Received: by 10.223.185.116 with SMTP id b49csp8779891wrg;
        Fri, 2 Mar 2018 07:51:19 -0800 (PST)
X-Google-Smtp-Source: AG47ELsXggpY7MYgsb7bpBaOV3Jxf4TOWBD0gaj/27gXrpxLJE732mTqGTrqRnn024fH+DUUh/zY
X-Received: by 10.99.105.70 with SMTP id e67mr4890414pgc.342.1520005879516;
        Fri, 02 Mar 2018 07:51:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520005879; cv=none;
        d=google.com; s=arc-20160816;
        b=DarasfrZ4RJSTpMiENMdNIid/vAjtbnTZDX3YilYcdrT7cNN397jAKgPXDgfDW/NJp
         zU6D4VDIHBtMAMu+bZwkTprGAVdTagL8kkMUnIF6vGwBm/deFNn0jRebWA+DJkX5unDG
         Eovr01i02TmSsZCL7WY0icskTdYq6yok7XomL1YXLRfzQNI/7IWmIOIGJXCbk4QH8K9F
         WSW8x6Vkw0i72lUAg5PP9Ozwzb9xMrefATJFdTiiLsU1zWOUBOPXQ/MuUYKPo2F38Sd9
         b7n1UTWMmn5dTd0e8R68GSfSSvCsjK/whoPMWt4TSKwmgxKHCYv+QA7XmUxzSFnbJ7xM
         jR3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=Yb86OE+vyVdicgyRvhSC7gtJOp+pZ6sfO1FPl8reLHQ=;
        b=IBevhQg2hdGsTFwSgVRxPjvl4FeXA/1Lw2k3sYSpblkgUCikLh2s5NQYA29jv3AmPH
         XEu5jj4gtG6jb7Q/n7yQkU6geWmzi/3bSgithyLxJQtWtgl4Yp/1VaWIBEGOeY+l4sAx
         ovEf6POD2nslilNbIGZ9Ry25OVUosogyIRcjTscwc9anN+9+JYrvBJ/de3KozFlpCmJo
         0MFP4Zu1Szz04OkCBnUUK2nGBsVUPgtOJy3vAvNo7xb+pp0FddKHFtMbTL54v+6jVVQR
         T8owIisC/+drBBa9lfojBV5Ov3uwK799hf+NRdaGHA6z2gUDLfH+kf5JOit0RuJppsfi
         P0kg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h185si971342pfe.168.2018.03.02.07.51.04;
        Fri, 02 Mar 2018 07:51:19 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1428599AbeCBOTr (ORCPT <rfc822;speed.demon0047@gmail.com>
        + 99 others); Fri, 2 Mar 2018 09:19:47 -0500
Received: from mx2.suse.de ([195.135.220.15]:57414 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1428567AbeCBOTo (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Mar 2018 09:19:44 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id D8950BD01;
        Fri,  2 Mar 2018 14:19:42 +0000 (UTC)
Subject: Re: [PATCH 1/2] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END
 handling
To:     Simon Gaiser <simon@invisiblethingslab.com>,
        xen-devel@lists.xenproject.org
Cc:     stable@vger.kernel.org,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        linux-kernel@vger.kernel.org
References: <20180207222236.7434-1-simon@invisiblethingslab.com>
 <ea0630bd-5139-5f79-847c-f88f733b5053@suse.com>
 <1fbf69f9-f835-897e-144f-8c6f8b94cd26@suse.com>
 <1d10edc6-8ad6-bc58-432c-d1867f0ab57a@invisiblethingslab.com>
From:   Juergen Gross <jgross@suse.com>
Message-ID: <2263ddf3-54f6-d81e-7674-d0ae0802aa65@suse.com>
Date:   Fri, 2 Mar 2018 15:19:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <1d10edc6-8ad6-bc58-432c-d1867f0ab57a@invisiblethingslab.com>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 20/02/18 05:56, Simon Gaiser wrote:
> Juergen Gross:
>> On 07/02/18 23:22, Simon Gaiser wrote:
>>> Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple
>>> concurrent xenstore accesses") made a subtle change to the semantic of
>>> xenbus_dev_request_and_reply() and xenbus_transaction_end().
>>>
>>> Before on an error response to XS_TRANSACTION_END
>>> xenbus_dev_request_and_reply() would not decrement the active
>>> transaction counter. But xenbus_transaction_end() has always counted the
>>> transaction as finished regardless of the response.
>>
>> Which is correct now. Xenstore will free all transaction related
>> data regardless of the response. A once failed transaction can't
>> be repaired, it has to be repeated completely.
> 
> So if xenstore frees the transaction why should we keep it in the list
> with pending transaction in xenbus_dev_frontend? That's exactly what
> this patch fixes by always removing it from the list, not only on a
> successful response (See below for the EINVAL case).

Aah, sorry, I seem to have misread my own coding. :-(

Yes, you are right. Sorry for not seeing it before.

> 
> [...]
>>> But xenbus_dev_frontend tries to end a transaction on closing of the
>>> device if the XS_TRANSACTION_END failed before. Trying to close the
>>> transaction twice corrupts the reference count. So fix this by also
>>> considering a transaction closed if we have sent XS_TRANSACTION_END once
>>> regardless of the return code.
>>
>> A transaction in the list of transactions should not considered to be
>> finished. Either it is not on the list or it is still pending.
> 
> With "considering a transaction closed" I mean "take the code path which
> removes the transaction from the list with pending transactions".
> 
> From the follow-up mail:
>>>> The new behavior is that xenbus_dev_request_and_reply() and
>>>> xenbus_transaction_end() will always count the transaction as finished
>>>> regardless the response code (handled in xs_request_exit()).
>>>
>>> ENOENT should not decrement the transaction counter, while all
>>> other responses to XS_TRANSACTION_END should still do so.
>>
>> Sorry, I stand corrected: the ENOENT case should never happen, as this
>> case is tested in xenbus_write_transaction(). It doesn't hurt to test
>> for ENOENT, though.
>>
>> What should be handled is EINVAL: this would happen if a user specified
>> a string different from "T" and "F".
> 
> Ok, I will handle those cases in xs_request_exit(). Although I don't
> like that this depends on the internals of xenstore (At least to me it's
> not obvious why it should only return ENOENT or EINVAL in this case).
> 
> In the xenbus_write_transaction() case checking the string before
> sending the transaction (like the transaction itself is verified) would
> avoid this problem.

Right. I'd prefer this solution.

Remains the only problem you tried to tackle with your second patch: a
kernel driver going crazy and ending transactions it never started (or
ending them multiple times). The EINVAL case can't happen here, but
ENOENT can. Either ENOENT has to be handled in xs_request_exit() or you
need to keep track of the transactions like in the user interface and
refuse ending an unknown transaction. Or you trust the kernel users.
Trying to fix the usage counter seems to be the wrong approach IMO.


Juergen