[BLKTAP] Fix blktap oops on domain shutdown
When a domain shuts down with a blktap-backed block device open, it can
easily cause a dom0 oops. The XenbusStateClosing event can occur while
the tapdisk userland thread is still processing IO requests (eg.
readaheads) from the domU. But the xenbus state handler calls
tap_blkif_unmap(), unmapping the blkif->blk_ring.sring rin buffer, so
when the tapdisk thread next calls the BLKTAP_IOCTL_KICK_FE to return
the completion event to the FE via that ring buffer, it oopses.
This can be fixed simply by not calling tap_blkif_unmap() in this case;
the ring buffer will still be unmapped later on when the blkif is
destroyed by blktap_remove(), only then it will properly wait for the
blkif refcnt to reach zero before doing so.
Signed-off-by: Stephen Tweedie <sct@redhat.com>
projects / xen.git / commit