1. 31 3月, 2012 2 次提交
  2. 12 1月, 2012 3 次提交
  3. 24 11月, 2011 1 次提交
    • M
      virtio-pci: make reset operation safer · e6af578c
      Michael S. Tsirkin 提交于
      virtio pci device reset actually just does an I/O
      write, which in PCI is really posted, that is it
      can complete on CPU before the device has received it.
      
      Further, interrupts might have been pending on
      another CPU, so device callback might get invoked after reset.
      
      This conflicts with how drivers use reset, which is typically:
      	reset
      	unregister
      a callback running after reset completed can race with
      unregister, potentially leading to use after free bugs.
      
      Fix by flushing out the write, and flushing pending interrupts.
      
      This assumes that device is never reset from
      its vq/config callbacks, or in parallel with being
      added/removed, document this assumption.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      e6af578c
  4. 17 11月, 2011 1 次提交
  5. 14 11月, 2011 1 次提交
  6. 02 11月, 2011 1 次提交
  7. 21 4月, 2011 1 次提交
    • A
      virtio_pci: Prevent double-free of pci regions after device hot-unplug · 31a3ddda
      Amit Shah 提交于
      In the case where a virtio-console port is in use (opened by a program)
      and a virtio-console device is removed, the port is kept around but all
      the virtio-related state is assumed to be gone.
      
      When the port is finally released (close() called), we call
      device_destroy() on the port's device.  This results in the parent
      device's structures to be freed as well.  This includes the PCI regions
      for the virtio-console PCI device.
      
      Once this is done, however, virtio_pci_release_dev() kicks in, as the
      last ref to the virtio device is now gone, and attempts to do
      
           pci_iounmap(pci_dev, vp_dev->ioaddr);
           pci_release_regions(pci_dev);
           pci_disable_device(pci_dev);
      
      which results in a double-free warning.
      
      Move the code that releases regions, etc., to the virtio_pci_remove()
      function, and all that's now left in release_dev is the final freeing of
      the vp_dev.
      Signed-off-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      31a3ddda
  8. 20 1月, 2011 1 次提交
  9. 23 6月, 2010 1 次提交
  10. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  11. 16 3月, 2010 1 次提交
  12. 02 3月, 2010 1 次提交
  13. 01 3月, 2010 1 次提交
    • M
      virtio: fix out of range array access · 31198159
      Michael S. Tsirkin 提交于
      I have observed the following error on virtio-net module unload:
      
      ------------[ cut here ]------------
      WARNING: at kernel/irq/manage.c:858 __free_irq+0xa0/0x14c()
      Hardware name: Bochs
      Trying to free already-free IRQ 0
      Modules linked in: virtio_net(-) virtio_blk virtio_pci virtio_ring
      virtio af_packet e1000 shpchp aacraid uhci_hcd ohci_hcd ehci_hcd [last
      unloaded: scsi_wait_scan]
      Pid: 1957, comm: rmmod Not tainted 2.6.33-rc8-vhost #24
      Call Trace:
       [<ffffffff8103e195>] warn_slowpath_common+0x7c/0x94
       [<ffffffff8103e204>] warn_slowpath_fmt+0x41/0x43
       [<ffffffff810a7a36>] ? __free_pages+0x5a/0x70
       [<ffffffff8107cc00>] __free_irq+0xa0/0x14c
       [<ffffffff8107cceb>] free_irq+0x3f/0x65
       [<ffffffffa0081424>] vp_del_vqs+0x81/0xb1 [virtio_pci]
       [<ffffffffa0091d29>] virtnet_remove+0xda/0x10b [virtio_net]
       [<ffffffffa0075200>] virtio_dev_remove+0x22/0x4a [virtio]
       [<ffffffff812709ee>] __device_release_driver+0x66/0xac
       [<ffffffff81270ab7>] driver_detach+0x83/0xa9
       [<ffffffff8126fc66>] bus_remove_driver+0x91/0xb4
       [<ffffffff81270fcf>] driver_unregister+0x6c/0x74
       [<ffffffffa0075418>] unregister_virtio_driver+0xe/0x10 [virtio]
       [<ffffffffa0091c4d>] fini+0x15/0x17 [virtio_net]
       [<ffffffff8106997b>] sys_delete_module+0x1c3/0x230
       [<ffffffff81007465>] ? old_ich_force_enable_hpet+0x117/0x164
       [<ffffffff813bb720>] ? do_page_fault+0x29c/0x2cc
       [<ffffffff81028e58>] sysenter_dispatch+0x7/0x27
      ---[ end trace 15e88e4c576cc62b ]---
      
