From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Sjur Brændeland" <sjur.brandeland@stericsson.com>,
"Rusty Russell" <rusty@rustcorp.com.au>
Subject: [ 07/61] virtio_console: Dont access uninitialized data.
Date: Tue, 12 Feb 2013 12:34:27 -0800 [thread overview]
Message-ID: <20130212203419.086361026@linuxfoundation.org> (raw)
In-Reply-To: <20130212203417.890993903@linuxfoundation.org>
3.7-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sjur Brændeland <sjur.brandeland@stericsson.com>
commit aded024a12b32fc1ed9a80639681daae2d07ec25 upstream.
Don't access uninitialized work-queue when removing device.
The work queue is initialized only if the device multi-queue.
So don't call cancel_work unless this is a multi-queue device.
This fixes the following panic:
Kernel panic - not syncing: BUG!
Call Trace:
62031b28: [<6026085d>] panic+0x16b/0x2d3
62031b30: [<6004ef5e>] flush_work+0x0/0x1d7
62031b60: [<602606f2>] panic+0x0/0x2d3
62031b68: [<600333b0>] memcpy+0x0/0x140
62031b80: [<6002d58a>] unblock_signals+0x0/0x84
62031ba0: [<602609c5>] printk+0x0/0xa0
62031bd8: [<60264e51>] __mutex_unlock_slowpath+0x13d/0x148
62031c10: [<6004ef5e>] flush_work+0x0/0x1d7
62031c18: [<60050234>] try_to_grab_pending+0x0/0x17e
62031c38: [<6004e984>] get_work_gcwq+0x71/0x8f
62031c48: [<60050539>] __cancel_work_timer+0x5b/0x115
62031c78: [<628acc85>] unplug_port+0x0/0x191 [virtio_console]
62031c98: [<6005061c>] cancel_work_sync+0x12/0x14
62031ca8: [<628ace96>] virtcons_remove+0x80/0x15c [virtio_console]
62031ce8: [<628191de>] virtio_dev_remove+0x1e/0x7e [virtio]
62031d08: [<601cf242>] __device_release_driver+0x75/0xe4
62031d28: [<601cf2dd>] device_release_driver+0x2c/0x40
62031d48: [<601ce0dd>] driver_unbind+0x7d/0xc6
62031d88: [<601cd5d9>] drv_attr_store+0x27/0x29
62031d98: [<60115f61>] sysfs_write_file+0x100/0x14d
62031df8: [<600b737d>] vfs_write+0xcb/0x184
62031e08: [<600b58b8>] filp_close+0x88/0x94
62031e38: [<600b7686>] sys_write+0x59/0x88
62031e88: [<6001ced1>] handle_syscall+0x5d/0x80
62031ea8: [<60030a74>] userspace+0x405/0x531
62031f08: [<600d32cc>] sys_dup+0x0/0x5e
62031f28: [<601b11d6>] strcpy+0x0/0x18
62031f38: [<600be46c>] do_execve+0x10/0x12
62031f48: [<600184c7>] run_init_process+0x43/0x45
62031fd8: [<60019a91>] new_thread_handler+0xba/0xbc
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/virtio_console.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1966,7 +1966,8 @@ static void virtcons_remove(struct virti
/* Disable interrupts for vqs */
vdev->config->reset(vdev);
/* Finish up work that's lined up */
- cancel_work_sync(&portdev->control_work);
+ if (use_multiport(portdev))
+ cancel_work_sync(&portdev->control_work);
list_for_each_entry_safe(port, port2, &portdev->ports, list)
unplug_port(port);
next prev parent reply other threads:[~2013-02-12 21:11 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-12 20:34 [ 00/61] 3.7.8-stable review Greg Kroah-Hartman
2013-02-12 20:34 ` [ 01/61] rtlwifi: Fix the usage of the wrong variable in usb.c Greg Kroah-Hartman
2013-02-12 20:34 ` [ 02/61] rtlwifi: Fix scheduling while atomic bug Greg Kroah-Hartman
2013-02-12 20:34 ` [ 03/61] regulator: max8998: fix incorrect min_uV value for ldo10 Greg Kroah-Hartman
