Discussion:
[win-pv-devel] [PATCH] Fix BSOD on RingDestroy
Owen Smith
2018-09-25 15:30:18 UTC
Permalink
Zero Frontend->MaxQueues after calling RingDestroy, as RingDestroy will
query this value to free each BlkifRing, which will decrement an
unsigned value below 0.
Also adds an ASSERT to detect if FrontendGetMaxQueues returns 0.

Signed-off-by: Owen Smith <***@citrix.com>
---
src/xenvbd/frontend.c | 4 ++--
src/xenvbd/ring.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/xenvbd/frontend.c b/src/xenvbd/frontend.c
index 987d237..b12e122 100644
--- a/src/xenvbd/frontend.c
+++ b/src/xenvbd/frontend.c
@@ -1976,8 +1976,6 @@ FrontendDestroy(
Frontend->Page83.Data = NULL;
Frontend->Page83.Size = 0;

- Frontend->MaxQueues = 0;
-
ThreadAlert(Frontend->BackendThread);
ThreadJoin(Frontend->BackendThread);
Frontend->BackendThread = NULL;
@@ -1988,6 +1986,8 @@ FrontendDestroy(
RingDestroy(Frontend->Ring);
Frontend->Ring = NULL;

+ Frontend->MaxQueues = 0;
+
ASSERT3P(Frontend->BackendPath, ==, NULL);
ASSERT3P(Frontend->BackendWatch, ==, NULL);

diff --git a/src/xenvbd/ring.c b/src/xenvbd/ring.c
index d595226..d13afcf 100644
--- a/src/xenvbd/ring.c
+++ b/src/xenvbd/ring.c
@@ -2338,6 +2338,7 @@ RingDestroy(
ULONG Index;

Index = FrontendGetMaxQueues(Ring->Frontend);
+ ASSERT3U(Index, >, 0);

while (--Index > 0) {
PXENVBD_BLKIF_RING BlkifRing = Ring->Ring[Index];
--
2.16.2.windows.1
Paul Durrant
2018-09-26 09:21:39 UTC
Permalink
-----Original Message-----
Behalf Of Owen Smith
Sent: 25 September 2018 16:30
Subject: [win-pv-devel] [PATCH] Fix BSOD on RingDestroy
Zero Frontend->MaxQueues after calling RingDestroy, as RingDestroy will
query this value to free each BlkifRing, which will decrement an
unsigned value below 0.
Also adds an ASSERT to detect if FrontendGetMaxQueues returns 0.
---
src/xenvbd/frontend.c | 4 ++--
src/xenvbd/ring.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/xenvbd/frontend.c b/src/xenvbd/frontend.c
index 987d237..b12e122 100644
--- a/src/xenvbd/frontend.c
+++ b/src/xenvbd/frontend.c
@@ -1976,8 +1976,6 @@ FrontendDestroy(
Frontend->Page83.Data = NULL;
Frontend->Page83.Size = 0;
- Frontend->MaxQueues = 0;
-
ThreadAlert(Frontend->BackendThread);
ThreadJoin(Frontend->BackendThread);
Frontend->BackendThread = NULL;
@@ -1988,6 +1986,8 @@ FrontendDestroy(
RingDestroy(Frontend->Ring);
Frontend->Ring = NULL;
+ Frontend->MaxQueues = 0;
+
ASSERT3P(Frontend->BackendPath, ==, NULL);
ASSERT3P(Frontend->BackendWatch, ==, NULL);
diff --git a/src/xenvbd/ring.c b/src/xenvbd/ring.c
index d595226..d13afcf 100644
--- a/src/xenvbd/ring.c
+++ b/src/xenvbd/ring.c
@@ -2338,6 +2338,7 @@ RingDestroy(
ULONG Index;
Index = FrontendGetMaxQueues(Ring->Frontend);
+ ASSERT3U(Index, >, 0);
while (--Index > 0) {
PXENVBD_BLKIF_RING BlkifRing = Ring->Ring[Index];
--
2.16.2.windows.1
_______________________________________________
win-pv-devel mailing list
https://lists.xenproject.org/mailman/listinfo/win-pv-devel
Loading...