From: Amit Shah <amit.shah@redhat.com>
Date: Mon, 29 Jul 2013 04:47:13 +0000 (+0930)
Subject: virtio: console: fix race in port_fops_open() and port unplug
X-Git-Tag: firefly_0821_release~6453^2~1096
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=60391483d53a0a9bb43e78a867173b92cf9da996;p=firefly-linux-kernel-4.4.55.git

virtio: console: fix race in port_fops_open() and port unplug

commit 671bdea2b9f210566610603ecbb6584c8a201c8c upstream.

Between open() being called and processed, the port can be unplugged.
Check if this happened, and bail out.

A simple test script to reproduce this is:

while true; do for i in $(seq 1 100); do echo $i > /dev/vport0p3; done; done;

This opens and closes the port a lot of times; unplugging the port while
this is happening triggers the bug.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 3beea9d478bc..ffa7e46faff9 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1041,6 +1041,10 @@ static int port_fops_open(struct inode *inode, struct file *filp)
 
 	/* We get the port with a kref here */
 	port = find_port_by_devt(cdev->dev);
+	if (!port) {
+		/* Port was unplugged before we could proceed */
+		return -ENXIO;
+	}
 	filp->private_data = port;
 
 	/*