Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp526033imm; Wed, 20 Jun 2018 02:15:48 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI24UH90JYBAOP2/KSqEf3Xvmx8qsfFBirZ0gZ6cHxi2gIVtdyT/Zz3dTgJg4j11T0GBAMj X-Received: by 2002:a63:618e:: with SMTP id v136-v6mr17934622pgb.100.1529486147943; Wed, 20 Jun 2018 02:15:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529486147; cv=none; d=google.com; s=arc-20160816; b=ociE5VD+BthpnnHUqXwgB+6nuUgcLKb8ztNUU5oVNjKIBY1KMM8FcS4WPMKawlYtPu Ia1mN43zqB7fTuDp9Q4eQJRm+/ti3iz/KUyMZ/aV4Wol7r3Ccpk65TirImfhzOZj7gNA jRMMz+sCJpA/+t6jjcSeZ1BcBpehTo/p7p41T8hEJdlQbfSdpDSqmzqStd8gbLFkIEMD eEK9iOFYALXTvyw6nVoupFwnjGcuiY+SBieKEOQ/liTguOP9zmrqa1LNQXofkpkiPJKc PJ0jF+UO7LoT2mBi76TdGdhX5zbyrJ9cqBg1UqTHWoqQDzPEl7Uxhg3gydKfUZ8l6lrG A5Rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=Fzjb7GWYnwyGk9VEOnWPRSOsPqUUevYZnGuvbxpSx2c=; b=ty8tQPCrf8kApF5GYLDhZqRUDtH6zYG0t4OrKqzwqz4tJCWsJOQBt05NBVF37AP5ph ENySrjb4ZSpeTs+rnyoaOSXuCdowQsU8q6X3j1xGNzExLUQrtpgRrxFROkb/dG2n2xBM q8Z71lDOYEJ4h+b0/PlhfIqecj9s9bXcMQt0LJ7xDek/knhfYExSIkUznVeeI5dnIlVY eqBsdZHTnnHZw7FxjKBqyfQX/TQHtgMa+Bhfdz9dER5L+lWeTAUDBVaxdpyawdXcOAGx RoHZkuawmBy4CKcWl0N6487fNyoviM2Y/lBeFwAapX2IXV0o2XsA4LTE1MfIYvBtgS/E f7JQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3-v6si2009709plt.71.2018.06.20.02.15.34; Wed, 20 Jun 2018 02:15:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754790AbeFTJOF (ORCPT + 99 others); Wed, 20 Jun 2018 05:14:05 -0400 Received: from mx2.suse.de ([195.135.220.15]:32906 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754175AbeFTJNn (ORCPT ); Wed, 20 Jun 2018 05:13:43 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext-too.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 3CA46AB35; Wed, 20 Jun 2018 06:57:14 +0000 (UTC) Subject: Re: [BUG] xen: Two possible sleep-in-atomic-context bugs in bind_evtchn_to_irqhandler() To: Jia-Ju Bai , Stefano Stabellini Cc: Boris Ostrovsky , Linux Kernel Mailing List References: <80315b22-63c1-c8cc-1035-11fa36bee83a@gmail.com> From: Juergen Gross Openpgp: preference=signencrypt Autocrypt: addr=jgross@suse.com; prefer-encrypt=mutual; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNHkp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmRlPsLAeQQTAQIAIwUCU4xw6wIbAwcL CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJELDendYovxMvi4UH/Ri+OXlObzqMANruTd4N zmVBAZgx1VW6jLc8JZjQuJPSsd/a+bNr3BZeLV6lu4Pf1Yl2Log129EX1KWYiFFvPbIiq5M5 kOXTO8Eas4CaScCvAZ9jCMQCgK3pFqYgirwTgfwnPtxFxO/F3ZcS8jovza5khkSKL9JGq8Nk czDTruQ/oy0WUHdUr9uwEfiD9yPFOGqp4S6cISuzBMvaAiC5YGdUGXuPZKXLpnGSjkZswUzY d9BVSitRL5ldsQCg6GhDoEAeIhUC4SQnT9SOWkoDOSFRXZ+7+WIBGLiWMd+yKDdRG5RyP/8f 3tgGiB6cyuYfPDRGsELGjUaTUq3H2xZgIPfOwE0EU4xwFgEIAMsx+gDjgzAY4H1hPVXgoLK8 