xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

	int max = XEN_NETIF_NR_SLOTS_MIN + (rx->status <= RX_COPY_THRESHOLD);

	int max = XEN_NETIF_NR_SLOTS_MIN + (rx->status <= RX_COPY_THRESHOLD);

	int slots = 1;

	int slots = 1;

	int err = 0;

	int err = 0;

	unsigned long ret;

	if (rx->flags & XEN_NETRXF_extra_info) {

	if (rx->flags & XEN_NETRXF_extra_info) {

		err = xennet_get_extras(queue, extras, rp);

		err = xennet_get_extras(queue, extras, rp);

			goto next;

			goto next;

		}

		}

		ret = gnttab_end_foreign_access_ref(ref, 0);

		if (!gnttab_end_foreign_access_ref(ref, 0)) {

		BUG_ON(!ret);

			dev_alert(dev,

				  "Grant still in use by backend domain\n");

			queue->info->broken = true;

			dev_alert(dev, "Disabled for further use\n");

			return -EINVAL;

		}

		gnttab_release_grant_reference(&queue->gref_rx_head, ref);

		gnttab_release_grant_reference(&queue->gref_rx_head, ref);

		err = xennet_get_responses(queue, &rinfo, rp, &tmpq);

		err = xennet_get_responses(queue, &rinfo, rp, &tmpq);

		if (unlikely(err)) {

		if (unlikely(err)) {

			if (queue->info->broken) {

				spin_unlock(&queue->rx_lock);

				return 0;

			}

err:

err:

			while ((skb = __skb_dequeue(&tmpq)))

			while ((skb = __skb_dequeue(&tmpq)))

				__skb_queue_tail(&errq, skb);

				__skb_queue_tail(&errq, skb);

			struct netfront_queue *queue, unsigned int feature_split_evtchn)

			struct netfront_queue *queue, unsigned int feature_split_evtchn)

{

{

	struct xen_netif_tx_sring *txs;

	struct xen_netif_tx_sring *txs;

	struct xen_netif_rx_sring *rxs;

	struct xen_netif_rx_sring *rxs = NULL;

	grant_ref_t gref;

	grant_ref_t gref;

	int err;

	int err;

	err = xenbus_grant_ring(dev, txs, 1, &gref);

	err = xenbus_grant_ring(dev, txs, 1, &gref);

	if (err < 0)

	if (err < 0)

		goto grant_tx_ring_fail;

		goto fail;

	queue->tx_ring_ref = gref;

	queue->tx_ring_ref = gref;

	rxs = (struct xen_netif_rx_sring *)get_zeroed_page(GFP_NOIO | __GFP_HIGH);

	rxs = (struct xen_netif_rx_sring *)get_zeroed_page(GFP_NOIO | __GFP_HIGH);

	if (!rxs) {

	if (!rxs) {

		err = -ENOMEM;

		err = -ENOMEM;

		xenbus_dev_fatal(dev, err, "allocating rx ring page");

		xenbus_dev_fatal(dev, err, "allocating rx ring page");

		goto alloc_rx_ring_fail;

		goto fail;

	}

	}

	SHARED_RING_INIT(rxs);

	SHARED_RING_INIT(rxs);

	FRONT_RING_INIT(&queue->rx, rxs, XEN_PAGE_SIZE);

	FRONT_RING_INIT(&queue->rx, rxs, XEN_PAGE_SIZE);

	err = xenbus_grant_ring(dev, rxs, 1, &gref);

	err = xenbus_grant_ring(dev, rxs, 1, &gref);

	if (err < 0)

	if (err < 0)

		goto grant_rx_ring_fail;

		goto fail;

	queue->rx_ring_ref = gref;

	queue->rx_ring_ref = gref;

	if (feature_split_evtchn)

	if (feature_split_evtchn)

		err = setup_netfront_single(queue);

		err = setup_netfront_single(queue);

	if (err)

	if (err)

		goto alloc_evtchn_fail;

		goto fail;

	return 0;

	return 0;

	/* If we fail to setup netfront, it is safe to just revoke access to

	/* If we fail to setup netfront, it is safe to just revoke access to

	 * granted pages because backend is not accessing it at this point.

	 * granted pages because backend is not accessing it at this point.

	 */

	 */

alloc_evtchn_fail:

 fail:

	gnttab_end_foreign_access_ref(queue->rx_ring_ref, 0);

	if (queue->rx_ring_ref != GRANT_INVALID_REF) {

grant_rx_ring_fail:

		gnttab_end_foreign_access(queue->rx_ring_ref, 0,

					  (unsigned long)rxs);

		queue->rx_ring_ref = GRANT_INVALID_REF;

	} else {

		free_page((unsigned long)rxs);

		free_page((unsigned long)rxs);

alloc_rx_ring_fail:

	}

	gnttab_end_foreign_access_ref(queue->tx_ring_ref, 0);

	if (queue->tx_ring_ref != GRANT_INVALID_REF) {

grant_tx_ring_fail:

		gnttab_end_foreign_access(queue->tx_ring_ref, 0,

					  (unsigned long)txs);

		queue->tx_ring_ref = GRANT_INVALID_REF;

	} else {

		free_page((unsigned long)txs);

		free_page((unsigned long)txs);

fail:

	}

	return err;

	return err;

}

}