Drivers: hv: utils: fix crash when device is removed from host side
The crash is observed when a service is being disabled host side while
userspace daemon is connected to the device:
[ 90.244859] general protection fault: 0000 [#1] SMP
...
[ 90.800082] Call Trace:
[ 90.800082] [<
ffffffff81187008>] __fput+0xc8/0x1f0
[ 90.800082] [<
ffffffff8118716e>] ____fput+0xe/0x10
...
[ 90.800082] [<
ffffffff81015278>] do_signal+0x28/0x580
[ 90.800082] [<
ffffffff81086656>] ? finish_task_switch+0xa6/0x180
[ 90.800082] [<
ffffffff81443ebf>] ? __schedule+0x28f/0x870
[ 90.800082] [<
ffffffffa01ebbaa>] ? hvt_op_read+0x12a/0x140 [hv_utils]
...
The problem is that hvutil_transport_destroy() which does misc_deregister()
freeing the appropriate device is reachable by two paths: module unload
and from util_remove(). While module unload path is protected by .owner in
struct file_operations util_remove() path is not. Freeing the device while
someone holds an open fd for it is a show stopper.
In general, it is not possible to revoke an fd from all users so the only
way to solve the issue is to defer freeing the hvutil_transport structure.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Orabug:
27426102
(cherry picked from commit
9420098adc50a88d4a441e0f92d54bfa7af44448)
Signed-off-by: Jack Vogel <jack.vogel@oracle.com>
Reviewed-by: Tim Tianyang Chen <tianyang.chen@oracle.com>
projects / users / jedix / linux-maple.git / commit