B93sTQFN9oC6tsb46VpxyLPfJ3T1A6Z6MVkLoCejKTJ3K9MUsBZhxIJ0hIyvzwI6aYJsnOew cCiCN7FeKJ/oA1RSUemPGUcIJwQuZlTOiY0OcQ5PFkV5YxMUX1F/aTYXROXgTmSaw0aC1Jpo w7Ss1mg4SIP/tR88/d1+HwkJDVW1RSxC1PWzGizwRv8eauImGdpNnseneO2BNWRXTJumAWDD pYxpGSsGHXuZXTPZqOOZpsHtInFyi5KRHSFyk2Xigzvh3b9WqhbgHHHE4PUVw0I5sIQt8hJq 5nH5dPqz4ITtCL9zjiJsExHuHKN3NZsAEQEAAcLAXwQYAQIACQUCU4xwFgIbDAAKCRCw3p3W KL8TL0P4B/9YWver5uD/y/m0KScK2f3Z3mXJhME23vGBbMNlfwbr+meDMrJZ950CuWWnQ+d+ Ahe0w1X7e3wuLVODzjcReQ/v7b4JD3wwHxe+88tgB9byc0NXzlPJWBaWV01yB2/uefVKryAf AHYEd0gCRhx7eESgNBe3+YqWAQawunMlycsqKa09dBDL1PFRosF708ic9346GLHRc6Vj5SRA UTHnQqLetIOXZm3a2eQ1gpQK9MmruO86Vo93p39bS1mqnLLspVrL4rhoyhsOyh0Hd28QCzpJ wKeHTd0MAWAirmewHXWPco8p1Wg+V+5xfZzuQY0f4tQxvOpXpt4gQ1817GQ5/Ed/wsDtBBgB CAAgFiEEhRJncuj2BJSl0Jf3sN6d1ii/Ey8FAlrd8NACGwIAgQkQsN6d1ii/Ey92IAQZFggA HRYhBFMtsHpB9jjzHji4HoBcYbtP2GO+BQJa3fDQAAoJEIBcYbtP2GO+TYsA/30H/0V6cr/W V+J/FCayg6uNtm3MJLo4rE+o4sdpjjsGAQCooqffpgA+luTT13YZNV62hAnCLKXH9n3+ZAgJ RtAyDWk1B/0SMDVs1wxufMkKC3Q/1D3BYIvBlrTVKdBYXPxngcRoqV2J77lscEvkLNUGsu/z W2pf7+P3mWWlrPMJdlbax00vevyBeqtqNKjHstHatgMZ2W0CFC4hJ3YEetuRBURYPiGzuJXU pAd7a7BdsqWC4o+GTm5tnGrCyD+4gfDSpkOT53S/GNO07YkPkm/8J4OBoFfgSaCnQ1izwgJQ jIpcG2fPCI2/hxf2oqXPYbKr1v4Z1wthmoyUgGN0LPTIm+B5vdY82wI5qe9uN6UOGyTH2B3p hRQUWqCwu2sqkI3LLbTdrnyDZaixT2T0f4tyF5Lfs+Ha8xVMhIyzNb1byDI5FKCb Message-ID: Date: Wed, 20 Jun 2018 08:57:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <80315b22-63c1-c8cc-1035-11fa36bee83a@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 20/06/18 04:49, Jia-Ju Bai wrote: > The driver may sleep with holding a spinlock. > The function call paths (from bottom to top) in Linux-4.16.7 are: > > [FUNC] mutex_lock_nested --> can sleep > drivers/xen/events/events_base.c, 839: mutex_lock_nested in > bind_evtchn_to_irq > drivers/xen/events/events_base.c, 1030: bind_evtchn_to_irq in > bind_evtchn_to_irqhandler > drivers/xen/pvcalls-front.c, 371: bind_evtchn_to_irqhandler in > create_active > drivers/xen/pvcalls-front.c, 417: create_active in pvcalls_front_connect > drivers/xen/pvcalls-front.c, 410: spin_lock in pvcalls_front_connect > > [FUNC] request_irq --> can sleep > drivers/xen/events/events_base.c, 1003: request_irq in > bind_evtchn_to_irqhandler > drivers/xen/pvcalls-front.c, 371: bind_evtchn_to_irqhandler in > create_active > drivers/xen/pvcalls-front.c, 417: create_active in pvcalls_front_connect > drivers/xen/pvcalls-front.c, 410: spin_lock in pvcalls_front_connect > > These bugs are found by my static analysis tool (DSAC-2) and checked by my > code review. > > I do not know how to correctly fix these bugs, so I just report them. > Maybe create_active() should not be called with holding a spinlock. Right, I think calling create_active() should be done before taking the lock. Stefano, what do you think? Juergen