xen-netback fixes for stable 35876b5 3e55f8b

From: William Dauchy
Date: Fri Feb 22 2013 - 11:55:02 EST

Next message: Konrad Rzeszutek Wilk: "Re: Put git commit 51ac8893a7a51b196501164e645583bf78138699 on thestable tree please"
Previous message: Sasha Levin: "batman-adv: gpf in batadv_slide_own_bcast_window"
Next in thread: Greg Kroah-Hartman: "Re: xen-netback fixes for stable 35876b5 3e55f8b"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I believe the two commits 35876b5 and 3e55f8b could be included in stable tree.
35876b5 is related to 4885628 already in the stable tree and fixes a
possible oops.
3e55f8b is fixing another possible oops (see commit messages).

I tested them on top of a v3.4.33.
Could we consider adding these patches in stable tree at least for v3.4?

Tested-by: William Dauchy <william@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx

commit 35876b5ffc154c357476b2c3bdab10feaf4bd8f0
Author: David Vrabel <david.vrabel@xxxxxxxxxx>
Date: Thu Feb 14 03:18:57 2013 +0000

xen-netback: correctly return errors from netbk_count_requests()

netbk_count_requests() could detect an error, call
netbk_fatal_tx_error() but return 0. The vif may then be used
afterwards (e.g., in a call to netbk_tx_error().

Since netbk_fatal_tx_error() could set vif->refcnt to 1, the vif may
be freed immediately after the call to netbk_fatal_tx_error() (e.g.,
if the vif is also removed).

Netback thread Xenwatch thread
-------------------------------------------
netbk_fatal_tx_err() netback_remove()
xenvif_disconnect()
...
free_netdev()
netbk_tx_err() Oops!

Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
Signed-off-by: Jan Beulich <JBeulich@xxxxxxxx>
Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
Reported-by: Christopher S. Aker <caker@xxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

commit 3e55f8b306cf305832a4ac78aa82e1b40e818ece
Author: David Vrabel <david.vrabel@xxxxxxxxxx>
Date: Thu Feb 14 03:18:58 2013 +0000

xen-netback: cancel the credit timer when taking the vif down

If the credit timer is left armed after calling
xen_netbk_remove_xenvif(), then it may fire and attempt to schedule
the vif which will then oops as vif->netbk == NULL.

This may happen both in the fatal error path and during normal
disconnection from the front end.

The sequencing during shutdown is critical to ensure that: a)
vif->netbk doesn't become unexpectedly NULL; and b) the net device/vif
is not freed.

1. Mark as unschedulable (netif_carrier_off()).
2. Synchronously cancel the timer.
3. Remove the vif from the schedule list.
4. Remove it from it netback thread group.
5. Wait for vif->refcnt to become 0.

Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Reported-by: Christopher S. Aker <caker@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

Regards,
--
William

Attachment: signature.asc
Description: Digital signature

Next message: Konrad Rzeszutek Wilk: "Re: Put git commit 51ac8893a7a51b196501164e645583bf78138699 on thestable tree please"
Previous message: Sasha Levin: "batman-adv: gpf in batadv_slide_own_bcast_window"
Next in thread: Greg Kroah-Hartman: "Re: xen-netback fixes for stable 35876b5 3e55f8b"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]