Patchwork [3.5.y.z,extended,stable] Patch "virtio: console: fix race in port_fops_open() and port unplug" has been added to staging queue

login
register
mail settings
Submitter Luis Henriques
Date Aug. 9, 2013, 11:22 a.m.
Message ID <1376047341-5803-1-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/266007/
State New
Headers show

Comments

Luis Henriques - Aug. 9, 2013, 11:22 a.m.
This is a note to let you know that I have just added a patch titled

    virtio: console: fix race in port_fops_open() and port unplug

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From ade0646d8b78a49639a629e7a750a21dda71e103 Mon Sep 17 00:00:00 2001
From: Amit Shah <amit.shah@redhat.com>
Date: Mon, 29 Jul 2013 14:17:13 +0930
Subject: [PATCH] virtio: console: fix race in port_fops_open() and port unplug

commit 671bdea2b9f210566610603ecbb6584c8a201c8c upstream.

Between open() being called and processed, the port can be unplugged.
Check if this happened, and bail out.

A simple test script to reproduce this is:

while true; do for i in $(seq 1 100); do echo $i > /dev/vport0p3; done; done;

This opens and closes the port a lot of times; unplugging the port while
this is happening triggers the bug.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 drivers/char/virtio_console.c | 4 ++++
 1 file changed, 4 insertions(+)

--
1.8.3.2

Patch

diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 002357f..4ab78e9 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -797,6 +797,10 @@  static int port_fops_open(struct inode *inode, struct file *filp)

 	/* We get the port with a kref here */
 	port = find_port_by_devt(cdev->dev);
+	if (!port) {
+		/* Port was unplugged before we could proceed */
+		return -ENXIO;
+	}
 	filp->private_data = port;

 	/*