struct mutex reply_mutex; }; static struct proc_dir_entry *xenbus_dev_intf; @@ -100,13 +105,59 @@ static void queue_reply(struct xenbus_de { int i; + mutex_lock(&u->reply_mutex); + for (i = 0; i < len; i++, u->read_prod++) u->read_buffer[MASK_READ_IDX(u->read_prod)] = data[i]; BUG_ON((u...

Hi all, I think this is a serious bug, existing in the pvops 2.6.31.13 (also existing in linux 2.6.35); In the xenbus driver (drivers/xen/xenfs/xenbus.c), the function of xenbus_file_read has a section of source code like this: if (ret != sz) { if (i == 0) i = -EFAULT; goto out; } /* Clear