• Robin Holt's avatar
    x86: uv: XPC receive message reuse triggers invalid BUG_ON() · 046d6c56
    Robin Holt authored
    This was a difficult bug to trip.  XPC was in the middle of sending an
    acknowledgement for a received message.
    
    In xpc_received_payload_uv():
    .
            ret = xpc_send_gru_msg(ch->sn.uv.cached_notify_gru_mq_desc, msg,
                                   sizeof(struct xpc_notify_mq_msghdr_uv));
            if (ret != xpSuccess)
                    XPC_DEACTIVATE_PARTITION(&xpc_partitions[ch->partid], ret);
    
            msg->hdr.msg_slot_number += ch->remote_nentries;
    
    at the point in xpc_send_gru_msg() where the hardware has dispatched the
    acknowledgement, the remote side is able to reuse the message structure
    and send a message with a different slot number.  This problem is made
    worse by interrupts.
    
    The adjustment of msg_slot_number and the BUG_ON in
    xpc_handle_notify_mq_msg_uv() which verifies the msg_slot_number is
    consistent are only used for debug purposes.  Since a fix for this that
    preserves the debug functionality would either have to infringe upon the
    payload or allocate another structure just for debug, I decided to remove
    it entirely.
    Signed-off-by: default avatarRobin Holt <holt@sgi.com>
    Cc: Jack Steiner <steiner@sgi.com>
    Cc: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    046d6c56
xpc_uv.c 45.8 KB