Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3521450ybl;
        Sun, 15 Dec 2019 11:43:13 -0800 (PST)
X-Google-Smtp-Source: APXvYqzuTOePPFEIHkp8QJ2FoPkc6Zg6l4wqtF5fSYMVe/1FTSQznSOxOIgpD/GIAZN3AAS60EVc
X-Received: by 2002:a9d:6181:: with SMTP id g1mr28542865otk.104.1576438993524;
        Sun, 15 Dec 2019 11:43:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1576438993; cv=none;
        d=google.com; s=arc-20160816;
        b=xvycNXu6S/5PPU+X+O1Ru8VdEIpjohkWljWj6hCQwAPyilpoXfI+J7oC/kzaFnCzv+
         tKfaeP5SfhJteUOTXeEqKHuqjjH5rPHXq4HgQgpkxvVKoexR8r05YWIeVD6xfFPugrHw
         xQdL7fJse1NfPxyHfvywECTIjeBze/EWJVaTyZZrojEgwdfY12rBeugcG1esnmJBLqxB
         xeWaLKzYQOpcvNK2szEudCMHUe8agg8pqeXg0ZGXQjEl2H/UwxRzrOGXJSJMFikbSk/L
         yNHh0adIw8RL1SaG0ygG7UiaqVFEsYoGLGNygb6Y9GqjWxHfTFQLRQFLSWWXWVF9YjC9
         fG7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date:dkim-signature;
        bh=Lji5rc5oRoeIVgFMKgJ1S6HCLAhlBppwFI0mo3XGwLs=;
        b=arUwanBpkq9KhJh7iGpDoStVHYhk4azvMoc55lRvJkYVfCoEKvNCQE2jza7JtVJVZF
         D44UK28OWtHADmY8ALmArSt1FX3pFxvUUSMcTkjHN5I21ZX86EBTse7uP5luebrzyKlf
         q/3tAJNYQc61TFT5GAxzKrcv+cTXtQ+9UYx/98ocPrQqdX8MmK79pp/REEtEmVZfOusa
         TiI4AFPygZ1gpX2CMTOJ2aEWackFMNWLUpnwhSkYJ66urH4zOFD2q9U32be+NUKg30pE
         UmwTr7EbvVQkCbodT3swlLYD3GEkcTnwEwEVVg83wyMp3l3T/a5at8wbOUXrN8cVaijG
         mvrw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=ABd2KxBC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g25si6654165otl.153.2019.12.15.11.42.59;
        Sun, 15 Dec 2019 11:43:13 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=ABd2KxBC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726445AbfLOTlo (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Sun, 15 Dec 2019 14:41:44 -0500
Received: from mail-pg1-f195.google.com ([209.85.215.195]:43047 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726260AbfLOTln (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 15 Dec 2019 14:41:43 -0500
Received: by mail-pg1-f195.google.com with SMTP id k197so2399888pga.10
        for <linux-kernel@vger.kernel.org>; Sun, 15 Dec 2019 11:41:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=netronome-com.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:in-reply-to:references
         :organization:mime-version:content-transfer-encoding;
        bh=Lji5rc5oRoeIVgFMKgJ1S6HCLAhlBppwFI0mo3XGwLs=;
        b=ABd2KxBCvCtitidd4X4lyO6QmLU1Kn3vuhoxh34gkyCub4ef0LpMK0y9bF6EjUThTr
         lSFSktVMOlEGp+3Xv+04QrPZrToUoHTATF3iPyji9FtfF/oIHSa5sBmNv2eVYyw80p3o
         usnhp7w9qrDytJVz/d+DGB74auilmBYm9Q3HFxDWyu/WDHvMeJm4tzRFGtS5RcJuijQp
         ELg8hRXW0Xu/5dPhVik09K81H+uoPi7120FYTPFckBcv7fdV79BDiLRxlfjd7jUDriyu
         vdgX71UqETiKAAqUfF+jhjYxe65wsWMfDOXE37lum2s2xVktdVZjdWjx7sII6CEw4fE1
         CDgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
         :references:organization:mime-version:content-transfer-encoding;
        bh=Lji5rc5oRoeIVgFMKgJ1S6HCLAhlBppwFI0mo3XGwLs=;
        b=Et2+iowfNCKIgp3yGpUgZcmc3Xp3HaBgqVydfJK0ngCFZD2RysrTbJvXVGbDV7I2zj
         AOZxQkfmQvzOzMLEhK1eNwrGARR2uPXUDTRS0MhILhD2Tib9Ou5qw9ZuuXjKiU/AyyEd
         tzl+gttjr7e7MGwTts10KctAZe+PnWDauBhqZXavxxNGE8PmVibP88BsPSjj9OoRhy2b
         Mi1ns6OCWBBsGmg23Nw5of7QbdJKPfTJFN3CISTREHAr+MIIhTk72/SAQNEXH2Zco3E7
         u5/4sgjXrPiVM7sdrimXXqlKz4HzX2RCXuhIRgN4ONjlT9GmR+OGfkQrKDNBKEdzc7rQ
         MQhA==
X-Gm-Message-State: APjAAAWYvev7lmcBjDiO4QVkKVozoKEZG4WWEPYOEJaOxnQfpfKSWw4j
        tFw4y5ZZI/5ETLoKtXmpswbHsQ==
X-Received: by 2002:a63:cb09:: with SMTP id p9mr10771521pgg.105.1576438903199;
        Sun, 15 Dec 2019 11:41:43 -0800 (PST)
Received: from cakuba.netronome.com (c-73-202-202-92.hsd1.ca.comcast.net. [73.202.202.92])
        by smtp.gmail.com with ESMTPSA id j22sm16335515pji.16.2019.12.15.11.41.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 15 Dec 2019 11:41:43 -0800 (PST)
Date:   Sun, 15 Dec 2019 11:41:39 -0800
From:   Jakub Kicinski <jakub.kicinski@netronome.com>
To:     Paul Durrant <pdurrant@amazon.com>
Cc:     <xen-devel@lists.xenproject.org>, <netdev@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, Juergen Gross <jgross@suse.com>,
        Wei Liu <wei.liu@kernel.org>,
        "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH net v2] xen-netback: avoid race that can lead to NULL
 pointer dereference
Message-ID: <20191215114139.34f0d24e@cakuba.netronome.com>
In-Reply-To: <20191213132040.21446-1-pdurrant@amazon.com>
References: <20191213132040.21446-1-pdurrant@amazon.com>
Organization: Netronome Systems, Ltd.
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 13 Dec 2019 13:20:40 +0000, Paul Durrant wrote:
> In function xenvif_disconnect_queue(), the value of queue->rx_irq is
> zeroed *before* queue->task is stopped. Unfortunately that task may call
> notify_remote_via_irq(queue->rx_irq) and calling that function with a
> zero value results in a NULL pointer dereference in evtchn_from_irq().
> 
> This patch simply re-orders things, stopping all tasks before zero-ing the
> irq values, thereby avoiding the possibility of the race.
> 
> Fixes: 2ac061ce97f4 ("xen/netback: cleanup init and deinit code")
> Signed-off-by: Paul Durrant <pdurrant@amazon.com>

> v2:
>  - Add 'Fixes' tag and re-work commit comment

I've added Wei's Ack from v1, if the code doesn't change substantially
please keep people's Acks.

Applied, thanks.