On 07/02/18 23:22, Simon Gaiser wrote: > Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple > concurrent xenstore accesses") made a subtle change to the semantic of > xenbus_dev_request_and_reply() and xenbus_transaction_end(). > > Before on an error response to XS_TRANSACTION_END > xenbus_dev_request_and_reply() would not decrement the active > transaction counter. But xenbus_transaction_end() has always counted the > transaction as finished regardless of the response. Which is correct now. Xenstore will free all transaction related data regardless of the response. A once failed transaction can't be repaired, it has to be repeated completely. The real problem is decrementing the counter when XS_TRANSACTION_END for a non-existing transaction is being sent. > The new behavior is that xenbus_dev_request_and_reply() and > xenbus_transaction_end() will always count the transaction as finished > regardless the response code (handled in xs_request_exit()). ENOENT should not decrement the transaction counter, while all other responses to XS_TRANSACTION_END should still do so. > But xenbus_dev_frontend tries to end a transaction on closing of the > device if the XS_TRANSACTION_END failed before. Trying to close the > transaction twice corrupts the reference count. So fix this by also > considering a transaction closed if we have sent XS_TRANSACTION_END once > regardless of the return code. A transaction in the list of transactions should not considered to be finished. Either it is not on the list or it is still pending. > > Cc: <stable@xxxxxxxxxxxxxxx> # 4.11 > Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") > Signed-off-by: Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx> So: your patch is a band-aid trying to cure the symptoms, but not the real problem. Please do it properly. NAK. Juergen