www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Fri, 18 Dec 2015 21:28:53 +0000 (16:28 -0500)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 10 May 2016 20:31:31 +0000 (22:31 +0200)
commit	16348e7b62310c6b41baf7e1dbd3469d0256edc9
tree	b36dede265c8919a928526d50d7fbb1c77511e94	tree
parent	084a96ef526b01ae9ff5b89a6900cbb2e52eec6e	commit \| diff

xen/blkfront: Fix crash if backend doesn't follow the right states.

We have split the setting up of all the resources in two steps:
1) talk_to_blkback  - which figures out the num_ring_pages (from
   the default value of zero), sets up shadow and so
2) blkfront_connect - does the real part of filling out the
   internal structures.

The problem is if we bypass the 1) step and go straight to 2)
and call blkfront_setup_indirect where we use the macro
BLK_RING_SIZE - which returns an negative value (because
sz is zero  - since num_ring_pages is zero - since it has never
been set).

We can fix this by making sure that we always have called
talk_to_blkback before going to blkfront_connect.

Or we could set in blkfront_probe info->nr_ring_pages = 1
to have a default value. But that looks odd - as we haven't
actually negotiated any ring size.

This patch changes XenbusStateConnected state to detect if
we haven't done the initial handshake - and if so continue
on as if were in XenbusStateInitWait state.

We also roll the error recovery (freeing the structure) into
talk_to_blkback error path - which is safe since that function
is only called from blkback_changed.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
(cherry picked from commit c31ecf6c126dbc7f30234eaf6c4a079649a38de7)
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>