From mboxrd@z Thu Jan 1 00:00:00 1970 From: Laszlo Ersek Subject: Re: [PATCH] linux-2.6.18/netback: use correct index for invalidation in netbk_tx_check_mop() Date: Fri, 18 Nov 2011 17:25:06 +0100 Message-ID: <4EC686E2.8020209@redhat.com> References: <4EC6686B0200007800061D60@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4EC6686B0200007800061D60@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Jan Beulich Cc: "xen-devel@lists.xensource.com" List-Id: xen-devel@lists.xenproject.org Hi, On 11/18/11 14:15, Jan Beulich wrote: > --- a/drivers/xen/netback/netback.c > +++ b/drivers/xen/netback/netback.c > @@ -1155,7 +1155,7 @@ static int netbk_tx_check_mop(struct sk_ > pending_idx = *((u16 *)skb->data); > netif_idx_release(pending_idx); > for (j = start; j< i; j++) { > - pending_idx = (unsigned long)shinfo->frags[i].page; > + pending_idx = (unsigned long)shinfo->frags[j].page; > netif_idx_release(pending_idx); > } Please excuse the uneducated question: what could be the consequences of using the wrong index here? I notice that with the fix, frags[i].page is never touched, while without the fix, it is the only one that's released. I'm asking because we have an elusive bug: netloop sometimes crashes in skb_remove_foreign_references(). As of 1125:985b8f62df25, the crash happens on line 118: 116 vaddr = kmap_skb_frag(&skb_shinfo(skb)->frags[i]); 117 off = skb_shinfo(skb)->frags[i].page_offset; 118 memcpy(page_address(page) + off, 119 vaddr + off, 120 skb_shinfo(skb)->frags[i].size); because the PTE for the vaddr returned by kmap_skb_frag() for the first frag is 0. It appears somehow related to NFS and closing/reopening TCP connections for NFS. Thanks! Laszlo