[PATCH 128/139] xen-netback: cancel the credit timer when taking the vif down

Luis Henriques luis.henriques at canonical.com
Thu Feb 28 14:44:38 UTC 2013 -stable review patch.  If anyone has any objections, please let me know.


From: David Vrabel <david.vrabel at citrix.com>

commit 3e55f8b306cf305832a4ac78aa82e1b40e818ece upstream.

If the credit timer is left armed after calling
xen_netbk_remove_xenvif(), then it may fire and attempt to schedule
the vif which will then oops as vif->netbk == NULL.

This may happen both in the fatal error path and during normal
disconnection from the front end.

The sequencing during shutdown is critical to ensure that: a)
vif->netbk doesn't become unexpectedly NULL; and b) the net device/vif
is not freed.

1. Mark as unschedulable (netif_carrier_off()).
2. Synchronously cancel the timer.
3. Remove the vif from the schedule list.
4. Remove it from it netback thread group.
5. Wait for vif->refcnt to become 0.

Signed-off-by: David Vrabel <david.vrabel at citrix.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
Reported-by: Christopher S. Aker <caker at theshore.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
 drivers/net/xen-netback/interface.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index b8c5193..221f426 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -132,6 +132,7 @@ static void xenvif_up(struct xenvif *vif)
 static void xenvif_down(struct xenvif *vif)
+	del_timer_sync(&vif->credit_timeout);
@@ -363,8 +364,6 @@ void xenvif_disconnect(struct xenvif *vif)
 	wait_event(vif->waiting_to_free, atomic_read(&vif->refcnt) == 0);
-	del_timer_sync(&vif->credit_timeout);
 	if (vif->irq)
 		unbind_from_irqhandler(vif->irq, vif);

More information about the kernel-team mailing list