search for: vhost_work_queue

Displaying 20 results from an estimated 172 matches for "vhost_work_queue".

2023 Jun 05
1
[PATCH 1/1] vhost: Fix crash during early vhost_transport_send_pkt calls
If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we can race where: 1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue 2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create. 3. vhost_worker_create will set the dev->worker pointer before setting the worker->vtsk pointer. 4. thread0's vhost_work_queue will see the dev->worker pointer is set and try to call vhost_task_wake using not yet set work...
2023 Jun 05
1
[PATCH 1/1] vhost: Fix crash during early vhost_transport_send_pkt calls
If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we can race where: 1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue 2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create. 3. vhost_worker_create will set the dev->worker pointer before setting the worker->vtsk pointer. 4. thread0's vhost_work_queue will see the dev->worker pointer is set and try to call vhost_task_wake using not yet set work...
2023 May 31
1
[syzbot] [kvm?] [net?] [virt?] general protection fault in vhost_work_queue
...ev_flush(struct vhost_dev *dev) { struct vhost_flush_struct flush; - if (dev->worker) { + if (READ_ONCE(dev->worker.vtsk)) { init_completion(&flush.wait_event); vhost_work_init(&flush.work, vhost_flush_work); @@ -247,7 +247,9 @@ EXPORT_SYMBOL_GPL(vhost_dev_flush); void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) { - if (!dev->worker) + struct vhost_task *vtsk = READ_ONCE(dev->worker.vtsk); + + if (!vtsk) return; if (!test_and_set_bit(VHOST_WORK_QUEUED, &work->flags)) { @@ -255,8 +257,8 @@ void vhost_work_queue(struct vhost_dev *dev, struc...
2023 Jun 06
1
[PATCH 1/1] vhost: Fix crash during early vhost_transport_send_pkt calls
On Mon, Jun 05, 2023 at 01:57:30PM -0500, Mike Christie wrote: >If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we >can race where: >1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue >2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create. >3. vhost_worker_create will set the dev->worker pointer before setting >the worker->vtsk pointer. >4. thread0's vhost_work_queue will see the dev->worker pointer is >set and try to call vhost_task_wake us...
2023 May 23
4
[PATCH 3/3] fork, vhost: Use CLONE_THREAD to fix freezer/ps regression
...continue; } just to make the code a bit more clear? If node == NULL then llist_reverse_order() and llist_for_each_entry_safe() will do nothing. But this is minor. /* make sure flag is seen after deletion */ smp_wmb(); llist_for_each_entry_safe(work, work_next, node, node) { clear_bit(VHOST_WORK_QUEUED, &work->flags); I am not sure about smp_wmb + clear_bit. Once we clear VHOST_WORK_QUEUED, vhost_work_queue() can add this work again and change work->node->next. That is why we use _safe, but we need to ensure that llist_for_each_safe() completes LOAD(work->node->next) before...
2016 Apr 26
2
[PATCH 1/2] vhost: simplify work flushing
...work->queue_seq; - work->flushing++; - spin_unlock_irq(&dev->work_lock); - wait_event(work->done, vhost_work_seq_done(dev, work, seq)); - spin_lock_irq(&dev->work_lock); - flushing = --work->flushing; - spin_unlock_irq(&dev->work_lock); - BUG_ON(flushing < 0); + vhost_work_queue(dev, &flush.work); + wait_for_completion(&flush.wait_event); + } } EXPORT_SYMBOL_GPL(vhost_work_flush); @@ -254,7 +251,6 @@ void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) spin_lock_irqsave(&dev->work_lock, flags); if (list_empty(&work->node)) {...
2016 Apr 26
2
[PATCH 1/2] vhost: simplify work flushing
...work->queue_seq; - work->flushing++; - spin_unlock_irq(&dev->work_lock); - wait_event(work->done, vhost_work_seq_done(dev, work, seq)); - spin_lock_irq(&dev->work_lock); - flushing = --work->flushing; - spin_unlock_irq(&dev->work_lock); - BUG_ON(flushing < 0); + vhost_work_queue(dev, &flush.work); + wait_for_completion(&flush.wait_event); + } } EXPORT_SYMBOL_GPL(vhost_work_flush); @@ -254,7 +251,6 @@ void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) spin_lock_irqsave(&dev->work_lock, flags); if (list_empty(&work->node)) {...
