changeset 11667:f9929b7e009e

[BLKTAP] Fix blktap oops on domain shutdown
When a domain shuts down with a blktap-backed block device open, it can
easily cause a dom0 oops. The XenbusStateClosing event can occur while
the tapdisk userland thread is still processing IO requests (eg.
readaheads) from the domU. But the xenbus state handler calls
tap_blkif_unmap(), unmapping the blkif->blk_ring.sring rin buffer, so
when the tapdisk thread next calls the BLKTAP_IOCTL_KICK_FE to return
the completion event to the FE via that ring buffer, it oopses.

This can be fixed simply by not calling tap_blkif_unmap() in this case;
the ring buffer will still be unmapped later on when the blkif is
destroyed by blktap_remove(), only then it will properly wait for the
blkif refcnt to reach zero before doing so.

Signed-off-by: Stephen Tweedie <sct@redhat.com>
author Andrew Warfield <andy@xensource.com>
date Thu Sep 28 11:41:23 2006 -0700 (2006-09-28)
parents b6ee084892da
children 460f2c954cca
files linux-2.6-xen-sparse/drivers/xen/blktap/xenbus.c
line diff
     1.1 --- a/linux-2.6-xen-sparse/drivers/xen/blktap/xenbus.c	Thu Sep 28 17:10:54 2006 +0100
     1.2 +++ b/linux-2.6-xen-sparse/drivers/xen/blktap/xenbus.c	Thu Sep 28 11:41:23 2006 -0700
     1.3 @@ -273,7 +273,6 @@ static void tap_frontend_changed(struct 
     1.4  			kthread_stop(be->blkif->xenblkd);
     1.5  			be->blkif->xenblkd = NULL;
     1.6  		}
     1.7 -		tap_blkif_unmap(be->blkif);
     1.8  		xenbus_switch_state(dev, XenbusStateClosing);
     1.9  		break;