• Vitaly Kuznetsov's avatar
    Drivers: hv: vmbus: serialize Offer and Rescind offer · d7f2fbaf
    Vitaly Kuznetsov authored
    Commit 4b2f9abe ("staging: hv: convert channel_mgmt.c to not call
    osd_schedule_callback")' was written under an assumption that we never receive
    Rescind offer while we're still processing the initial Offer request. However,
    the issue we fixed in 04a258c1 could be caused by this assumption not
    always being true.
    
    In particular, we need to protect against the following:
    1) Receiving a Rescind offer after we do queue_work() for processing an Offer
       request and before we actually enter vmbus_process_offer(). work.func points
       to vmbus_process_offer() at this moment and in vmbus_onoffer_rescind() we do
       another queue_work() without a check so we'll enter vmbus_process_offer()
       twice.
    2) Receiving a Rescind offer after we enter vmbus_process_offer() and
       especially after we set >state = CHANNEL_OPEN_STATE. Many things can go
       wrong in that case, e.g. we can call free_channel() while we're still using
       it.
    
    Implement the required protection by changing work->func at the very end of
    vmbus_process_offer() and checking work->func in vmbus_onoffer_rescind(). In
    case we receive rescind offer during or before vmbus_process_offer() is done
    we set rescind flag to true and we check it at the end of vmbus_process_offer()
    so such offer will not get lost.
    Suggested-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
    Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
    Acked-by: default avatarJason Wang <jasowang@redhat.com>
    Signed-off-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    d7f2fbaf
channel_mgmt.c 24.4 KB