xen/netback: avoid race in xenvif_rx_ring_slots_available()

Since commit 23025393dbeb3b8b3 ("xen/netback: use lateeoi irq binding")
xenvif_rx_ring_slots_available() is no longer called only from the rx
queue kernel thread, so it needs to access the rx queue with the
associated queue held.

Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Fixes: 23025393dbeb3b8b3 ("xen/netback: use lateeoi irq binding")
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Wei Liu <wl@xen.org>
Link: https://lore.kernel.org/r/20210202070938.7863-1-jgross@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/xen-netback/rx.c b/drivers/net/xen-netback/rx.c
index b8febe1..accc991 100644 (file)
--- a/drivers/net/xen-netback/rx.c
+++ b/drivers/net/xen-netback/rx.c
@@ -38,10 +38,15 @@ static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue)
        RING_IDX prod, cons;
        struct sk_buff *skb;
        int needed;
+       unsigned long flags;
+
+       spin_lock_irqsave(&queue->rx_queue.lock, flags);
 
        skb = skb_peek(&queue->rx_queue);
-       if (!skb)
+       if (!skb) {
+               spin_unlock_irqrestore(&queue->rx_queue.lock, flags);
                return false;
+       }
 
        needed = DIV_ROUND_UP(skb->len, XEN_PAGE_SIZE);
        if (skb_is_gso(skb))
@@ -49,6 +54,8 @@ static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue)
        if (skb->sw_hash)
                needed++;
 
+       spin_unlock_irqrestore(&queue->rx_queue.lock, flags);
+
        do {
                prod = queue->rx.sring->req_prod;
                cons = queue->rx.req_cons;