Skip to content

Commit 99e87f5

Browse files
Igor Druzhinindavem330
Igor Druzhinin
authored and
davem330
committed
xen-netback: fix occasional leak of grant ref mappings under memory pressure
Zero-copy callback flag is not yet set on frag list skb at the moment xenvif_handle_frag_list() returns -ENOMEM. This eventually results in leaking grant ref mappings since xenvif_zerocopy_callback() is never called for these fragments. Those eventually build up and cause Xen to kill Dom0 as the slots get reused for new mappings: "d0v0 Attempt to implicitly unmap a granted PTE c010000329fce005" That behavior is observed under certain workloads where sudden spikes of page cache writes coexist with active atomic skb allocations from network traffic. Additionally, rework the logic to deal with frag_list deallocation in a single place. Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent ac51050 commit 99e87f5

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

drivers/net/xen-netback/netback.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1072,11 +1072,6 @@ static int xenvif_handle_frag_list(struct xenvif_queue *queue, struct sk_buff *s
10721072
skb_frag_size_set(&frags[i], len);
10731073
}
10741074

1075-
/* Copied all the bits from the frag list -- free it. */
1076-
skb_frag_list_init(skb);
1077-
xenvif_skb_zerocopy_prepare(queue, nskb);
1078-
kfree_skb(nskb);
1079-
10801075
/* Release all the original (foreign) frags. */
10811076
for (f = 0; f < skb_shinfo(skb)->nr_frags; f++)
10821077
skb_frag_unref(skb, f);
@@ -1145,6 +1140,8 @@ static int xenvif_tx_submit(struct xenvif_queue *queue)
11451140
xenvif_fill_frags(queue, skb);
11461141

11471142
if (unlikely(skb_has_frag_list(skb))) {
1143+
struct sk_buff *nskb = skb_shinfo(skb)->frag_list;
1144+
xenvif_skb_zerocopy_prepare(queue, nskb);
11481145
if (xenvif_handle_frag_list(queue, skb)) {
11491146
if (net_ratelimit())
11501147
netdev_err(queue->vif->dev,
@@ -1153,6 +1150,9 @@ static int xenvif_tx_submit(struct xenvif_queue *queue)
11531150
kfree_skb(skb);
11541151
continue;
11551152
}
1153+
/* Copied all the bits from the frag list -- free it. */
1154+
skb_frag_list_init(skb);
1155+
kfree_skb(nskb);
11561156
}
11571157

11581158
skb->dev = queue->vif->dev;

0 commit comments

Comments
 (0)