From fdbdf930ba4a0668e332869e1722cf75db8271b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 31 Oct 2015 15:53:31 +0100 Subject: [PATCH] Apply patch for xen-netfront crash on network detach It still isn't clear this fix doesn't introduce some memory leak, but even if so, it's much better to have memory leak in rare situation, than crash preventing netvm change operation. Details in this thread: http://xen.markmail.org/thread/pw5edbtqienjx4q5 Unfortunately no one responded there about possible memory leak... Fixes QubesOS/qubes-issues#975 --- patches.xen/xen-netfront-detach-crash.patch | 26 +++++++++++++++++++++ series.conf | 1 + 2 files changed, 27 insertions(+) create mode 100644 patches.xen/xen-netfront-detach-crash.patch diff --git a/patches.xen/xen-netfront-detach-crash.patch b/patches.xen/xen-netfront-detach-crash.patch new file mode 100644 index 0000000..6492702 --- /dev/null +++ b/patches.xen/xen-netfront-detach-crash.patch @@ -0,0 +1,26 @@ +When it get to free_page(queue->grant_tx_page[i]), the use counter on this page +is already 0, which cause a crash. Not sure if this is the proper fix +(according to git log this may introduce some memory leak), but at least it +prevent the crash. + +Details in this thread: +http://xen.markmail.org/thread/pw5edbtqienjx4q5 + +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c +index f821a97..a5efbb0 100644 +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -1065,9 +1069,10 @@ static void xennet_release_tx_bufs(struct netfront_queue *queue) + + skb = queue->tx_skbs[i].skb; + get_page(queue->grant_tx_page[i]); +- gnttab_end_foreign_access(queue->grant_tx_ref[i], +- GNTMAP_readonly, +- (unsigned long)page_address(queue->grant_tx_page[i])); ++ gnttab_end_foreign_access_ref( ++ queue->grant_tx_ref[i], GNTMAP_readonly); ++ gnttab_release_grant_reference( ++ &queue->gref_tx_head, queue->grant_tx_ref[i]); + queue->grant_tx_page[i] = NULL; + queue->grant_tx_ref[i] = GRANT_INVALID_REF; + add_id_to_freelist(&queue->tx_skb_freelist, queue->tx_skbs, i); diff --git a/series.conf b/series.conf index e966ab4..b90abbb 100644 --- a/series.conf +++ b/series.conf @@ -2,6 +2,7 @@ patches.rpmify/makefile-after_link.patch patches.xen/0001-Revert-xen-xenbus-Avoid-synchronous-wait-on-XenBus-s.patch patches.xen/0001-xen-fix-deadlock-on-proc-xen-xenbus-access.patch +patches.xen/xen-netfront-detach-crash.patch # Additional features #patches.xen/pvops-0100-usb-xen-pvusb-driver.patch