This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [Patch] Fix blktap oops on domain shutdown

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [Patch] Fix blktap oops on domain shutdown
From: "Stephen C. Tweedie" <sct@xxxxxxxxxx>
Date: Thu, 28 Sep 2006 15:47:43 +0100
Cc: Julian Chesterfield <jac90@xxxxxxxxx>, Andrew Warfield <andrew.warfield@xxxxxxxxxxxx>
Delivery-date: Thu, 28 Sep 2006 07:48:27 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
When a domain shuts down with a blktap-backed block device open, it can
easily cause a dom0 oops.  The XenbusStateClosing event can occur while
the tapdisk userland thread is still processing IO requests (eg.
readaheads) from the domU.  But the xenbus state handler calls
tap_blkif_unmap(), unmapping the blkif->blk_ring.sring rin buffer, so
when the tapdisk thread next calls the BLKTAP_IOCTL_KICK_FE to return
the completion event to the FE via that ring buffer, it oopses.

This can be fixed simply by not calling tap_blkif_unmap() in this case;
the ring buffer will still be unmapped later on when the blkif is
destroyed by blktap_remove(), only then it will properly wait for the
blkif refcnt to reach zero before doing so.

Signed-off-by: Stephen Tweedie <sct@xxxxxxxxxx>

diff -r bd811e94d293 -r ed51caee4fe6 
--- a/linux-2.6-xen-sparse/drivers/xen/blktap/xenbus.c  Tue Sep 26 19:50:07 
2006 +0100
+++ b/linux-2.6-xen-sparse/drivers/xen/blktap/xenbus.c  Thu Sep 28 15:38:25 
2006 +0100
@@ -273,7 +273,6 @@ static void tap_frontend_changed(struct 
                        be->blkif->xenblkd = NULL;
-               tap_blkif_unmap(be->blkif);
                xenbus_switch_state(dev, XenbusStateClosing);

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>