lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5757BF4E.9080307@oracle.com>
Date:	Wed, 08 Jun 2016 14:46:38 +0800
From:	Bob Liu <bob.liu@...cle.com>
To:	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
CC:	linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org,
	roger.pau@...rix.com
Subject: Re: [PATCH 1/2] xen-blkfront: don't call talk_to_blkback when already
 connected to blkback


On 06/07/2016 11:25 PM, Konrad Rzeszutek Wilk wrote:
> On Wed, Jun 01, 2016 at 01:49:23PM +0800, Bob Liu wrote:
>>
>> On 06/01/2016 04:33 AM, Konrad Rzeszutek Wilk wrote:
>>> On Tue, May 31, 2016 at 04:59:16PM +0800, Bob Liu wrote:
>>>> Sometimes blkfont may receive twice blkback_changed() notification after
>>>> migration, then talk_to_blkback() will be called twice too and confused
>>>> xen-blkback.
>>>
>>> Could you enlighten the patch description by having some form of
>>> state transition here? I am curious how you got the frontend
>>> to get in XenbusStateConnected (via blkif_recover right) and then
>>> the backend triggering the update once more?
>>>
>>> Or is just a simple race - the backend moves from XenbusStateConnected->
>>> XenbusStateConnected - which retriggers the frontend to hit in
>>> blkback_changed the XenbusStateConnected state and go in there?
>>> (That would be in conenct_ring changing the state). But I don't
>>> see how the frontend_changed code get there as we have:
>>>
>>>  770                 /*
>>>  771                  * Ensure we connect even when two watches fire in
>>>  772                  * close succession and we miss the intermediate value
>>>  773                  * of frontend_state.
>>>  774                  */
>>>  775                 if (dev->state == XenbusStateConnected)
>>>  776                         break;
>>>  777 
>>>
>>> ?
>>>
>>> Now what about 'blkfront_connect' being called on the second time?
>>>
>>> Ah, info->connected is probably by then in BLKIF_STATE_CONNECTED
>>> (as blkif_recover changed) and we just reread the size of the disk.
>>>
>>> Is that how about the flow goes?
>>
>> 	blkfront 					blkback
>> blkfront_resume()                                   
>>  > talk_to_blkback()
>>   > Set blkfront to XenbusStateInitialised
>> 						Front changed()
>>   						 > Connect()
>> 						  > Set blkback to XenbusStateConnected
>>
>> blkback_changed()
>>  > Skip talk_to_blkback()
>>    because frontstate == XenbusStateInitialised
>>  > blkfront_connect()
>>   > Set blkfront to XenbusStateConnected
>>
>>
>> ------------------------------------------------------------------
>> But sometimes blkfront receives
>> blkback_changed() event more than once!
> 
> I think I know why. The udev scripts that get invoked when when
> we attach a disk are a bit custom. As such I think they just
> revalidate the size leading to this.
> 
> And this 'poke-at-XenbusStateConnected' state multiple times
> is allowed. It is used to signal disk changes (or just to revalidate).
> Hence it does not matter why really - we need to deal with this.
> 
> I modified your patch a bit and are testing it:
> 

Looks much better, thank you very much!

Bob

> From e49dc9fc65eda4923b41d903ac51a7ddee182bcd Mon Sep 17 00:00:00 2001
> From: Bob Liu <bob.liu@...cle.com>
> Date: Tue, 7 Jun 2016 10:43:15 -0400
> Subject: [PATCH] xen-blkfront: don't call talk_to_blkback when already
>  connected to blkback
> 
> Sometimes blkfront may twice receive blkback_changed() notification
> (XenbusStateConnected) after migration, which will cause
> talk_to_blkback() to be called twice too and confuse xen-blkback.
> 
> The flow is as follow:
>    blkfront                                        blkback
> blkfront_resume()
>  > talk_to_blkback()
>   > Set blkfront to XenbusStateInitialised
>                                                 front changed()
>                                                  > Connect()
>                                                   > Set blkback to XenbusStateConnected
> 
> blkback_changed()
>  > Skip talk_to_blkback()
>    because frontstate == XenbusStateInitialised
>  > blkfront_connect()
>   > Set blkfront to XenbusStateConnected
> 
> -----
> And here we get another XenbusStateConnected notification leading
> to:
> -----
> blkback_changed()
>  > because now frontstate != XenbusStateInitialised
>    talk_to_blkback() is also called again
>   > blkfront state changed from
>   XenbusStateConnected to XenbusStateInitialised
>     (Which is not correct!)
> 
> 						front_changed():
>                                                  > Do nothing because blkback
>                                                    already in XenbusStateConnected
> 
> Now blkback is in XenbusStateConnected but blkfront is still
> in XenbusStateInitialised - leading to no disks.
> 
> Poking of the XenbusStateConnected state is allowed (to deal with
> block disk change) and has to be dealt with. The most likely
> cause of this bug are custom udev scripts hooking up the disks
> and then validating the size.
> 
> Signed-off-by: Bob Liu <bob.liu@...cle.com>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
> ---
>  drivers/block/xen-blkfront.c | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
> index b4b8fbd..7765ad5 100644
> --- a/drivers/block/xen-blkfront.c
> +++ b/drivers/block/xen-blkfront.c
> @@ -2484,10 +2484,23 @@ static void blkback_changed(struct xenbus_device *dev,
>  		break;
>  
>  	case XenbusStateConnected:
> -		if (dev->state != XenbusStateInitialised) {
> +		/*
> +		 * talk_to_blkback sets state to XenbusStateInitialised
> +		 * and blkfront_connect sets it to XenbusStateConnected
> +		 * (if connection went OK).
> +		 *
> +		 * If the backend (or toolstack) decides to poke at backend
> +		 * state (and re-trigger the watch by setting the state repeatedly
> +		 * to XenbusStateConnected (4)) we need to deal with this.
> +		 * This is allowed as this is used to communicate to the guest
> +		 * that the size of disk has changed!
> +		 */
> +		if ((dev->state != XenbusStateInitialised) &&
> +		    (dev->state != XenbusStateConnected)) {
>  			if (talk_to_blkback(dev, info))
>  				break;
>  		}
> +
>  		blkfront_connect(info);
>  		break;
>  
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