Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Commit: b20510e649a47e4e9ec63aef16c0f8955ace980b

Blob Blame History Raw

Subject: hv: avoid crash in vmbus sysfs files
From: Olaf Hering <ohering@suse.de>
Patch-mainline: Never, carry this change until upstream provides better method
References: bnc#1108377

If vmbus_device_register is called, and then something reads the
populated sysfs files before vmbus_open returns, nothing protects
rbi->ring_buffer in this case, which remains NULL until vmbus_open
populates it.

A better change is pending.

--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -1182,6 +1182,8 @@ static const struct sysfs_ops vmbus_chan
 static ssize_t out_mask_show(const struct vmbus_channel *channel, char *buf)
 {
 	const struct hv_ring_buffer_info *rbi = &channel->outbound;
+	if (!rbi->ring_buffer)
+		return -ENOENT;
 
 	return sprintf(buf, "%u\n", rbi->ring_buffer->interrupt_mask);
 }
@@ -1190,6 +1192,8 @@ VMBUS_CHAN_ATTR_RO(out_mask);
 static ssize_t in_mask_show(const struct vmbus_channel *channel, char *buf)
 {
 	const struct hv_ring_buffer_info *rbi = &channel->inbound;
+	if (!rbi->ring_buffer)
+		return -ENOENT;
 
 	return sprintf(buf, "%u\n", rbi->ring_buffer->interrupt_mask);
 }
@@ -1198,6 +1202,8 @@ VMBUS_CHAN_ATTR_RO(in_mask);
 static ssize_t read_avail_show(const struct vmbus_channel *channel, char *buf)
 {
 	const struct hv_ring_buffer_info *rbi = &channel->inbound;
+	if (!rbi->ring_buffer)
+		return -ENOENT;
 
 	return sprintf(buf, "%u\n", hv_get_bytes_to_read(rbi));
 }
@@ -1206,6 +1212,8 @@ VMBUS_CHAN_ATTR_RO(read_avail);
 static ssize_t write_avail_show(const struct vmbus_channel *channel, char *buf)
 {
 	const struct hv_ring_buffer_info *rbi = &channel->outbound;
+	if (!rbi->ring_buffer)
+		return -ENOENT;
 
 	return sprintf(buf, "%u\n", hv_get_bytes_to_write(rbi));
 }

kernel / kernel-source

Source Code

Files