leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

virtio: console: Don't access vqs if device was unplugged

Browse Source 
If a virtio-console device gets unplugged while a port is open, a
subsequent close() call on the port accesses vqs to free up buffers.
This can lead to a crash.

The buffers are already freed up as a result of the call to
unplug_ports() from virtcons_remove().  The fix is to simply not access
vq information if port->portdev is NULL.

Reported-by: juzhang <juzhang@redhat.com>
CC: stable@kernel.org
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Amit Shah 2011-03-04 14:04:33 +10:30 committed by Linus Torvalds
parent fb62c00a6d
commit d7a62cd033
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/char/virtio_console.c
View File

@ -388,6 +388,10 @@ static void discard_port_data(struct port *port)
unsigned int len; unsigned int len;
int ret; int ret;
if (!port->portdev) {
/* Device has been unplugged. vqs are already gone. */
return;
}
vq = port->in_vq; vq = port->in_vq;
if (port->inbuf) if (port->inbuf)
buf = port->inbuf; buf = port->inbuf;
@ -470,6 +474,10 @@ static void reclaim_consumed_buffers(struct port *port)
void *buf; void *buf;
unsigned int len; unsigned int len;
if (!port->portdev) {
/* Device has been unplugged. vqs are already gone. */
return;
}
while ((buf = virtqueue_get_buf(port->out_vq, &len))) { while ((buf = virtqueue_get_buf(port->out_vq, &len))) {
kfree(buf); kfree(buf);
port->outvq_full = false; port->outvq_full = false;