[3.5.y.z extended stable] Patch "xen/blkback: fix reference counting" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Fri Nov 29 14:02:36 UTC 2013

This is a note to let you know that I have just added a patch titled

    xen/blkback: fix reference counting

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:


If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



>From dd8405c7606b911c9505f9fd92d0770c237a3bab Mon Sep 17 00:00:00 2001
From: Vegard Nossum <vegard.nossum at oracle.com>
Date: Thu, 5 Sep 2013 13:00:14 +0200
Subject: xen/blkback: fix reference counting

commit ea5ec76d76da9279d12027c1828544c5ccbe7932 upstream.

If the permission check fails, we drop a reference to the blkif without
having taken it in the first place. The bug was introduced in commit
604c499cbbcc3d5fe5fb8d53306aa0fae1990109 (xen/blkback: Check device
permissions before allowing OP_DISCARD).

Cc: Jan Beulich <JBeulich at suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum at oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Signed-off-by: Jens Axboe <axboe at kernel.dk>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
 drivers/block/xen-blkback/blkback.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
index b83b40e..ae1b0c4 100644
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -406,6 +406,8 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
 	unsigned long secure;
 	struct phys_req preq;

+	xen_blkif_get(blkif);
 	preq.sector_number = req->u.discard.sector_number;
 	preq.nr_sects      = req->u.discard.nr_sectors;

@@ -418,7 +420,6 @@ static int dispatch_discard_io(struct xen_blkif *blkif,

-	xen_blkif_get(blkif);
 	secure = (blkif->vbd.discard_secure &&
 		 (req->u.discard.flag & BLKIF_DISCARD_SECURE)) ?

More information about the kernel-team mailing list