WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: Crash on blktap shutdown

from [Daniel Stodden] [Permanent Link][Original]
To: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Subject: [Xen-devel] Re: Crash on blktap shutdown
From: Daniel Stodden <daniel.stodden@xxxxxxxxxx>
Date: Wed, 24 Feb 2010 16:16:07 -0800
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Jake Wires <Jake.Wires@xxxxxxxxxx>
Delivery-date: Wed, 24 Feb 2010 16:16:28 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1267056730.5962.596.camel@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4B85AE5C.8050603@xxxxxxxx> <1267053644.5962.409.camel@xxxxxxxxxxxxxxxxxxxxxxx> <4B85B58D.20204@xxxxxxxx> <1267056730.5962.596.camel@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On Wed, 2010-02-24 at 19:12 -0500, Daniel Stodden wrote:
> On Wed, 2010-02-24 at 18:26 -0500, Jeremy Fitzhardinge wrote:
> > On 02/24/2010 03:20 PM, Daniel Stodden wrote:
> > > Jake, any immediate ideas?
> > >    
> > 
> > Just got another one on domain shutdown.  The crashing instruction is:
> > 0xffffffff8104a3f2 <lock_timer_base+17>:    mov    0x28(%r12),%r14
> > 
> 
> Oh, a classic.
> 
> I think I had the same issue somewhere in blktap1 when moving to 2.6.27.
> 
> Coming.

This should do. 100% untested.

--snip---
blktap/device: Fix wild ptr deref during device destruction.

A put_disk() before blk_cleanup_queue() would free gd before gd->queue
is read.

Signed-off-by: Daniel Stodden <daniel.stodden@xxxxxxxxxx>

diff -r 7d0b5bd0725f drivers/xen/blktap/device.c
--- a/drivers/xen/blktap/device.c       Fri Feb 05 11:12:24 2010 -0800
+++ b/drivers/xen/blktap/device.c       Wed Feb 24 16:13:26 2010 -0800
@@ -1027,8 +1027,8 @@
 #endif
 
        del_gendisk(dev->gd);
+       blk_cleanup_queue(dev->gd->queue);
        put_disk(dev->gd);
-       blk_cleanup_queue(dev->gd->queue);
 
        dev->gd = NULL;
 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden
Next by Date:  [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden
Previous by Thread:  [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden
Next by Thread:  [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy