All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] linux/blktap: fix cleanup after unclean application exit
@ 2010-04-19 13:15 Jan Beulich
  0 siblings, 0 replies; only message in thread
From: Jan Beulich @ 2010-04-19 13:15 UTC (permalink / raw)
  To: xen-devel

[-- Attachment #1: Type: text/plain, Size: 1937 bytes --]

When an application using blktap devices doesn't close the file handle
(or mmap-s) of /dev/xen/blktapN, we cannot defer the mmput() on the
stored mm until blktap_release(), as that will never be called without
the mm's reference count dropping to zero.

Written and tested on 2.6.32.11 and made apply to the 2.6.18 tree
without further testing.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

--- sle11sp1-2010-04-12.orig/drivers/xen/blktap/blktap.c	2010-01-04 13:22:46.000000000 +0100
+++ sle11sp1-2010-04-12/drivers/xen/blktap/blktap.c	2010-04-19 09:24:00.000000000 +0200
@@ -638,6 +638,7 @@ static int blktap_open(struct inode *ino
 static int blktap_release(struct inode *inode, struct file *filp)
 {
 	tap_blkif_t *info = filp->private_data;
+	struct mm_struct *mm;
 	
 	/* check for control device */
 	if (!info)
@@ -646,7 +647,9 @@ static int blktap_release(struct inode *
 	info->ring_ok = 0;
 	smp_wmb();
 
-	mmput(info->mm);
+	mm = xchg(&info->mm, NULL);
+	if (mm)
+		mmput(mm);
 	info->mm = NULL;
 	kfree(info->foreign_map.map);
 	info->foreign_map.map = NULL;
@@ -1089,7 +1092,7 @@ static void fast_flush_area(pending_req_
 				INVALID_P2M_ENTRY);
 		}
 
-		if (khandle->user != INVALID_GRANT_HANDLE) {
+		if (mm != NULL && khandle->user != INVALID_GRANT_HANDLE) {
 			BUG_ON(xen_feature(XENFEAT_auto_translated_physmap));
 			if (!locked++)
 				down_write(&mm->mmap_sem);
@@ -1147,6 +1150,7 @@ static void print_stats(blkif_t *blkif)
 int tap_blkif_schedule(void *arg)
 {
 	blkif_t *blkif = arg;
+	tap_blkif_t *info;
 
 	blkif_get(blkif);
 
@@ -1180,8 +1184,16 @@ int tap_blkif_schedule(void *arg)
 		printk(KERN_DEBUG "%s: exiting\n", current->comm);
 
 	blkif->xenblkd = NULL;
+	info = tapfds[blkif->dev_num];
 	blkif_put(blkif);
 
+	if (info) {
+		struct mm_struct *mm = xchg(&info->mm, NULL);
+
+		if (mm)
+			mmput(mm);
+	}
+
 	return 0;
 }
 




[-- Attachment #2: xen-blktap-teardown.patch --]
[-- Type: text/plain, Size: 1994 bytes --]

Subject: blktap: fix cleanup after unclean application exit

When an application using blktap devices doesn't close the file handle
(or mmap-s) of /dev/xen/blktapN, we cannot defer the mmput() on the
stored mm until blktap_release(), as that will never be called without
the mm's reference count dropping to zero.

Written and tested on 2.6.32.11 and made apply to the 2.6.18 tree
without further testing.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

--- sle11sp1-2010-04-12.orig/drivers/xen/blktap/blktap.c	2010-01-04 13:22:46.000000000 +0100
+++ sle11sp1-2010-04-12/drivers/xen/blktap/blktap.c	2010-04-19 09:24:00.000000000 +0200
@@ -638,6 +638,7 @@ static int blktap_open(struct inode *ino
 static int blktap_release(struct inode *inode, struct file *filp)
 {
 	tap_blkif_t *info = filp->private_data;
+	struct mm_struct *mm;
 	
 	/* check for control device */
 	if (!info)
@@ -646,7 +647,9 @@ static int blktap_release(struct inode *
 	info->ring_ok = 0;
 	smp_wmb();
 
-	mmput(info->mm);
+	mm = xchg(&info->mm, NULL);
+	if (mm)
+		mmput(mm);
 	info->mm = NULL;
 	kfree(info->foreign_map.map);
 	info->foreign_map.map = NULL;
@@ -1089,7 +1092,7 @@ static void fast_flush_area(pending_req_
 				INVALID_P2M_ENTRY);
 		}
 
-		if (khandle->user != INVALID_GRANT_HANDLE) {
+		if (mm != NULL && khandle->user != INVALID_GRANT_HANDLE) {
 			BUG_ON(xen_feature(XENFEAT_auto_translated_physmap));
 			if (!locked++)
 				down_write(&mm->mmap_sem);
@@ -1147,6 +1150,7 @@ static void print_stats(blkif_t *blkif)
 int tap_blkif_schedule(void *arg)
 {
 	blkif_t *blkif = arg;
+	tap_blkif_t *info;
 
 	blkif_get(blkif);
 
@@ -1180,8 +1184,16 @@ int tap_blkif_schedule(void *arg)
 		printk(KERN_DEBUG "%s: exiting\n", current->comm);
 
 	blkif->xenblkd = NULL;
+	info = tapfds[blkif->dev_num];
 	blkif_put(blkif);
 
+	if (info) {
+		struct mm_struct *mm = xchg(&info->mm, NULL);
+
+		if (mm)
+			mmput(mm);
+	}
+
 	return 0;
 }
 

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2010-04-19 13:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-04-19 13:15 [PATCH] linux/blktap: fix cleanup after unclean application exit Jan Beulich

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.