tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

virtio: console: Don't access vqs if device was unplugged

If a virtio-console device gets unplugged while a port is open, a
subsequent close() call on the port accesses vqs to free up buffers.
This can lead to a crash.

The buffers are already freed up as a result of the call to
unplug_ports() from virtcons_remove(). The fix is to simply not access
vq information if port->portdev is NULL.

Reported-by: juzhang <juzhang@redhat.com>
CC: stable@kernel.org
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Amit Shah and committed by
Linus Torvalds d7a62cd0 fb62c00a

+8
+8
drivers/char/virtio_console.c
··· 388 388 unsigned int len; 389 389 int ret; 390 390 391 + if (!port->portdev) { 392 + /* Device has been unplugged. vqs are already gone. */ 393 + return; 394 + } 391 395 vq = port->in_vq; 392 396 if (port->inbuf) 393 397 buf = port->inbuf; ··· 474 470 void *buf; 475 471 unsigned int len; 476 472 473 + if (!port->portdev) { 474 + /* Device has been unplugged. vqs are already gone. */ 475 + return; 476 + } 477 477 while ((buf = virtqueue_get_buf(port->out_vq, &len))) { 478 478 kfree(buf); 479 479 port->outvq_full = false;