2013-02-12 20:34 ` [ 04/61] regulator: clear state each invocation of of_regulator_match Greg Kroah-Hartman
2013-02-12 20:34 ` [ 05/61] regulator: s2mps11: fix incorrect register for buck10 Greg Kroah-Hartman
2013-02-12 20:34 ` [ 06/61] IB/qib: Fix for broken sparse warning fix Greg Kroah-Hartman
2013-02-12 20:34 ` Greg Kroah-Hartman [this message]
2013-02-12 20:34 ` [ 08/61] Bluetooth: Fix handling of unexpected SMP PDUs Greg Kroah-Hartman
2013-02-12 20:34 ` [ 09/61] Revert "iwlwifi: fix the reclaimed packet tracking upon flush queue" Greg Kroah-Hartman
2013-02-12 20:34 ` [ 10/61] can: c_can: Set reserved bit in IFx_MASK2 to 1 on write Greg Kroah-Hartman
2013-02-12 20:34 ` [ 11/61] mwifiex: fix incomplete scan in case of IE parsing error Greg Kroah-Hartman
2013-02-12 20:34 ` [ 12/61] e1000e: enable ECC on I217/I218 to catch packet buffer memory errors Greg Kroah-Hartman
2013-02-12 20:34 ` [ 13/61] media: pwc-if: must check vb2_queue_init() success Greg Kroah-Hartman
2013-02-12 20:34 ` [ 14/61] ath9k_hw: fix calibration issues on chainmask that dont include chain 0 Greg Kroah-Hartman
2013-02-12 20:34 ` [ 15/61] mfd: db8500-prcmu: Fix irqdomain usage Greg Kroah-Hartman
2013-02-12 20:34 ` [ 16/61] dm thin: fix queue limits stacking Greg Kroah-Hartman
2013-02-12 20:34 ` [ 17/61] net: prevent setting ttl=0 via IP_TTL Greg Kroah-Hartman
2013-02-12 20:34 ` [ 18/61] ipv6: fix the noflags test in addrconf_get_prefix_route Greg Kroah-Hartman
2013-02-12 20:34 ` [ 19/61] net, wireless: overwrite default_ethtool_ops Greg Kroah-Hartman
2013-02-12 20:34 ` [ 20/61] tcp: fix a panic on UP machines in reqsk_fastopen_remove Greg Kroah-Hartman
2013-02-12 20:34 ` [ 21/61] MAINTAINERS: Stephen Hemminger email change Greg Kroah-Hartman
2013-02-12 20:34 ` [ 22/61] ipv6: fix header length calculation in ip6_append_data() Greg Kroah-Hartman
2013-02-12 20:34 ` [ 23/61] macvlan: fix macvlan_get_size() Greg Kroah-Hartman
2013-02-12 20:34 ` [ 24/61] net: calxedaxgmac: throw away overrun frames Greg Kroah-Hartman
2013-02-12 20:34 ` [ 25/61] net/mlx4_en: Fix bridged vSwitch configuration for non SRIOV mode Greg Kroah-Hartman
2013-02-12 20:34 ` [ 26/61] net/mlx4_core: Set number of msix vectors under SRIOV mode to firmware defaults Greg Kroah-Hartman
2013-02-12 20:34 ` [ 27/61] tcp: fix incorrect LOCKDROPPEDICMPS counter Greg Kroah-Hartman
2013-02-12 20:34 ` Greg Kroah-Hartman
2013-02-12 20:34 ` [ 28/61] isdn/gigaset: fix zero size border case in debug dump Greg Kroah-Hartman
2013-02-12 20:34 ` [ 29/61] netxen: fix off by one bug in netxen_release_tx_buffer() Greg Kroah-Hartman
2013-02-12 20:34 ` [ 30/61] r8169: remove the obsolete and incorrect AMD workaround Greg Kroah-Hartman
2013-02-12 20:34 ` Greg Kroah-Hartman
2013-02-12 20:34 ` [ 31/61] net: loopback: fix a dst refcounting issue Greg Kroah-Hartman
2013-02-12 20:34 ` [ 32/61] IP_GRE: Fix kernel panic in IP_GRE with GRE csum Greg Kroah-Hartman
2013-02-12 20:34 ` [ 33/61] pktgen: correctly handle failures when adding a device Greg Kroah-Hartman
2013-02-12 20:34 ` [ 34/61] ipv6: do not create neighbor entries for local delivery Greg Kroah-Hartman
2013-02-12 20:34 ` [ 35/61] via-rhine: Fix bugs in NAPI support Greg Kroah-Hartman
