- #BOCHS CONSOLE QUIT DRIVER#
- #BOCHS CONSOLE QUIT PATCH#
- #BOCHS CONSOLE QUIT CODE#
- #BOCHS CONSOLE QUIT BLUETOOTH#
To avoid the case, a kernel should check whether pipe->nrbufs is empty or not Sg_init_table(), but the region is out of bound.
#BOCHS CONSOLE QUIT DRIVER#
(4) The virtio-console driver tries to touch scatterlist structure sgl in (3) The application tries to do splice(write) without pipe->nrbufs.
However, the application does not finish the operation. (2) The application receives SIGINT when is doing splice(read), so splice(read)
(1) The application normally does splice(read) from a kernel buffer, then does This may happen in a following situation: It seems to induce pagefault in sg_init_tabel() when pipe->nrbufs is equal to
#BOCHS CONSOLE QUIT BLUETOOTH#
Modules linked in: lockd sunrpc bnep bluetooth rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer snd microcode virtio_balloon virtio_net pcspkr soundcore i2c_piix4 i2c_core uinput floppyĬPU: 1 PID: 908 Comm: trace-cmd Not tainted 3.10.0+ #49 Happen, but the kernel executed a kernel panic by oops as follows:īUG: unable to handle kernel paging request at ffff882071c8ef28 When an application was doing splice from a kernel buffer to virtio-serial onĪ guest, the application received signal(SIGINT). Quit from splice_write if pipe->nrbufs is 0 for avoiding oops in virtio-serial. ` (2 subsequent siblings) 3 siblings, 0 replies 10+ messages in thread 4:00 virtio/console: Fix two bugs of splice_write Yoshihiro 4:00 ` Yoshihiro YUNOMAE * virtio/console: Quit from splice_write if pipe->nrbufs is 0 Hitachi, Ltd., Yokohama Research LaboratoryĮ-mail: raw reply 10+ messages in thread
virtio/console: Add pipe_lock/unlock for splice_writeĭrivers/char/virtio_console.c | 23 ++++++++++++++++++++-ġ file changed, 20 insertions(+), 3 deletions(-) virtio/console: Quit from splice_write if pipe->nrbufs is 0 Add Reviewed-by lines and line in sign-off area => This induces oops in splice_from_pipe_feed() by bug of any user No lock for competition of splice_write. Although pipe->nrbufs is empty, the driver tries to do splice_write.
#BOCHS CONSOLE QUIT PATCH#
This patch set fixes two bugs of splice_write in the virtio-console driver.
To: Amit Shah, Greg Kroah-Hartman, linux-kernelĬc: Arnd Bergmann, stable, virtualization, Hidehiro Kawai, ` (3 more replies) 0 siblings, 4 replies 10+ messages in threadįrom: Yoshihiro YUNOMAE 4:00 UTC ( / raw)
#BOCHS CONSOLE QUIT CODE#
Virtio/console: Fix two bugs of splice_write All the mail mirrored from help / color / mirror / code / Atom feed * virtio/console: Fix two bugs of splice_write 4:00 Yoshihiro YUNOMAE
0 kommentar(er)
