• Halil Pasic's avatar
    virtio/s390: fix race in ccw_io_helper() · 78b1a52e
    Halil Pasic authored
    While ccw_io_helper() seems like intended to be exclusive in a sense that
    it is supposed to facilitate I/O for at most one thread at any given
    time, there is actually nothing ensuring that threads won't pile up at
    vcdev->wait_q. If they do, all threads get woken up and see the status
    that belongs to some other request than their own. This can lead to bugs.
    For an example see:
    https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788432
    
    This race normally does not cause any problems. The operations provided
    by struct virtio_config_ops are usually invoked in a well defined
    sequence, normally don't fail, and are normally used quite infrequent
    too.
    
    Yet, if some of the these operations are directly triggered via sysfs
    attributes, like in the case described by the referenced bug, userspace
    is given an opportunity to force races by increasing the frequency of the
    given operations.
    
    Let us fix the problem by ensuring, that for each device, we finish
    processing the previous request before starting with a new one.
    Signed-off-by: default avatarHalil Pasic <pasic@linux.ibm.com>
    Reported-by: default avatarColin Ian King <colin.king@canonical.com>
    Cc: stable@vger.kernel.org
    Message-Id: <20180925121309.58524-3-pasic@linux.ibm.com>
    Signed-off-by: default avatarCornelia Huck <cohuck@redhat.com>
    Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
    78b1a52e
virtio_ccw.c 36 KB