[PATCH 067/241] virtio: Don't access index after unregister.

From: Herton Ronaldo Krzesinski
Date: Thu Dec 13 2012 - 09:55:54 EST

Next message: Herton Ronaldo Krzesinski: "[PATCH 069/241] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd()"
Previous message: Herton Ronaldo Krzesinski: "[PATCH 071/241] drm/vmwgfx: Fix a case where the code would BUG when trying to pin GMR memory"
In reply to: Herton Ronaldo Krzesinski: "[PATCH 071/241] drm/vmwgfx: Fix a case where the code would BUG when trying to pin GMR memory"
Next in thread: Herton Ronaldo Krzesinski: "[PATCH 069/241] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.5.7.2 -stable review patch. If anyone has any objections, please let me know.

------------------

From: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

commit 237242bddc99041e15a4ca51b8439657cadaff17 upstream.

Virtio wants to release used indices after the corresponding
virtio device has been unregistered. However, virtio does not
hold an extra reference, giving up its last reference with
device_unregister(), making accessing dev->index afterwards
invalid.

I actually saw problems when testing my (not-yet-merged)
virtio-ccw code:

- device_add virtio-net,id=xxx
-> creates device virtio<n> with n>0

- device_del xxx
-> deletes virtio<n>, but calls ida_simple_remove with an
index of 0

- device_add virtio-net,id=xxx
-> tries to add virtio0, which is still in use...

So let's save the index we want to release before calling
device_unregister().

Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
Acked-by: Sjur BrÃndeland <sjur.brandeland@xxxxxxxxxxxxxx>
Signed-off-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@xxxxxxxxxxxxx>
---
drivers/virtio/virtio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index f355807..acc77a2 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -222,8 +222,10 @@ EXPORT_SYMBOL_GPL(register_virtio_device);

void unregister_virtio_device(struct virtio_device *dev)
{
+ int index = dev->index; /* save for after device release */
+
device_unregister(&dev->dev);
- ida_simple_remove(&virtio_index_ida, dev->index);
+ ida_simple_remove(&virtio_index_ida, index);
}
EXPORT_SYMBOL_GPL(unregister_virtio_device);

--
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Herton Ronaldo Krzesinski: "[PATCH 069/241] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd()"
Previous message: Herton Ronaldo Krzesinski: "[PATCH 071/241] drm/vmwgfx: Fix a case where the code would BUG when trying to pin GMR memory"
In reply to: Herton Ronaldo Krzesinski: "[PATCH 071/241] drm/vmwgfx: Fix a case where the code would BUG when trying to pin GMR memory"
Next in thread: Herton Ronaldo Krzesinski: "[PATCH 069/241] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]