2023 Jun 01
1
[syzbot] [kvm?] [net?] [virt?] general protection fault in vhost_work_queue
...t; struct vhost_flush_struct flush; > >- if (dev->worker) { >+ if (READ_ONCE(dev->worker.vtsk)) { > init_completion(&flush.wait_event); > vhost_work_init(&flush.work, vhost_flush_work); > >@@ -247,7 +247,9 @@ EXPORT_SYMBOL_GPL(vhost_dev_flush); > > void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) > { >- if (!dev->worker) >+ struct vhost_task *vtsk = READ_ONCE(dev->worker.vtsk); >+ >+ if (!vtsk) > return; > > if (!test_and_set_bit(VHOST_WORK_QUEUED, &work->flags)) { >@@ -255,8 +257,8 @@ void vhost_work...
2023 May 31
1
[PATCH 3/3] fork, vhost: Use CLONE_THREAD to fix freezer/ps regression
...15, Oleg Nesterov ??: > > > > > > > > /* make sure flag is seen after deletion */ > > > > smp_wmb(); > > > > llist_for_each_entry_safe(work, work_next, node, node) { > > > > clear_bit(VHOST_WORK_QUEUED, &work->flags); > > > > > > > >I am not sure about smp_wmb + clear_bit. Once we clear VHOST_WORK_QUEUED, > > > >vhost_work_queue() can add this work again and change work->node->next. > > > > > > > >That is why we use _safe,...
2016 Dec 07
0
[PATCH 2/2] vhost: remove unnecessary smp_mb from vhost_work_queue
...-off-by: Peng Tao <bergwolf at gmail.com> --- drivers/vhost/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index c6f2d89..2663543 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -261,8 +261,8 @@ void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) if (!test_and_set_bit(VHOST_WORK_QUEUED, &work->flags)) { /* We can only add the work to the list after we're * sure it was not in the list. + * test_and_set_bit() implies a memory barrier. */ - smp_mb(); llist_add(&w...
2023 May 30
1
[syzbot] [kvm?] [net?] [virt?] general protection fault in vhost_work_queue
...EMPT SMP KASAN > KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] > CPU: 0 PID: 29845 Comm: syz-executor.4 Not tainted 6.4.0-rc3-syzkaller-00032-g933174ae28ba #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023 > RIP: 0010:vhost_work_queue drivers/vhost/vhost.c:259 [inline] > RIP: 0010:vhost_work_queue+0xfc/0x150 drivers/vhost/vhost.c:248 > Code: 00 00 fc ff df 48 89 da 48 c1 ea 03 80 3c 02 00 75 56 48 b8 00 00 00 00 00 fc ff df 48 8b 1b 48 8d 7b 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 42 48 8b 7b 70 e8 95 9e ae f9 5b 5d...
2023 Jun 06
1
[PATCH 1/1] vhost: Fix crash during early vhost_transport_send_pkt calls
...> On 6/6/23 4:49 AM, Stefano Garzarella wrote: > > On Mon, Jun 05, 2023 at 01:57:30PM -0500, Mike Christie wrote: > >> If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we > >> can race where: > >> 1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue > >> 2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create. > >> 3. vhost_worker_create will set the dev->worker pointer before setting > >> the worker->vtsk pointer. > >> 4. thread0's vhost_work_queue will see the dev->worker pointer is &g...
2015 Oct 22
4
[PATCH net-next RFC 1/2] vhost: introduce vhost_has_work()
...jasowang at redhat.com> --- drivers/vhost/vhost.c | 6 ++++++ drivers/vhost/vhost.h | 1 + 2 files changed, 7 insertions(+) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index eec2f11..d42d11e 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -245,6 +245,12 @@ void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) } EXPORT_SYMBOL_GPL(vhost_work_queue); +bool vhost_has_work(struct vhost_dev *dev) +{ + return !list_empty(&dev->work_list); +} +EXPORT_SYMBOL_GPL(vhost_has_work); + void vhost_poll_queue(struct vhost_poll *poll) { vhost_work_queue(poll...
