Subject: hv: avoid crash in vmbus sysfs files
From: Olaf Hering <ohering@suse.de>
Patch-mainline: Never, carry this change until upstream provides better method
References: bnc#1108377
If vmbus_device_register is called, and then something reads the
populated sysfs files before vmbus_open returns, nothing protects
rbi->ring_buffer in this case, which remains NULL until vmbus_open
populates it.
A better change is pending.
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -1182,6 +1182,8 @@ static const struct sysfs_ops vmbus_chan
static ssize_t out_mask_show(const struct vmbus_channel *channel, char *buf)
{
const struct hv_ring_buffer_info *rbi = &channel->outbound;
+ if (!rbi->ring_buffer)
+ return -ENOENT;
return sprintf(buf, "%u\n", rbi->ring_buffer->interrupt_mask);
}
@@ -1190,6 +1192,8 @@ VMBUS_CHAN_ATTR_RO(out_mask);
static ssize_t in_mask_show(const struct vmbus_channel *channel, char *buf)
{
const struct hv_ring_buffer_info *rbi = &channel->inbound;
+ if (!rbi->ring_buffer)
+ return -ENOENT;
return sprintf(buf, "%u\n", rbi->ring_buffer->interrupt_mask);
}
@@ -1198,6 +1202,8 @@ VMBUS_CHAN_ATTR_RO(in_mask);
static ssize_t read_avail_show(const struct vmbus_channel *channel, char *buf)
{
const struct hv_ring_buffer_info *rbi = &channel->inbound;
+ if (!rbi->ring_buffer)
+ return -ENOENT;
return sprintf(buf, "%u\n", hv_get_bytes_to_read(rbi));
}
@@ -1206,6 +1212,8 @@ VMBUS_CHAN_ATTR_RO(read_avail);
static ssize_t write_avail_show(const struct vmbus_channel *channel, char *buf)
{
const struct hv_ring_buffer_info *rbi = &channel->outbound;
+ if (!rbi->ring_buffer)
+ return -ENOENT;
return sprintf(buf, "%u\n", hv_get_bytes_to_write(rbi));
}