| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGxU2F50Ay0Tby8xHcFuc+euek+pLTK2Z88mCX_9YH4nT1h4HA@mail.gmail.com>
Date: Thu, 20 Dec 2018 18:09:44 +0100
From: Stefano Garzarella <sgarzare@...hat.com>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, Stefan Hajnoczi <stefanha@...hat.com>
Subject: Re: [PATCH RFC 1/2] vsock/virtio: fix kernel panic after device hot-unplug
I fixed some mistakes in the commit text (for v2)
On Thu, Dec 20, 2018 at 1:16 PM Stefano Garzarella <sgarzare@...hat.com> wrote:
>
> virtio_vsock_remove() invoked the vsock_core_exit() also if there
> are opened socket for the AF_VSOCK protocol family. In this way
> the vsock "transport" pointer was set to NULL, triggering the
> kernel panic at the first socket activity.
virtio_vsock_remove() invokes the vsock_core_exit() also if there
are opened sockets for the AF_VSOCK protocol family. In this way
the vsock "transport" pointer is set to NULL, triggering the
kernel panic at the first socket activity.
>
> This patch move the vsock_core_init()/vsock_core_exit() in the
> virtio_vsock respectively in module_init and module_exit functions,
> that cannot be invoked until there are open sockets.
>
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1609699
> Reported-by: Yan Fu <yafu@...hat.com>
> Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
> ---
> net/vmw_vsock/virtio_transport.c | 26 ++++++++++++++++++--------
> 1 file changed, 18 insertions(+), 8 deletions(-)
>
> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
> index 5d3cce9e8744..9dae54698737 100644
> --- a/net/vmw_vsock/virtio_transport.c
> +++ b/net/vmw_vsock/virtio_transport.c
> @@ -75,6 +75,9 @@ static u32 virtio_transport_get_local_cid(void)
> {
> struct virtio_vsock *vsock = virtio_vsock_get();
>
> + if (!vsock)
> + return VMADDR_CID_ANY;
> +
> return vsock->guest_cid;
> }
>
> @@ -584,10 +587,6 @@ static int virtio_vsock_probe(struct virtio_device *vdev)
>
> virtio_vsock_update_guest_cid(vsock);
>
> - ret = vsock_core_init(&virtio_transport.transport);
> - if (ret < 0)
> - goto out_vqs;
> -
> vsock->rx_buf_nr = 0;
> vsock->rx_buf_max_nr = 0;
> atomic_set(&vsock->queued_replies, 0);
> @@ -618,8 +617,6 @@ static int virtio_vsock_probe(struct virtio_device *vdev)
> mutex_unlock(&the_virtio_vsock_mutex);
> return 0;
>
> -out_vqs:
> - vsock->vdev->config->del_vqs(vsock->vdev);
> out:
> kfree(vsock);
> mutex_unlock(&the_virtio_vsock_mutex);
> @@ -669,7 +666,6 @@ static void virtio_vsock_remove(struct virtio_device *vdev)
>
> mutex_lock(&the_virtio_vsock_mutex);
> the_virtio_vsock = NULL;
> - vsock_core_exit();
> mutex_unlock(&the_virtio_vsock_mutex);
>
> vdev->config->del_vqs(vdev);
> @@ -702,14 +698,28 @@ static int __init virtio_vsock_init(void)
> virtio_vsock_workqueue = alloc_workqueue("virtio_vsock", 0, 0);
> if (!virtio_vsock_workqueue)
> return -ENOMEM;
> +
> ret = register_virtio_driver(&virtio_vsock_driver);
> if (ret)
> - destroy_workqueue(virtio_vsock_workqueue);
> + goto out_wq;
> +
> + ret = vsock_core_init(&virtio_transport.transport);
> + if (ret)
> + goto out_vdr;
> +
> + return 0;
> +
> +out_vdr:
> + unregister_virtio_driver(&virtio_vsock_driver);
> +out_wq:
> + destroy_workqueue(virtio_vsock_workqueue);
> return ret;
> +
> }
>
> static void __exit virtio_vsock_exit(void)
> {
> + vsock_core_exit();
> unregister_virtio_driver(&virtio_vsock_driver);
> destroy_workqueue(virtio_vsock_workqueue);
> }
> --
> 2.19.2
>
Powered by blists - more mailing lists