Received: by 10.223.185.116 with SMTP id b49csp694195wrg;
        Wed, 21 Feb 2018 05:31:38 -0800 (PST)
X-Google-Smtp-Source: AH8x224SDgXr0BsaUm+PKfn3PS5G5G4qHCvuO/3JWsr0E+m34gvBeOibhyd4DemapKZs99RX5Yaj
X-Received: by 2002:a17:902:7486:: with SMTP id h6-v6mr3165374pll.216.1519219898206;
        Wed, 21 Feb 2018 05:31:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519219898; cv=none;
        d=google.com; s=arc-20160816;
        b=1CyZ3nkGBNWFemxWbtEKvutxGmzV4e4X1CpZYU1KktNCAG36bCVv3z049HhAHTj8IN
         VrxHJ0AWFlV5/ahM5WKmFnCvIbguTIB3VUef1982hCDXJC9fBbsbgVKmQUwCrfmWS1T6
         kQt1dqujOB2cVqallpDFKm/kiBt/nshSPAGScGjeurbFCJh1SVWSrICxmVJGLHemhnbk
         N2Ve+oUmMN9iTJkCI2QFvGeQqD2AwWAW5akOb3sS54UCqQC7+CPxweDdS4XNgdEJk1u0
         kFAyqmy3mIOqBd9jTgxWdL3arVRzFrKXXw9fC92o6VgT/x7kX9SJ27Fc3d+5LpA5uGxT
         3bOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=b9aG563JFQcT+7awFLQQ+pmOol7GPukjk4RzbIEtXzs=;
        b=jU6MD3XE6AjTy31VAnjdyvA2cPVYRTcMjUDAxtbHmmBoRQnxS4GhZ4hen33L9JilEE
         UdFMptILEBmL0PvZ0e8VuNNWpBMvcIe02fVhQJ0I1Jh6OauNj0i8HRHXvPRnvXklAiD8
         UrHa2+VLLhbW+vBpAso77z/PbVIFN4eN2oLWY5TXdZ8hvzHZc6RZa5rIfNwXROxMSYVY
         EnBxFYomQjiJVQLNWQgA2pKuOVmuu+SR+LBwvgi3qBDSVBsN2jdS5M72DX5S85beSR13
         KqM3bJg2OR7slSCs55+lISpzS2tDoKkFXx4IK93BwS5GrQ/EZMzTrlHAjDsghBTHqfaT
         sfIg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m3si1124478pgs.54.2018.02.21.05.31.22;
        Wed, 21 Feb 2018 05:31:38 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935707AbeBUNDO (ORCPT <rfc822;xiaochao379261131@gmail.com>
        + 99 others); Wed, 21 Feb 2018 08:03:14 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:39420 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S935682AbeBUNDL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Feb 2018 08:03:11 -0500
Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 4F8C41099;
        Wed, 21 Feb 2018 13:03:10 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Bhavesh Davda <bhavesh.davda@oracle.com>,
        Joao Martins <joao.m.martins@oracle.com>,
        Juergen Gross <jgross@suse.com>
Subject: [PATCH 4.14 120/167] xenbus: track caller request id
Date:   Wed, 21 Feb 2018 13:48:51 +0100
Message-Id: <20180221124531.071007801@linuxfoundation.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180221124524.639039577@linuxfoundation.org>
References: <20180221124524.639039577@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Joao Martins <joao.m.martins@oracle.com>

commit 29fee6eed2811ff1089b30fc579a2d19d78016ab upstream.

Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent
xenstore accesses") optimized xenbus concurrent accesses but in doing so
broke UABI of /dev/xen/xenbus. Through /dev/xen/xenbus applications are in
charge of xenbus message exchange with the correct header and body. Now,
after the mentioned commit the replies received by application will no
longer have the header req_id echoed back as it was on request (see
specification below for reference), because that particular field is being
overwritten by kernel.

struct xsd_sockmsg
{
  uint32_t type;  /* XS_??? */
  uint32_t req_id;/* Request identifier, echoed in daemon's response.  */
  uint32_t tx_id; /* Transaction id (0 if not related to a transaction). */
  uint32_t len;   /* Length of data following this. */

  /* Generally followed by nul-terminated string(s). */
};

Before there was only one request at a time so req_id could simply be
forwarded back and forth. To allow simultaneous requests we need a
different req_id for each message thus kernel keeps a monotonic increasing
counter for this field and is written on every request irrespective of
userspace value.

Forwarding again the req_id on userspace requests is not a solution because
we would open the possibility of userspace-generated req_id colliding with
kernel ones. So this patch instead takes another route which is to
artificially keep user req_id while keeping the xenbus logic as is. We do
that by saving the original req_id before xs_send(), use the private kernel
counter as req_id and then once reply comes and was validated, we restore
back the original req_id.

Cc: <stable@vger.kernel.org> # 4.11
Fixes: fd8aa9095a ("xen: optimize xenbus driver for multiple concurrent xenstore accesses")
Reported-by: Bhavesh Davda <bhavesh.davda@oracle.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/xen/xenbus/xenbus.h       |    1 +
 drivers/xen/xenbus/xenbus_comms.c |    1 +
 drivers/xen/xenbus/xenbus_xs.c    |    3 +++
 3 files changed, 5 insertions(+)

--- a/drivers/xen/xenbus/xenbus.h
+++ b/drivers/xen/xenbus/xenbus.h
@@ -76,6 +76,7 @@ struct xb_req_data {
 	struct list_head list;
 	wait_queue_head_t wq;
 	struct xsd_sockmsg msg;
+	uint32_t caller_req_id;
 	enum xsd_sockmsg_type type;
 	char *body;
 	const struct kvec *vec;
--- a/drivers/xen/xenbus/xenbus_comms.c
+++ b/drivers/xen/xenbus/xenbus_comms.c
@@ -309,6 +309,7 @@ static int process_msg(void)
 			goto out;
 
 		if (req->state == xb_req_state_wait_reply) {
+			req->msg.req_id = req->caller_req_id;
 			req->msg.type = state.msg.type;
 			req->msg.len = state.msg.len;
 			req->body = state.body;
--- a/drivers/xen/xenbus/xenbus_xs.c
+++ b/drivers/xen/xenbus/xenbus_xs.c
@@ -227,6 +227,8 @@ static void xs_send(struct xb_req_data *
 	req->state = xb_req_state_queued;
 	init_waitqueue_head(&req->wq);
 
+	/* Save the caller req_id and restore it later in the reply */
+	req->caller_req_id = req->msg.req_id;
 	req->msg.req_id = xs_request_enter(req);
 
 	mutex_lock(&xb_write_mutex);
@@ -310,6 +312,7 @@ static void *xs_talkv(struct xenbus_tran
 	req->num_vecs = num_vecs;
 	req->cb = xs_wake_up;
 
+	msg.req_id = 0;
 	msg.tx_id = t.id;
 	msg.type = type;
 	msg.len = 0;