      The bug is in virtio-pci: we use msix_vector as array index to get irq
      entry, but some vqs do not have a dedicated vector so this causes an out
      of bounds access.  By chance, we seem to often get 0 value, which
      results in this error.
      
      Fix by verifying that vector is legal before using it as index.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Acked-by: NAnthony Liguori <aliguori@us.ibm.com>
      Acked-by: NShirley Ma <xma@us.ibm.com>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      31198159
  14. 24 2月, 2010 1 次提交
  15. 29 10月, 2009 1 次提交
    • M
      virtio-pci: fix per-vq MSI-X request logic · 0b22bd0b
      Michael S. Tsirkin 提交于
      Commit f68d2408
      in 2.6.32-rc1 broke requesting IRQs for per-VQ MSI-X vectors:
      - vector number was used instead of the vector itself
      - we try to request an IRQ for VQ which does not
        have a callback handler
      
      This is a regression that causes warnings in kernel log,
      potentially lower performance as we need to scan vq list,
      and might cause system failure if the interrupt
      requested is in fact needed by another system.
      
      This was not noticed earlier because in most cases
      we were falling back on shared interrupt for all vqs.
      
      The warnings often look like this:
      
      virtio-pci 0000:00:03.0: irq 26 for MSI/MSI-X
      virtio-pci 0000:00:03.0: irq 27 for MSI/MSI-X
      virtio-pci 0000:00:03.0: irq 28 for MSI/MSI-X
      IRQ handler type mismatch for IRQ 1
      current handler: i8042
      Pid: 2400, comm: modprobe Tainted: G        W
      2.6.32-rc3-11952-gf3ed8d8-dirty #1
      Call Trace:
       [<ffffffff81072aed>] ? __setup_irq+0x299/0x304
       [<ffffffff81072ff3>] ? request_threaded_irq+0x144/0x1c1
       [<ffffffff813455af>] ? vring_interrupt+0x0/0x30
       [<ffffffff81346598>] ? vp_try_to_find_vqs+0x583/0x5c7
       [<ffffffffa0015188>] ? skb_recv_done+0x0/0x34 [virtio_net]
       [<ffffffff81346609>] ? vp_find_vqs+0x2d/0x83
       [<ffffffff81345d00>] ? vp_get+0x3c/0x4e
       [<ffffffffa0016373>] ? virtnet_probe+0x2f1/0x428 [virtio_net]
       [<ffffffffa0015188>] ? skb_recv_done+0x0/0x34 [virtio_net]
       [<ffffffffa00150d8>] ? skb_xmit_done+0x0/0x39 [virtio_net]
       [<ffffffff8110ab92>] ? sysfs_do_create_link+0xcb/0x116
       [<ffffffff81345cc2>] ? vp_get_status+0x14/0x16
       [<ffffffff81345464>] ? virtio_dev_probe+0xa9/0xc8
       [<ffffffff8122b11c>] ? driver_probe_device+0x8d/0x128
       [<ffffffff8122b206>] ? __driver_attach+0x4f/0x6f
       [<ffffffff8122b1b7>] ? __driver_attach+0x0/0x6f
       [<ffffffff8122a9f9>] ? bus_for_each_dev+0x43/0x74
       [<ffffffff8122a374>] ? bus_add_driver+0xea/0x22d
       [<ffffffff8122b4a3>] ? driver_register+0xa7/0x111
       [<ffffffffa001a000>] ? init+0x0/0xc [virtio_net]
       [<ffffffff81009051>] ? do_one_initcall+0x50/0x148
       [<ffffffff8106e117>] ? sys_init_module+0xc5/0x21a
       [<ffffffff8100af02>] ? system_call_fastpath+0x16/0x1b
      virtio-pci 0000:00:03.0: irq 26 for MSI/MSI-X
      virtio-pci 0000:00:03.0: irq 27 for MSI/MSI-X
      Reported-by: NMarcelo Tosatti <mtosatti@redhat.com>
      Reported-by: NShirley Ma <xma@us.ibm.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      0b22bd0b
  16. 23 9月, 2009 1 次提交
    • R
      virtio_pci: minor MSI-X cleanups · f68d2408
      Rusty Russell 提交于
      1) Rename vp_request_vectors to vp_request_msix_vectors, and take
         non-MSI-X case out to caller.
      2) Comment weird pci_enable_msix API
      3) Rename vp_find_vq to setup_vq.
      4) Fix spaces to tabs
      5) Make nvectors calc internal to vp_try_to_find_vqs()
      6) Rename vector to msix_vector for more clarity.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      f68d2408
  17. 30 7月, 2009 3 次提交
  18. 17 7月, 2009 1 次提交
  19. 12 6月, 2009 4 次提交
  20. 03 2月, 2009 1 次提交
  21. 07 1月, 2009 1 次提交
  22. 30 12月, 2008 6 次提交
  23. 25 7月, 2008 2 次提交
  24. 30 5月, 2008 2 次提交
    • R
      virtio: set device index in common code. · b769f579
      Rusty Russell 提交于
      Anthony Liguori points out that three different transports use the virtio code,
      but each one keeps its own counter to set the virtio_device's index field.  In
      theory (though not in current practice) this means that names could be
      duplicated, and that risk grows as more transports are created.
      
