fdbdf930ba
It still isn't clear this fix doesn't introduce some memory leak, but even if so, it's much better to have memory leak in rare situation, than crash preventing netvm change operation. Details in this thread: http://xen.markmail.org/thread/pw5edbtqienjx4q5 Unfortunately no one responded there about possible memory leak... Fixes QubesOS/qubes-issues#975
27 lines
1.1 KiB
Diff
27 lines
1.1 KiB
Diff
When it get to free_page(queue->grant_tx_page[i]), the use counter on this page
|
|
is already 0, which cause a crash. Not sure if this is the proper fix
|
|
(according to git log this may introduce some memory leak), but at least it
|
|
prevent the crash.
|
|
|
|
Details in this thread:
|
|
http://xen.markmail.org/thread/pw5edbtqienjx4q5
|
|
|
|
diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
|
|
index f821a97..a5efbb0 100644
|
|
--- a/drivers/net/xen-netfront.c
|
|
+++ b/drivers/net/xen-netfront.c
|
|
@@ -1065,9 +1069,10 @@ static void xennet_release_tx_bufs(struct netfront_queue *queue)
|
|
|
|
skb = queue->tx_skbs[i].skb;
|
|
get_page(queue->grant_tx_page[i]);
|
|
- gnttab_end_foreign_access(queue->grant_tx_ref[i],
|
|
- GNTMAP_readonly,
|
|
- (unsigned long)page_address(queue->grant_tx_page[i]));
|
|
+ gnttab_end_foreign_access_ref(
|
|
+ queue->grant_tx_ref[i], GNTMAP_readonly);
|
|
+ gnttab_release_grant_reference(
|
|
+ &queue->gref_tx_head, queue->grant_tx_ref[i]);
|
|
queue->grant_tx_page[i] = NULL;
|
|
queue->grant_tx_ref[i] = GRANT_INVALID_REF;
|
|
add_id_to_freelist(&queue->tx_skb_freelist, queue->tx_skbs, i);
|