forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Halil Pasic 2a622040a8 virtio/s390: fix race in ccw_io_helper() 
commit 78b1a52e05 upstream.

While ccw_io_helper() seems like intended to be exclusive in a sense that
it is supposed to facilitate I/O for at most one thread at any given
time, there is actually nothing ensuring that threads won't pile up at
vcdev->wait_q. If they do, all threads get woken up and see the status
that belongs to some other request than their own. This can lead to bugs.
For an example see:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788432

This race normally does not cause any problems. The operations provided
by struct virtio_config_ops are usually invoked in a well defined
sequence, normally don't fail, and are normally used quite infrequent
too.

Yet, if some of the these operations are directly triggered via sysfs
attributes, like in the case described by the referenced bug, userspace
is given an opportunity to force races by increasing the frequency of the
given operations.

Let us fix the problem by ensuring, that for each device, we finish
processing the previous request before starting with a new one.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Reported-by: Colin Ian King <colin.king@canonical.com>
Cc: stable@vger.kernel.org
Message-Id: <20180925121309.58524-3-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-12-13 09:16:18 +01:00
..
accessibility
acpi ACPICA: AML interpreter: add region addresses in global list during initialization 2018-12-01 09:37:30 +01:00
amba
android binder: fix race that allows malicious free of live buffer 2018-12-05 19:32:11 +01:00
ata libata: blacklist SAMSUNG MZ7TD256HAFV-000L9 SSD 2018-11-21 09:19:24 +01:00
atm
auxdisplay
base Char/Misc fixes for 4.19-rc7 2018-10-07 08:15:57 +02:00
bcma
block floppy: fix race condition in __floppy_read_block_0() 2018-12-01 09:37:32 +01:00
bluetooth Bluetooth: hci_qca: Remove hdev dereference in qca_close(). 2018-11-13 11:08:25 -08:00
bus
cdrom cdrom: fix improper type cast, which can leat to information leak. 2018-11-21 09:19:12 +01:00
char tpm: fix response size validation in tpm_get_random() 2018-11-13 11:08:48 -08:00
clk clk: fixed-factor: fix of_node_get-put imbalance 2018-11-27 16:13:04 +01:00
clocksource clockevents/drivers/i8253: Add support for PIT shutdown quirk 2018-11-21 09:19:20 +01:00
connector
cpufreq cpufreq: ti-cpufreq: Only register platform_device when supported 2018-12-13 09:16:13 +01:00
cpuidle ARM: cpuidle: Don't register the driver when back-end init returns -ENXIO 2018-11-21 09:19:23 +01:00
crypto crypto: hisilicon - Fix reference after free of memories on error path 2018-11-21 09:19:17 +01:00
dax device-dax: Add missing address_space_operations 2018-09-22 09:07:33 -07:00
dca
devfreq
dio
dma dmaengine: at_hdmac: fix module unloading 2018-12-05 19:32:12 +01:00
dma-buf
edac EDAC, skx_edac: Fix logical channel intermediate decoding 2018-11-13 11:08:44 -08:00
eisa
extcon
firewire
firmware efi/arm: Revert deferred unmap of early memmap mapping 2018-12-01 09:37:33 +01:00
fmc
fpga fpga: bridge: fix obvious function documentation error 2018-09-30 08:49:55 -07:00
fsi
gnss gnss: sirf: fix synchronous write timeout 2018-11-27 16:13:10 +01:00
gpio gpio: mockup: fix indicated direction 2018-12-13 09:16:12 +01:00
gpu drm/amd/display: Support amdgpu "max bpc" connector property (v2) 2018-12-13 09:16:12 +01:00
hid HID: multitouch: Add pointstick support for Cirque Touchpad 2018-12-13 09:16:13 +01:00
hsi
hv Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() 2018-12-05 19:32:14 +01:00
hwmon hwmon: (ibmpowernv) Remove bogus __init annotations 2018-11-27 16:13:04 +01:00
hwspinlock
hwtracing coresight: etb10: Fix handling of perf mode 2018-11-13 11:08:36 -08:00
i2c i2c: qcom-geni: Fix runtime PM mismatch with child devices 2018-11-27 16:13:06 +01:00
ide
idle
iio iio:st_magn: Fix enable device after trigger 2018-12-05 19:32:13 +01:00
infiniband IB/mlx5: Avoid load failure due to unknown link width 2018-12-08 12:59:07 +01:00
input Input: elan_i2c - add support for ELAN0621 touchpad 2018-12-08 12:59:09 +01:00
iommu iommu/vt-d: Use memunmap to free memremap 2018-12-13 09:16:14 +01:00