2015 Oct 22
4
[PATCH net-next RFC 1/2] vhost: introduce vhost_has_work()
...jasowang at redhat.com> --- drivers/vhost/vhost.c | 6 ++++++ drivers/vhost/vhost.h | 1 + 2 files changed, 7 insertions(+) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index eec2f11..d42d11e 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -245,6 +245,12 @@ void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) } EXPORT_SYMBOL_GPL(vhost_work_queue); +bool vhost_has_work(struct vhost_dev *dev) +{ + return !list_empty(&dev->work_list); +} +EXPORT_SYMBOL_GPL(vhost_has_work); + void vhost_poll_queue(struct vhost_poll *poll) { vhost_work_queue(poll...
2023 Jun 06
2
[PATCH 1/1] vhost: Fix crash during early vhost_transport_send_pkt calls
On 6/6/23 4:49 AM, Stefano Garzarella wrote: > On Mon, Jun 05, 2023 at 01:57:30PM -0500, Mike Christie wrote: >> If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we >> can race where: >> 1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue >> 2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create. >> 3. vhost_worker_create will set the dev->worker pointer before setting >> the worker->vtsk pointer. >> 4. thread0's vhost_work_queue will see the dev->worker pointer is >> set and try t...
2016 Apr 26
0
[PATCH 2/2] vhost: lockless enqueuing
...dex 73dd16d..0061a7b 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -168,7 +168,7 @@ static int vhost_poll_wakeup(wait_queue_t *wait, unsigned mode, int sync, void vhost_work_init(struct vhost_work *work, vhost_work_fn_t fn) { - INIT_LIST_HEAD(&work->node); + clear_bit(VHOST_WORK_QUEUED, &work->flags); work->fn = fn; init_waitqueue_head(&work->done); } @@ -246,15 +246,16 @@ EXPORT_SYMBOL_GPL(vhost_poll_flush); void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) { - unsigned long flags; + if (!dev->worker) + return; - spin_lock_irq...
2016 Apr 26
2
[PATCH 2/2] vhost: lockless enqueuing
...s/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -168,7 +168,7 @@ static int vhost_poll_wakeup(wait_queue_t *wait, unsigned > mode, int sync, > > void vhost_work_init(struct vhost_work *work, vhost_work_fn_t fn) > { > - INIT_LIST_HEAD(&work->node); > + clear_bit(VHOST_WORK_QUEUED, &work->flags); > work->fn = fn; > init_waitqueue_head(&work->done); > } > @@ -246,15 +246,16 @@ EXPORT_SYMBOL_GPL(vhost_poll_flush); > > void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) > { > - unsigned long flags; > + if (...
2016 Apr 26
2
[PATCH 2/2] vhost: lockless enqueuing
...s/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -168,7 +168,7 @@ static int vhost_poll_wakeup(wait_queue_t *wait, unsigned > mode, int sync, > > void vhost_work_init(struct vhost_work *work, vhost_work_fn_t fn) > { > - INIT_LIST_HEAD(&work->node); > + clear_bit(VHOST_WORK_QUEUED, &work->flags); > work->fn = fn; > init_waitqueue_head(&work->done); > } > @@ -246,15 +246,16 @@ EXPORT_SYMBOL_GPL(vhost_poll_flush); > > void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) > { > - unsigned long flags; > + if (...
2016 Dec 07
0
[PATCH 2/2] vhost: remove unnecessary smp_mb from vhost_work_queue
On Wed, Dec 07, 2016 at 05:52:19PM +0800, Peng Tao wrote: > test_and_set_bit() already implies a memory barrier. > > Signed-off-by: Peng Tao <bergwolf at gmail.com> > --- > drivers/vhost/vhost.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com> -------------- next part -------------- A non-text attachment
2023 Mar 28
1
[PATCH v6 02/11] vhost, vhost-net: add helper to check if vq has work
...- if (vhost_has_work(&net->dev)) { + if (vhost_vq_has_work(vq)) { *busyloop_intr = true; break; } diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index e041e116afee..6567aed69ebb 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -262,11 +262,11 @@ void vhost_work_queue(struct vhost_dev *dev, struct vhost_work *work) EXPORT_SYMBOL_GPL(vhost_work_queue); /* A lockless hint for busy polling code to exit the loop */ -bool vhost_has_work(struct vhost_dev *dev) +bool vhost_vq_has_work(struct vhost_virtqueue *vq) { - return dev->worker && !llist_empty(&a...