xenbits.xensource.com Git - xen.git/commit

author	Edwin Török <edwin.torok@cloud.com>
	Thu, 12 Jan 2023 17:48:29 +0000 (17:48 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 6 Feb 2023 10:22:12 +0000 (10:22 +0000)
commit	2636d8ff7a670c4d2485757dbe966e36c259a960
tree	441689e6a6cc85c0d2396ea3213f2d550f95168f	tree
parent	36eb2de31b6ecb8787698fb1a701bd708c8971b2	commit \| diff

tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released

The modification to the _H() macro for Ocaml 5 support introduced a subtle
bug.  From the manual:

  https://ocaml.org/manual/intfc.html#ss:parallel-execution-long-running-c-code

"After caml_release_runtime_system() was called and until
caml_acquire_runtime_system() is called, the C code must not access any OCaml
data, nor call any function of the run-time system, nor call back into OCaml
code."

Previously, the value was a naked C pointer, so dereferencing it wasn't
"accessing any Ocaml data", but the fix to avoid naked C pointers added a
layer of indirection through an Ocaml Custom object, meaning that the common
pattern of using _H() in a blocking section is unsafe.

In order to fix:

* Drop the _H() macro and replace it with a static inline xce_of_val().
* Opencode the assignment into Data_custom_val() in the two constructors.
* Rename "value xce" parameters to "value xce_val" so we can consistently
   have "xenevtchn_handle *xce" on the stack, and obtain the pointer with the
   GC lock still held.

Fixes: 22d5affdf0ce ("tools/ocaml/evtchn: OCaml 5 support, fix potential resource leak")
Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Christian Lindig <christian.lindig@citrix.com>