forked from luck/tmp_suning_uos_patched
9420098adc
The crash is observed when a service is being disabled host side while userspace daemon is connected to the device: [ 90.244859] general protection fault: 0000 [#1] SMP ... [ 90.800082] Call Trace: [ 90.800082] [<ffffffff81187008>] __fput+0xc8/0x1f0 [ 90.800082] [<ffffffff8118716e>] ____fput+0xe/0x10 ... [ 90.800082] [<ffffffff81015278>] do_signal+0x28/0x580 [ 90.800082] [<ffffffff81086656>] ? finish_task_switch+0xa6/0x180 [ 90.800082] [<ffffffff81443ebf>] ? __schedule+0x28f/0x870 [ 90.800082] [<ffffffffa01ebbaa>] ? hvt_op_read+0x12a/0x140 [hv_utils] ... The problem is that hvutil_transport_destroy() which does misc_deregister() freeing the appropriate device is reachable by two paths: module unload and from util_remove(). While module unload path is protected by .owner in struct file_operations util_remove() path is not. Freeing the device while someone holds an open fd for it is a show stopper. In general, it is not possible to revoke an fd from all users so the only way to solve the issue is to defer freeing the hvutil_transport structure. Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| channel_mgmt.c | ||
| channel.c | ||
| connection.c | ||
| hv_balloon.c | ||
| hv_fcopy.c | ||
| hv_kvp.c | ||
| hv_snapshot.c | ||
| hv_util.c | ||
| hv_utils_transport.c | ||
| hv_utils_transport.h | ||
| hv.c | ||
| hyperv_vmbus.h | ||
| Kconfig | ||
| Makefile | ||
| ring_buffer.c | ||
| vmbus_drv.c | ||