Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1137690ybl; Thu, 12 Dec 2019 10:11:32 -0800 (PST) X-Google-Smtp-Source: APXvYqyN2pbWfhrfpMEArTRsQdJv7Tq36GP4F5scKgx+74Z5e1ZaD7+dAosE6mJ549Rsqihw/ZOS X-Received: by 2002:a9d:6f0d:: with SMTP id n13mr9316105otq.165.1576174292206; Thu, 12 Dec 2019 10:11:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576174292; cv=none; d=google.com; s=arc-20160816; b=Gi2fl216g1GB/4qiHWL/mFUe7U4SSZ5u1k11MWKp7c625H8dRNtfjqvye11yjOTmEN X7VBnktedUJiv/w5Ugw18P1rpHyAcFb0u6TdMqouAkD86P4Te2ttejdObZefa8Gd9Bpo 2uHeKeZTCE7IoIfJah2/9SF15sMwRku8gVtZoQbyZYBywJas5T0pwQSqTLE0wF0z6Z08 HR0JEJp8DhijDFpZZxbqNat66xKgEuSW3sOJvihKUZOfK1Z3aEnLvCMXaeXqmSKaUO0+ I4Of+wnVnnnbYQwsw6gqH4WVyrYCmpfexYHUkb1KTx7FLGbci88mdiledw5xVe94zuaL F4pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=2FkS+4Qqd9YB/yfl4AmGYyT+drz3UF0FpODz0HkSGMA=; b=i3i3wtwtwDe9/0rN1277fzkXKTSzdE91qu/HFzOV3zJIIWIjkux2GeztUn2HJm3uc3 001egoWrjVylzB+s7weDEPphDjQElncWDzHhbRqfcF9B5zwVgL7GWBNOfTVtAJ+3cdAZ g1FuLxgKuHf9Xgv/ntdf1DYr6eizNExylXP5YAw4Xz5fvMBxZbfr6tCfCBwWIG1lro09 DPX7PvNgYLBTqjdx60LPRw5N6yWw7PIFWygcriJw2KWCZxl2Qzv5tE7ZB8UyDsTDYGMj 7irzkC8gdrr0DB+/eJHaDivtaQVEYawJHdcYeBbDwG0yRMJyHl6LqXF2Py9XwkKJusoE 1tbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 73si3580739otj.82.2019.12.12.10.11.18; Thu, 12 Dec 2019 10:11:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730281AbfLLSKq (ORCPT + 99 others); Thu, 12 Dec 2019 13:10:46 -0500 Received: from mail-wr1-f67.google.com ([209.85.221.67]:40919 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730080AbfLLSKq (ORCPT ); Thu, 12 Dec 2019 13:10:46 -0500 Received: by mail-wr1-f67.google.com with SMTP id c14so3762073wrn.7; Thu, 12 Dec 2019 10:10:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=2FkS+4Qqd9YB/yfl4AmGYyT+drz3UF0FpODz0HkSGMA=; b=kMu3mkIB9WF7D/Qb9hukRycItKGl+K1c+5JayfLVoAE2XYyVLHmoWw6XNsuNXC1pGx 1JbhcA5KJH+PjnjTVkgDbHVhPjgeDC0MF3XO86LNY0OjMANlQMgmPGcN+PnXo3B5T3GI 5eG6LHPQNAPiHVDagE1mPFDBPyfcOMcnCwiW/elYnCAhOtNjp9Q6ZyDo4V+4hlaeERnr 57DGST1uhhJ48lLqwzmf+aA3/048QvNRVc+KRQ/qTqEXua1Y5yaXhflYy2m5Im3BDiXg nGwldeFnOf0mkf4I+VCs3uEHjvNI9JIhDJFziVsS9C1a9i1ifoWZRWjeYVoNcpWkqSLJ 0m2g== X-Gm-Message-State: APjAAAWWoB9qbLaxvdNWU00wtKqYN4s5iXAACPhl8kwO9fULLyaxkDh0 jOEEy/qslg5q3/rf58GsW5E= X-Received: by 2002:a5d:4d0e:: with SMTP id z14mr7540381wrt.208.1576174243640; Thu, 12 Dec 2019 10:10:43 -0800 (PST) Received: from debian (122.163.200.146.dyn.plus.net. [146.200.163.122]) by smtp.gmail.com with ESMTPSA id n189sm6278387wme.33.2019.12.12.10.10.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Dec 2019 10:10:43 -0800 (PST) Date: Thu, 12 Dec 2019 18:10:41 +0000 From: Wei Liu To: Paul Durrant Cc: netdev@vger.kernel.org, xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, Juergen Gross , Jakub Kicinski , Wei Liu , "David S. Miller" Subject: Re: [PATCH net] xen-netback: avoid race that can lead to NULL pointer dereference Message-ID: <20191212181041.mjuoy4el6h2jedhv@debian> References: <20191212123723.21548-1-pdurrant@amazon.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191212123723.21548-1-pdurrant@amazon.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 12, 2019 at 12:37:23PM +0000, Paul Durrant wrote: > Commit 2ac061ce97f4 ("xen/netback: cleanup init and deinit code") > introduced a problem. In function xenvif_disconnect_queue(), the value of > queue->rx_irq is zeroed *before* queue->task is stopped. Unfortunately that > task may call notify_remote_via_irq(queue->rx_irq) and calling that > function with a zero value results in a NULL pointer dereference in > evtchn_from_irq(). > > This patch simply re-orders things, stopping all tasks before zero-ing the > irq values, thereby avoiding the possibility of the race. > > Signed-off-by: Paul Durrant Acked-by: Wei Liu