Commit 5b61cb90 authored by Daniel Stodden's avatar Daniel Stodden Committed by Jens Axboe

xenbus: Make xenbus_switch_state transactional

According to the comments, this was how it's been done years ago, but
apparently took an xbt pointer from elsewhere back then. The code was
removed because of consistency issues: cancellation wont't roll back
the saved xbdev->state.

Still, unsolicited writes to the state field remain an issue,
especially if device shutdown takes thread synchronization, and subtle
races cause accidental recreation of the device node.

Fixed by reintroducing the transaction. An internal one is sufficient,
so the xbdev->state value remains consistent.

Also fixes the original hack to prevent infinite recursion. Instead of
bailing out on the first attempt to switch to Closing, checks call
depth now.
Signed-off-by: default avatarDaniel Stodden <daniel.stodden@citrix.com>
Signed-off-by: default avatarJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
parent 2def141e
...@@ -133,17 +133,12 @@ int xenbus_watch_pathfmt(struct xenbus_device *dev, ...@@ -133,17 +133,12 @@ int xenbus_watch_pathfmt(struct xenbus_device *dev,
} }
EXPORT_SYMBOL_GPL(xenbus_watch_pathfmt); EXPORT_SYMBOL_GPL(xenbus_watch_pathfmt);
static void xenbus_switch_fatal(struct xenbus_device *, int, int,
const char *, ...);
/** static int
* xenbus_switch_state __xenbus_switch_state(struct xenbus_device *dev,
* @dev: xenbus device enum xenbus_state state, int depth)
* @state: new state
*
* Advertise in the store a change of the given driver to the given new_state.
* Return 0 on success, or -errno on error. On error, the device will switch
* to XenbusStateClosing, and the error will be saved in the store.
*/
int xenbus_switch_state(struct xenbus_device *dev, enum xenbus_state state)
{ {
/* We check whether the state is currently set to the given value, and /* We check whether the state is currently set to the given value, and
if not, then the state is set. We don't want to unconditionally if not, then the state is set. We don't want to unconditionally
...@@ -152,35 +147,65 @@ int xenbus_switch_state(struct xenbus_device *dev, enum xenbus_state state) ...@@ -152,35 +147,65 @@ int xenbus_switch_state(struct xenbus_device *dev, enum xenbus_state state)
to it, as the device will be tearing down, and we don't want to to it, as the device will be tearing down, and we don't want to
resurrect that directory. resurrect that directory.
Note that, because of this cached value of our state, this function Note that, because of this cached value of our state, this
will not work inside a Xenstore transaction (something it was function will not take a caller's Xenstore transaction
trying to in the past) because dev->state would not get reset if (something it was trying to in the past) because dev->state
the transaction was aborted. would not get reset if the transaction was aborted.
*/ */
struct xenbus_transaction xbt;
int current_state; int current_state;
int err; int err, abort;
if (state == dev->state) if (state == dev->state)
return 0; return 0;
err = xenbus_scanf(XBT_NIL, dev->nodename, "state", "%d", again:
&current_state); abort = 1;
if (err != 1)
err = xenbus_transaction_start(&xbt);
if (err) {
xenbus_switch_fatal(dev, depth, err, "starting transaction");
return 0; return 0;
}
err = xenbus_scanf(xbt, dev->nodename, "state", "%d", &current_state);
if (err != 1)
goto abort;
err = xenbus_printf(XBT_NIL, dev->nodename, "state", "%d", state); err = xenbus_printf(xbt, dev->nodename, "state", "%d", state);
if (err) { if (err) {
if (state != XenbusStateClosing) /* Avoid looping */ xenbus_switch_fatal(dev, depth, err, "writing new state");
xenbus_dev_fatal(dev, err, "writing new state"); goto abort;
return err;
} }
dev->state = state; abort = 0;
abort:
err = xenbus_transaction_end(xbt, abort);
if (err) {
if (err == -EAGAIN && !abort)
goto again;
xenbus_switch_fatal(dev, depth, err, "ending transaction");
} else
dev->state = state;
return 0; return 0;
} }
/**
* xenbus_switch_state
* @dev: xenbus device
* @state: new state
*
* Advertise in the store a change of the given driver to the given new_state.
* Return 0 on success, or -errno on error. On error, the device will switch
* to XenbusStateClosing, and the error will be saved in the store.
*/
int xenbus_switch_state(struct xenbus_device *dev, enum xenbus_state state)
{
return __xenbus_switch_state(dev, state, 0);
}
EXPORT_SYMBOL_GPL(xenbus_switch_state); EXPORT_SYMBOL_GPL(xenbus_switch_state);
int xenbus_frontend_closed(struct xenbus_device *dev) int xenbus_frontend_closed(struct xenbus_device *dev)
...@@ -283,6 +308,23 @@ void xenbus_dev_fatal(struct xenbus_device *dev, int err, const char *fmt, ...) ...@@ -283,6 +308,23 @@ void xenbus_dev_fatal(struct xenbus_device *dev, int err, const char *fmt, ...)
} }
EXPORT_SYMBOL_GPL(xenbus_dev_fatal); EXPORT_SYMBOL_GPL(xenbus_dev_fatal);
/**
* Equivalent to xenbus_dev_fatal(dev, err, fmt, args), but helps
* avoiding recursion within xenbus_switch_state.
*/
static void xenbus_switch_fatal(struct xenbus_device *dev, int depth, int err,
const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
xenbus_va_dev_error(dev, err, fmt, ap);
va_end(ap);
if (!depth)
__xenbus_switch_state(dev, XenbusStateClosing, 1);
}
/** /**
* xenbus_grant_ring * xenbus_grant_ring
* @dev: xenbus device * @dev: xenbus device
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment