On Mon, Oct 15, 2018 at 03:25:08PM +0200, Vasilis Liaskovitis wrote:

If a block device is hot-added when we are out of grants,
gnttab_grant_foreign_access fails with -ENOSPC (log message "28
granting access to ring page") in this code path:

  talk_to_blkback ->
	setup_blkring ->
		xenbus_grant_ring ->
			gnttab_grant_foreign_access

and the failing path in talk_to_blkback sets the driver_data to NULL:

 destroy_blkring:
        blkif_free(info, 0);

        mutex_lock(&blkfront_mutex);
        free_info(info);
        mutex_unlock(&blkfront_mutex);

        dev_set_drvdata(&dev->dev, NULL);

This results in a NULL pointer BUG when blkfront_remove and blkif_free
try to access the failing device's NULL struct blkfront_info.

Signed-off-by: Vasilis Liaskovitis <redacted>

Reviewed-by: Roger Pau Monn� <roger.pau@citrix.com>

Thanks.

I guess this is a candidate for backporting?