WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] linux/blkfront: don't access freed struct xenbus_dev

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] linux/blkfront: don't access freed struct xenbus_device
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Thu, 04 Feb 2010 09:22:07 +0000
Delivery-date: Thu, 04 Feb 2010 01:21:54 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Unfortunately c/s 983 still wasn't quite right - there was a reference
to freed memory left from blkfront_closing().

As usual, written against 2.6.32.7 and made apply to the 2.6.18
tree without further testing.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>

--- a/drivers/xen/blkfront/blkfront.c   2010-02-04 09:29:42.000000000 +0100
+++ b/drivers/xen/blkfront/blkfront.c   2010-02-04 09:31:52.000000000 +0100
@@ -63,7 +63,7 @@
 #define GRANT_INVALID_REF      0
 
 static void connect(struct blkfront_info *);
-static void blkfront_closing(struct xenbus_device *);
+static void blkfront_closing(struct blkfront_info *);
 static int blkfront_remove(struct xenbus_device *);
 static int talk_to_backend(struct xenbus_device *, struct blkfront_info *);
 static int setup_blkring(struct xenbus_device *, struct blkfront_info *);
@@ -302,7 +302,7 @@ static void backend_changed(struct xenbu
                        xenbus_dev_error(dev, -EBUSY,
                                         "Device in use; refusing to close");
                else
-                       blkfront_closing(dev);
+                       blkfront_closing(info);
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
                up(&bd->bd_sem);
 #else
@@ -387,12 +387,11 @@ static void connect(struct blkfront_info
  * the backend.  Once is this done, we can switch to Closed in
  * acknowledgement.
  */
-static void blkfront_closing(struct xenbus_device *dev)
+static void blkfront_closing(struct blkfront_info *info)
 {
-       struct blkfront_info *info = dev->dev.driver_data;
        unsigned long flags;
 
-       DPRINTK("blkfront_closing: %s removed\n", dev->nodename);
+       DPRINTK("blkfront_closing: %d removed\n", info->vdevice);
 
        if (info->rq == NULL)
                goto out;
@@ -414,7 +413,8 @@ static void blkfront_closing(struct xenb
        xlvbd_del(info);
 
  out:
-       xenbus_frontend_closed(dev);
+       if (info->xbdev)
+               xenbus_frontend_closed(info->xbdev);
 }
 
 
@@ -429,7 +429,7 @@ static int blkfront_remove(struct xenbus
        if(info->users == 0)
                kfree(info);
        else
-               info->is_ready = -1;
+               info->xbdev = NULL;
 
        return 0;
 }
@@ -498,7 +498,7 @@ int blkif_open(struct block_device *bd, 
 {
        struct blkfront_info *info = inode->i_bdev->bd_disk->private_data;
 
-       if(info->is_ready < 0)
+       if (!info->xbdev)
                return -ENODEV;
        info->users++;
        return 0;
@@ -521,13 +521,13 @@ int blkif_release(struct gendisk *disk, 
                   have ignored this request initially, as the device was
                   still mounted. */
                struct xenbus_device * dev = info->xbdev;
-               enum xenbus_state state = 
xenbus_read_driver_state(dev->otherend);
 
-               if(info->is_ready < 0) {
-                       blkfront_closing(dev);
+               if (!dev) {
+                       blkfront_closing(info);
                        kfree(info);
-               } else if (state == XenbusStateClosing && info->is_ready)
-                       blkfront_closing(dev);
+               } else if (xenbus_read_driver_state(dev->otherend)
+                          == XenbusStateClosing && info->is_ready)
+                       blkfront_closing(info);
        }
        return 0;
 }
@@ -920,7 +920,7 @@ int blkfront_is_ready(struct xenbus_devi
 {
        struct blkfront_info *info = dev->dev.driver_data;
 
-       return info->is_ready > 0;
+       return info->is_ready && info->xbdev;
 }
 
 



Attachment: xenlinux-blkfront-forced-detach-2.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] linux/blkfront: don't access freed struct xenbus_device, Jan Beulich <=