      So we move the selection of the unique virtio_device.index into the common code
      in virtio.c, which has the side-benefit of removing duplicate code.
      
      The only complexity is that lguest and S/390 use the index to uniquely identify
      the device in case of catastrophic failure before register_virtio_device() is
      called: now we use the offset within the descriptor page as a unique identifier
      for the printks.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Carsten Otte <cotte@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Chris Lalancette <clalance@redhat.com>
      Cc: Anthony Liguori <anthony@codemonkey.ws>
      b769f579
    • R
      virtio: virtio_pci should not set bus_id. · 5610bd15
      Rusty Russell 提交于
      The common virtio code sets the bus_id, overriding anything virtio_pci
      sets anyway.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Carsten Otte <cotte@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Chris Lalancette <clalance@redhat.com>
      Cc: Anthony Liguori <anthony@codemonkey.ws>
      5610bd15
  25. 02 5月, 2008 1 次提交
    • R
      virtio: explicit advertisement of driver features · c45a6816
      Rusty Russell 提交于
      A recent proposed feature addition to the virtio block driver revealed
      some flaws in the API: in particular, we assume that feature
      negotiation is complete once a driver's probe function returns.
      
      There is nothing in the API to require this, however, and even I
      didn't notice when it was violated.
      
      So instead, we require the driver to specify what features it supports
      in a table, we can then move the feature negotiation into the virtio
      core.  The intersection of device and driver features are presented in
      a new 'features' bitmap in the struct virtio_device.
      
      Note that this highlights the difference between Linux unsigned-long
      bitmaps where each unsigned long is in native endian, and a
      straight-forward little-endian array of bytes.
      
      Drivers can still remove feature bits in their probe routine if they
      really have to.
      
      API changes:
      - dev->config->feature() no longer gets and acks a feature.
      - drivers should advertise their features in the 'feature_table' field
      - use virtio_has_feature() for extra sanity when checking feature bits
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      c45a6816