From: Don Dutile <ddutile@redhat.com> Date: Fri, 14 Dec 2007 16:48:03 -0500 Subject: [xen] rapid block device plug/unplug leads to crash Message-id: 4762FA13.5050907@redhat.com O-Subject: [RHEL5.2 PATCH] Bug 308971: rapid block device plug / unplug leads to kernel crash and/or soft lockup Bugzilla: 308971 Description of problem: Rapidly pluging and unpluggin a block device eventually leads to a kernel crash when the device is unplugged before fully established due to a double free. Fix: Make sure that the device is fully ready before allowing release. Test: In a tight loop, perform xm block-attach/block-detach. Without the patch, the guest crashes; with the fix, the guest doesn't crash. Note: patch attached, not in-lined this time... See BZ if want to see in-line version. Note: will dupe this BZ & submit for 4.7. Acked-by: Rik van Riel <riel@redhat.com> Acked-by: Chris Lalancette <clalance@redhat.com> diff --git a/drivers/xen/blkfront/blkfront.c b/drivers/xen/blkfront/blkfront.c index 62d8417..bdb34e9 100644 --- a/drivers/xen/blkfront/blkfront.c +++ b/drivers/xen/blkfront/blkfront.c @@ -463,7 +463,7 @@ int blkif_release(struct inode *inode, struct file *filep) struct xenbus_device * dev = info->xbdev; enum xenbus_state state = xenbus_read_driver_state(dev->otherend); - if (state == XenbusStateClosing) + if (state == XenbusStateClosing && info->is_ready) blkfront_closing(dev); } return 0;