2013-02-12 20:34 ` [ 36/61] packet: fix leakage of tx_ring memory Greg Kroah-Hartman
2013-02-12 20:34 ` [ 37/61] ipv6/ip6_gre: fix error case handling in ip6gre_tunnel_xmit() Greg Kroah-Hartman
2013-02-12 20:34 ` [ 38/61] atm/iphase: rename fregt_t -> ffreg_t Greg Kroah-Hartman
2013-02-12 20:34 ` [ 39/61] xen/netback: shutdown the ring if it contains garbage Greg Kroah-Hartman
2013-02-12 20:35 ` [ 40/61] xen/netback: dont leak pages on failure in xen_netbk_tx_check_gop Greg Kroah-Hartman
2013-02-12 20:35 ` [ 41/61] xen/netback: free already allocated memory on failure in xen_netbk_get_requests Greg Kroah-Hartman
2013-02-12 20:35 ` [ 42/61] netback: correct netbk_tx_err to handle wrap around Greg Kroah-Hartman
2013-02-12 20:35 ` [ 43/61] ipv4: Remove output route check in ipv4_mtu Greg Kroah-Hartman
2013-02-12 20:35 ` Greg Kroah-Hartman
2013-02-12 20:35 ` [ 44/61] ipv4: Dont update the pmtu on mtu locked routes Greg Kroah-Hartman
2013-02-12 20:35 ` [ 45/61] ipv6: Add an error handler for icmp6 Greg Kroah-Hartman
2013-02-12 20:35 ` [ 46/61] ipv4: Invalidate the socket cached route on pmtu events if possible Greg Kroah-Hartman
2013-02-12 20:35 ` [ 47/61] ipv4: Add a socket release callback for datagram sockets Greg Kroah-Hartman
2013-02-12 20:35 ` [ 48/61] ipv4: Fix route refcount on pmtu discovery Greg Kroah-Hartman
2013-02-12 20:35 ` [ 49/61] sctp: refactor sctp_outq_teardown to insure proper re-initalization Greg Kroah-Hartman
2013-02-12 20:35 ` [ 50/61] net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree Greg Kroah-Hartman
2013-02-12 20:35 ` [ 51/61] net: sctp: sctp_endpoint_free: zero out secret key data Greg Kroah-Hartman
2013-02-12 20:35 ` [ 52/61] tcp: detect SYN/data drop when F-RTO is disabled Greg Kroah-Hartman
2013-02-12 20:35 ` [ 53/61] tcp: fix an infinite loop in tcp_slow_start() Greg Kroah-Hartman
2013-02-12 20:35 ` Greg Kroah-Hartman
2013-02-12 20:35 ` [ 54/61] tcp: frto should not set snd_cwnd to 0 Greg Kroah-Hartman
2013-02-12 20:35 ` Greg Kroah-Hartman
2013-02-12 20:35 ` [ 55/61] tcp: fix for zero packets_in_flight was too broad Greg Kroah-Hartman
2013-02-12 20:35 ` Greg Kroah-Hartman
2013-02-12 20:35 ` [ 56/61] tcp: dont abort splice() after small transfers Greg Kroah-Hartman
2013-02-12 20:35 ` [ 57/61] tcp: splice: fix an infinite loop in tcp_read_sock() Greg Kroah-Hartman
2013-02-12 20:35 ` [ 58/61] tcp: fix splice() and tcp collapsing interaction Greg Kroah-Hartman
2013-02-12 20:35 ` [ 59/61] net: splice: avoid high order page splitting Greg Kroah-Hartman
2013-02-12 20:35 ` [ 60/61] net: splice: fix __splice_segment() Greg Kroah-Hartman
2013-02-12 20:35 ` [ 61/61] drm/nouveau: add lockdep annotations Greg Kroah-Hartman
2013-02-13 3:35 ` Peter Hurley
2013-02-13 9:33 ` Arend van Spriel
2013-02-13 9:43 ` Ben Skeggs
2013-02-13 9:52 ` Arend van Spriel
2013-02-13 17:46 ` Marcin Slusarz
2013-02-13 18:38 ` Marcin Slusarz
2013-02-13 7:06 ` [ 00/61] 3.7.8-stable review Satoru Takeuchi
2013-02-13 15:51 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130212203419.086361026@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=sjur.brandeland@stericsson.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.