9p/trans_virtio: fix hot-unplug

On device hot-unplug, 9p/virtio currently will kfree channel while it might still be in use. Of course, it might stay used forever, so it's an extremely ugly hack, but it seems better than use-after-free that we have now. [ Unused variable removed, whitespace cleanup, msg single-lined --RR ] Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
author: Michael S. Tsirkin <mst@redhat.com> 2015-03-11 21:23:41 -0400
committer: Rusty Russell <rusty@rustcorp.com.au> 2015-03-13 01:25:41 -0400
commit: 8051a2a518fcf3827a143470083ad6008697ff17 (patch)
tree: b4175841d94bc9b3aef2e92a46e708e9856eea0e /net
parent: 3d2a3774c1b046f548ebea0391a602fd5685a307 (diff)
1 files changed, 20 insertions, 4 deletions
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index d8e376a5f0f1..36a1a739ad68 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -658,14 +658,30 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
 static void p9_virtio_remove(struct virtio_device *vdev)
 {
        struct virtio_chan *chan = vdev->priv;
+        unsigned long warning_time;
-        if (chan->inuse)
-                p9_virtio_close(chan->client);
-        vdev->config->del_vqs(vdev);
        mutex_lock(&virtio_9p_lock);
+        /* Remove self from list so we don't get new users. */
        list_del(&chan->chan_list);
+        warning_time = jiffies;
+        /* Wait for existing users to close. */
+        while (chan->inuse) {
+                mutex_unlock(&virtio_9p_lock);
+                msleep(250);
+                if (time_after(jiffies, warning_time + 10 * HZ)) {
+                        dev_emerg(&vdev->dev,
+                                  "p9_virtio_remove: waiting for device in use.\n");
+                        warning_time = jiffies;
+                }
+                mutex_lock(&virtio_9p_lock);
+        }
        mutex_unlock(&virtio_9p_lock);
+        vdev->config->del_vqs(vdev);
        sysfs_remove_file(&(vdev->dev.kobj), &dev_attr_mount_tag.attr);
        kobject_uevent(&(vdev->dev.kobj), KOBJ_CHANGE);
        kfree(chan->tag);
author	Michael S. Tsirkin <mst@redhat.com>	2015-03-11 21:23:41 -0400
committer	Rusty Russell <rusty@rustcorp.com.au>	2015-03-13 01:25:41 -0400
commit	8051a2a518fcf3827a143470083ad6008697ff17 (patch)
tree	b4175841d94bc9b3aef2e92a46e708e9856eea0e /net
parent	3d2a3774c1b046f548ebea0391a602fd5685a307 (diff)

diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index d8e376a5f0f1..36a1a739ad68 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c
@@ -658,14 +658,30 @@ p9_virtio_create(struct p9_client client, const char devname, char *args)
658	static void p9_virtio_remove(struct virtio_device *vdev)	658	static void p9_virtio_remove(struct virtio_device *vdev)
659	{	659	{
660	struct virtio_chan *chan = vdev->priv;	660	struct virtio_chan *chan = vdev->priv;
661		661	unsigned long warning_time;
662	if (chan->inuse)
663	p9_virtio_close(chan->client);
664	vdev->config->del_vqs(vdev);
665		662
666	mutex_lock(&virtio_9p_lock);	663	mutex_lock(&virtio_9p_lock);
		664
		665	/* Remove self from list so we don't get new users. */
667	list_del(&chan->chan_list);	666	list_del(&chan->chan_list);
		667	warning_time = jiffies;
		668
		669	/* Wait for existing users to close. */
		670	while (chan->inuse) {
		671	mutex_unlock(&virtio_9p_lock);
		672	msleep(250);
		673	if (time_after(jiffies, warning_time + 10 * HZ)) {
		674	dev_emerg(&vdev->dev,
		675	"p9_virtio_remove: waiting for device in use.\n");
		676	warning_time = jiffies;
		677	}
		678	mutex_lock(&virtio_9p_lock);
		679	}
		680
668	mutex_unlock(&virtio_9p_lock);	681	mutex_unlock(&virtio_9p_lock);
		682
		683	vdev->config->del_vqs(vdev);
		684
669	sysfs_remove_file(&(vdev->dev.kobj), &dev_attr_mount_tag.attr);	685	sysfs_remove_file(&(vdev->dev.kobj), &dev_attr_mount_tag.attr);
670	kobject_uevent(&(vdev->dev.kobj), KOBJ_CHANGE);	686	kobject_uevent(&(vdev->dev.kobj), KOBJ_CHANGE);
671	kfree(chan->tag);	687	kfree(chan->tag);