From 3c82288578a839833c02e6d5fc9efde16afda79a Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 10 Jul 2012 13:26:24 -0400 Subject: [PATCH] Add patch to fix xen dom0 crash when using BLKDISCARD (rhbz 824641) --- kernel.spec | 11 +++- ...py-id-field-when-doing-BLKIF_DISCARD.patch | 54 +++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 xen-blkback-Copy-id-field-when-doing-BLKIF_DISCARD.patch diff --git a/kernel.spec b/kernel.spec index bde26bf45..bb8e2f6e5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 4 +%global baserelease 5 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -810,6 +810,9 @@ Patch22048: net-qmi_wwan-fix-Gobi-device-probing.patch Patch22050: ACPI-APEI-Avoid-too-much-error-reporting.patch +#rhbz 824641 +Patch22051: xen-blkback-Copy-id-field-when-doing-BLKIF_DISCARD.patch + # END OF PATCH DEFINITIONS %endif @@ -1506,6 +1509,9 @@ ApplyPatch net-qmi_wwan-fix-Gobi-device-probing.patch ApplyPatch ACPI-APEI-Avoid-too-much-error-reporting.patch +#rhbz 824641 +ApplyPatch xen-blkback-Copy-id-field-when-doing-BLKIF_DISCARD.patch + # END OF PATCH APPLICATIONS %endif @@ -2244,6 +2250,9 @@ fi # and build. %changelog +* Tue Jul 10 2012 Josh Boyer +- Add patch to fix xen dom0 crash when using BLKDISCARD (rhbz 824641) + * Fri Jul 06 2012 Justin M. Forbes - ACPI, APEI, Avoid too much error reporting in runtime diff --git a/xen-blkback-Copy-id-field-when-doing-BLKIF_DISCARD.patch b/xen-blkback-Copy-id-field-when-doing-BLKIF_DISCARD.patch new file mode 100644 index 000000000..056d79b15 --- /dev/null +++ b/xen-blkback-Copy-id-field-when-doing-BLKIF_DISCARD.patch @@ -0,0 +1,54 @@ +From 8c9ce606a60e4a0cb447bdc082ce383b96b227b4 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Fri, 25 May 2012 16:11:09 -0400 +Subject: [PATCH] xen/blkback: Copy id field when doing BLKIF_DISCARD. + +We weren't copying the id field so when we sent the response +back to the frontend (especially with a 64-bit host and 32-bit +guest), we ended up using a random value. This lead to the +frontend crashing as it would try to pass to __blk_end_request_all +a NULL 'struct request' (b/c it would use the 'id' to find the +proper 'struct request' in its shadow array) and end up crashing: + +BUG: unable to handle kernel NULL pointer dereference at 000000e4 +IP: [] __blk_end_request_all+0xc/0x40 +.. snip.. +EIP is at __blk_end_request_all+0xc/0x40 +.. snip.. + [] blkif_interrupt+0x172/0x330 [xen_blkfront] + +This fixes the bug by passing in the proper id for the response. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=824641 + +CC: stable@kernel.org +Tested-by: William Dauchy +Acked-by: Stefano Stabellini +Signed-off-by: Konrad Rzeszutek Wilk +--- + drivers/block/xen-blkback/common.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h +index 773cf27..9ad3b5e 100644 +--- a/drivers/block/xen-blkback/common.h ++++ b/drivers/block/xen-blkback/common.h +@@ -257,6 +257,7 @@ static inline void blkif_get_x86_32_req(struct blkif_request *dst, + break; + case BLKIF_OP_DISCARD: + dst->u.discard.flag = src->u.discard.flag; ++ dst->u.discard.id = src->u.discard.id; + dst->u.discard.sector_number = src->u.discard.sector_number; + dst->u.discard.nr_sectors = src->u.discard.nr_sectors; + break; +@@ -287,6 +288,7 @@ static inline void blkif_get_x86_64_req(struct blkif_request *dst, + break; + case BLKIF_OP_DISCARD: + dst->u.discard.flag = src->u.discard.flag; ++ dst->u.discard.id = src->u.discard.id; + dst->u.discard.sector_number = src->u.discard.sector_number; + dst->u.discard.nr_sectors = src->u.discard.nr_sectors; + break; +-- +1.7.10.4 +