ipack
irqchip irqchip/pdc: Setup all edge interrupts as rising edge at GIC 2018-11-13 11:08:34 -08:00
isdn
leds
lightnvm lightnvm: pblk: fix race condition on metadata I/O 2018-11-13 11:08:21 -08:00
macintosh
mailbox mailbox: PCC: handle parse error 2018-11-13 11:08:18 -08:00
mcb
md MD: fix invalid stored role for a disk - try2 2018-11-13 11:09:00 -08:00
media media: dvb-pll: don't re-validate tuner frequencies 2018-12-13 09:16:17 +01:00
memory memory: ti-aemif: fix a potential NULL-pointer dereference 2018-09-06 10:04:07 -07:00
memstick
message
mfd Revert "mfd: cros_ec: Use devm_kzalloc for private data" 2018-12-13 09:16:17 +01:00
misc misc: mic/scif: fix copy-paste error in scif_create_remote_lookup 2018-12-05 19:32:14 +01:00
mmc mmc: sdhci-pci: Workaround GLK firmware failing to restore the tuning value 2018-12-01 09:37:26 +01:00
mtd mtd: spi-nor: Fix Cadence QSPI page fault kernel panic 2018-12-13 09:16:13 +01:00
mux mux: adgs1408: use the correct MODULE_LICENSE 2018-10-12 17:36:39 +02:00
net net: amd: add missing of_node_put() 2018-12-13 09:16:15 +01:00
nfc NFC: nfcmrvl_uart: fix OF child-node lookup 2018-11-13 11:08:48 -08:00
ntb
nubus
nvdimm libnvdimm, pmem: Fix badblocks population for 'raw' namespaces 2018-11-13 11:08:42 -08:00
nvme nvme-fc: resolve io failures during connect 2018-12-13 09:16:11 +01:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of/device: Really only set bus DMA mask when appropriate 2018-11-27 16:13:05 +01:00
opp opp: ti-opp-supply: Correct the supply in _get_optimal_vdd_voltage call 2018-12-01 09:37:27 +01:00
oprofile
parisc
parport
pci PCI: Fix incorrect value returned from pcie_get_speed_cap() 2018-12-05 19:32:07 +01:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf arm64: perf: Reject stand-alone CHAIN events for PMUv3 2018-10-12 15:25:17 +01:00
phy
pinctrl pinctrl: meson: fix meson8b ao pull register bits 2018-12-01 09:37:31 +01:00
platform platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 2018-11-27 16:13:00 +01:00
pnp
power power: supply: twl4030-charger: fix OF sibling-node lookup 2018-11-13 11:08:51 -08:00
powercap
pps
ps3
ptp ptp: fix Spectre v1 vulnerability 2018-10-17 22:00:22 -07:00
pwm
rapidio
ras
regulator regulator: fix crash caused by null driver data 2018-09-20 09:04:51 -07:00
remoteproc remoteproc: qcom: q6v5: Propagate EPROBE_DEFER 2018-11-13 11:08:52 -08:00
reset
rpmsg rpmsg: smd: fix memory leak on channel create 2018-11-13 11:08:55 -08:00
rtc iio/hid-sensors: Fix IIO_CHAN_INFO_RAW returning wrong values for signed numbers 2018-12-05 19:32:13 +01:00
s390 virtio/s390: fix race in ccw_io_helper() 2018-12-13 09:16:18 +01:00
sbus oradax: remove redundant null check before kfree 2018-10-07 22:42:00 -07:00
scsi scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC 2018-12-13 09:16:10 +01:00
sfi
sh
siox
slimbus
sn
soc soc: ti: QMSS: Fix usage of irq_set_affinity_hint 2018-11-21 09:19:18 +01:00
soundwire
spi spi: gpio: No MISO does not imply no RX 2018-11-13 11:08:28 -08:00
spmi
ssb
staging staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station 2018-12-05 19:32:13 +01:00
target scsi: target: Fix target_wait_for_sess_cmds breakage with active signals 2018-11-13 11:08:42 -08:00
tc TC: Set DMA masks for devices 2018-11-13 11:08:51 -08:00
tee
thermal thermal: core: Fix use-after-free in thermal_cooling_device_destroy_sysfs 2018-11-21 09:19:17 +01:00
thunderbolt thunderbolt: Initialize after IOMMUs 2018-10-02 10:51:16 -07:00
tty USB: serial: console: fix reported terminal settings 2018-12-13 09:16:15 +01:00
uio uio: Fix an Oops on load 2018-11-27 16:13:09 +01:00
usb USB: serial: console: fix reported terminal settings 2018-12-13 09:16:15 +01:00
uwb
vfio
vhost vhost/scsi: truncate T10 PI iov_iter to prot_bytes 2018-11-21 09:19:17 +01:00
video mach64: fix image corruption due to reading accelerator registers 2018-11-21 09:19:17 +01:00
virt
virtio
visorbus
vlynq
vme
w1 w1: omap-hdq: fix missing bus unregister at removal 2018-11-13 11:08:48 -08:00
watchdog
xen xen/grant-table: Fix incorrect gnttab_dma_free_pages() pr_debug message 2018-11-27 16:13:04 +01:00
zorro
Kconfig
Makefile