Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abd41f03 authored by Rusty Russell's avatar Rusty Russell
Browse files

lguest: fix race in halt code 



When the Guest does the LHCALL_HALT hypercall, we go to sleep, expecting
that a timer or the Waker will wake_up_process() us.

But we do it in a stupid way, leaving a classic missing wakeup race.

So split maybe_do_interrupt() into interrupt_pending() and
try_deliver_interrupt(), and check maybe_do_interrupt() and the
"break_out" flag before calling schedule.

Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
parent ebf9a5a9

drivers/lguest/core.c

+12 −2
Original line number Original line Diff line number Diff line
@@ -188,6 +188,8 @@ int run_guest(struct lg_cpu *cpu, unsigned long __user *user) 
{

{

	/* We stop running once the Guest is dead. */

	/* We stop running once the Guest is dead. */

	while (!cpu->lg->dead) {

	while (!cpu->lg->dead) {

		unsigned int irq;



		/* First we run any hypercalls the Guest wants done. */

		/* First we run any hypercalls the Guest wants done. */

		if (cpu->hcall)

		if (cpu->hcall)

			do_hypercalls(cpu);

			do_hypercalls(cpu);
@@ -211,7 +213,9 @@ int run_guest(struct lg_cpu *cpu, unsigned long __user *user) 
		/* Check if there are any interrupts which can be delivered now:

		/* Check if there are any interrupts which can be delivered now:

		 * if so, this sets up the hander to be executed when we next

		 * if so, this sets up the hander to be executed when we next

		 * run the Guest. */

		 * run the Guest. */

		maybe_do_interrupt(cpu);

		irq = interrupt_pending(cpu);

		if (irq < LGUEST_IRQS)

			try_deliver_interrupt(cpu, irq);





		/* All long-lived kernel loops need to check with this horrible

		/* All long-lived kernel loops need to check with this horrible

		 * thing called the freezer.  If the Host is trying to suspend,

		 * thing called the freezer.  If the Host is trying to suspend,
@@ -227,6 +231,12 @@ int run_guest(struct lg_cpu *cpu, unsigned long __user *user) 
		 * clock timer or LHREQ_BREAK from the Waker will wake us. */

		 * clock timer or LHREQ_BREAK from the Waker will wake us. */

		if (cpu->halted) {

		if (cpu->halted) {

			set_current_state(TASK_INTERRUPTIBLE);

			set_current_state(TASK_INTERRUPTIBLE);

			/* Just before we sleep, make sure nothing snuck in

			 * which we should be doing. */

			if (interrupt_pending(cpu) < LGUEST_IRQS

			    || cpu->break_out)

				set_current_state(TASK_RUNNING);

			else

				schedule();

				schedule();

			continue;

			continue;

		}

		}

drivers/lguest/interrupts_and_traps.c

+17 −9
Original line number Original line Diff line number Diff line
@@ -128,30 +128,38 @@ static void set_guest_interrupt(struct lg_cpu *cpu, u32 lo, u32 hi, 
/*H:205

/*H:205

 * Virtual Interrupts.

 * Virtual Interrupts.

 *

 *

 * maybe_do_interrupt() gets called before every entry to the Guest, to see if

 * interrupt_pending() returns the first pending interrupt which isn't blocked

 * we should divert the Guest to running an interrupt handler. */

 * by the Guest.  It is called before every entry to the Guest, and just before

void maybe_do_interrupt(struct lg_cpu *cpu)

 * we go to sleep when the Guest has halted itself. */

unsigned int interrupt_pending(struct lg_cpu *cpu)

{

{

	unsigned int irq;

	unsigned int irq;

	DECLARE_BITMAP(blk, LGUEST_IRQS);

	DECLARE_BITMAP(blk, LGUEST_IRQS);

	struct desc_struct *idt;





	/* If the Guest hasn't even initialized yet, we can do nothing. */

	/* If the Guest hasn't even initialized yet, we can do nothing. */

	if (!cpu->lg->lguest_data)

	if (!cpu->lg->lguest_data)

		return;

		return LGUEST_IRQS;





	/* Take our "irqs_pending" array and remove any interrupts the Guest

	/* Take our "irqs_pending" array and remove any interrupts the Guest

	 * wants blocked: the result ends up in "blk". */

	 * wants blocked: the result ends up in "blk". */

	if (copy_from_user(&blk, cpu->lg->lguest_data->blocked_interrupts,

	if (copy_from_user(&blk, cpu->lg->lguest_data->blocked_interrupts,

			   sizeof(blk)))

			   sizeof(blk)))

		return;

		return LGUEST_IRQS;

	bitmap_andnot(blk, cpu->irqs_pending, blk, LGUEST_IRQS);

	bitmap_andnot(blk, cpu->irqs_pending, blk, LGUEST_IRQS);





	/* Find the first interrupt. */

	/* Find the first interrupt. */

	irq = find_first_bit(blk, LGUEST_IRQS);

	irq = find_first_bit(blk, LGUEST_IRQS);

	/* None?  Nothing to do */



	if (irq >= LGUEST_IRQS)

	return irq;

		return;

}



/* This actually diverts the Guest to running an interrupt handler, once an

 * interrupt has been identified by interrupt_pending(). */

void try_deliver_interrupt(struct lg_cpu *cpu, unsigned int irq)

{

	struct desc_struct *idt;



	BUG_ON(irq >= LGUEST_IRQS);





	/* They may be in the middle of an iret, where they asked us never to

	/* They may be in the middle of an iret, where they asked us never to

	 * deliver interrupts. */

	 * deliver interrupts. */

drivers/lguest/lg.h

+2 −1
Original line number Original line Diff line number Diff line
@@ -139,7 +139,8 @@ int run_guest(struct lg_cpu *cpu, unsigned long __user *user); 
#define pgd_pfn(x)	(pgd_val(x) >> PAGE_SHIFT)

#define pgd_pfn(x)	(pgd_val(x) >> PAGE_SHIFT)





/* interrupts_and_traps.c: */

/* interrupts_and_traps.c: */

void maybe_do_interrupt(struct lg_cpu *cpu);

unsigned int interrupt_pending(struct lg_cpu *cpu);

void try_deliver_interrupt(struct lg_cpu *cpu, unsigned int irq);

bool deliver_trap(struct lg_cpu *cpu, unsigned int num);

bool deliver_trap(struct lg_cpu *cpu, unsigned int num);

void load_guest_idt_entry(struct lg_cpu *cpu, unsigned int i,

void load_guest_idt_entry(struct lg_cpu *cpu, unsigned int i,

			  u32 low, u32 hi);

			  u32 low, u32 hi);