<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/char/virtio_console.c, branch linux-4.1.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>virtio_console: free buffers after reset</title>
<updated>2018-05-23T01:36:37+00:00</updated>
<author>
<name>Michael S. Tsirkin</name>
<email>mst@redhat.com</email>
</author>
<published>2018-04-20T17:24:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a88e13d9a092fbb772d380944b44eb549ef131fe'/>
<id>a88e13d9a092fbb772d380944b44eb549ef131fe</id>
<content type='text'>
[ Upstream commit a7a69ec0d8e4a58be7db88d33cbfa2912807bb2b ]

Console driver is out of spec. The spec says:
	A driver MUST NOT decrement the available idx on a live
	virtqueue (ie. there is no way to “unexpose” buffers).
and it does exactly that by trying to detach unused buffers
without doing a device reset first.

Defer detaching the buffers until device unplug.

Of course this means we might get an interrupt for
a vq without an attached port now. Handle that by
discarding the consumed buffer.

Reported-by: Tiwei Bie &lt;tiwei.bie@intel.com&gt;
Fixes: b3258ff1d6 ("virtio: Decrement avail idx on buffer detach")
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a7a69ec0d8e4a58be7db88d33cbfa2912807bb2b ]

Console driver is out of spec. The spec says:
	A driver MUST NOT decrement the available idx on a live
	virtqueue (ie. there is no way to “unexpose” buffers).
and it does exactly that by trying to detach unused buffers
without doing a device reset first.

Defer detaching the buffers until device unplug.

Of course this means we might get an interrupt for
a vq without an attached port now. Handle that by
discarding the consumed buffer.

Reported-by: Tiwei Bie &lt;tiwei.bie@intel.com&gt;
Fixes: b3258ff1d6 ("virtio: Decrement avail idx on buffer detach")
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio_console: fix a crash in config_work_handler</title>
<updated>2017-07-31T17:37:50+00:00</updated>
<author>
<name>G. Campana</name>
<email>gcampana@quarkslab.com</email>
</author>
<published>2017-01-19T21:37:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9a44e87bc9da991613b929d3742ce5cd301bbef5'/>
<id>9a44e87bc9da991613b929d3742ce5cd301bbef5</id>
<content type='text'>
[ Upstream commit 8379cadf71c3ee8173a1c6fc1ea7762a9638c047 ]

Using control_work instead of config_work as the 3rd argument to
container_of results in an invalid portdev pointer. Indeed, the work
structure is initialized as below:

    INIT_WORK(&amp;portdev-&gt;config_work, &amp;config_work_handler);

It leads to a crash when portdev-&gt;vdev is dereferenced later. This
bug
is triggered when the guest uses a virtio-console without multiport
feature and receives a config_changed virtio interrupt.

Signed-off-by: G. Campana &lt;gcampana@quarkslab.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 8379cadf71c3ee8173a1c6fc1ea7762a9638c047 ]

Using control_work instead of config_work as the 3rd argument to
container_of results in an invalid portdev pointer. Indeed, the work
structure is initialized as below:

    INIT_WORK(&amp;portdev-&gt;config_work, &amp;config_work_handler);

It leads to a crash when portdev-&gt;vdev is dereferenced later. This
bug
is triggered when the guest uses a virtio-console without multiport
feature and receives a config_changed virtio interrupt.

Signed-off-by: G. Campana &lt;gcampana@quarkslab.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio-console: avoid DMA from stack</title>
<updated>2017-06-13T13:29:17+00:00</updated>
<author>
<name>Omar Sandoval</name>
<email>osandov@fb.com</email>
</author>
<published>2017-02-01T08:02:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0dd8a4702cbc9730ab923720db298c0febd91914'/>
<id>0dd8a4702cbc9730ab923720db298c0febd91914</id>
<content type='text'>
[ Upstream commit c4baad50297d84bde1a7ad45e50c73adae4a2192 ]

put_chars() stuffs the buffer it gets into an sg, but that buffer may be
on the stack. This breaks with CONFIG_VMAP_STACK=y (for me, it
manifested as printks getting turned into NUL bytes).

Signed-off-by: Omar Sandoval &lt;osandov@fb.com&gt;
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c4baad50297d84bde1a7ad45e50c73adae4a2192 ]

put_chars() stuffs the buffer it gets into an sg, but that buffer may be
on the stack. This breaks with CONFIG_VMAP_STACK=y (for me, it
manifested as printks getting turned into NUL bytes).

Signed-off-by: Omar Sandoval &lt;osandov@fb.com&gt;
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio: console: Unlock vqs while freeing buffers</title>
<updated>2016-11-26T03:57:03+00:00</updated>
<author>
<name>Matt Redfearn</name>
<email>matt.redfearn@imgtec.com</email>
</author>
<published>2016-10-11T11:05:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c0b309f18b0144aca3a0abc7fbaa5ab0dc82394c'/>
<id>c0b309f18b0144aca3a0abc7fbaa5ab0dc82394c</id>
<content type='text'>
[ Upstream commit 34563769e438d2881f62cf4d9badc4e589ac0ec0 ]

Commit c6017e793b93 ("virtio: console: add locks around buffer removal
in port unplug path") added locking around the freeing of buffers in the
vq. However, when free_buf() is called with can_sleep = true and rproc
is enabled, it calls dma_free_coherent() directly, requiring interrupts
to be enabled. Currently a WARNING is triggered due to the spin locking
around free_buf, with a call stack like this:

WARNING: CPU: 3 PID: 121 at ./include/linux/dma-mapping.h:433
free_buf+0x1a8/0x288
Call Trace:
[&lt;8040c538&gt;] show_stack+0x74/0xc0
[&lt;80757240&gt;] dump_stack+0xd0/0x110
[&lt;80430d98&gt;] __warn+0xfc/0x130
[&lt;80430ee0&gt;] warn_slowpath_null+0x2c/0x3c
[&lt;807e7c6c&gt;] free_buf+0x1a8/0x288
[&lt;807ea590&gt;] remove_port_data+0x50/0xac
[&lt;807ea6a0&gt;] unplug_port+0xb4/0x1bc
[&lt;807ea858&gt;] virtcons_remove+0xb0/0xfc
[&lt;807b6734&gt;] virtio_dev_remove+0x58/0xc0
[&lt;807f918c&gt;] __device_release_driver+0xac/0x134
[&lt;807f924c&gt;] device_release_driver+0x38/0x50
[&lt;807f7edc&gt;] bus_remove_device+0xfc/0x130
[&lt;807f4b74&gt;] device_del+0x17c/0x21c
[&lt;807f4c38&gt;] device_unregister+0x24/0x38
[&lt;807b6b50&gt;] unregister_virtio_device+0x28/0x44

Fix this by restructuring the loops to allow the locks to only be taken
where it is necessary to protect the vqs, and release it while the
buffer is being freed.

Fixes: c6017e793b93 ("virtio: console: add locks around buffer removal in port unplug path")
Cc: stable@vger.kernel.org
Signed-off-by: Matt Redfearn &lt;matt.redfearn@imgtec.com&gt;
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 34563769e438d2881f62cf4d9badc4e589ac0ec0 ]

Commit c6017e793b93 ("virtio: console: add locks around buffer removal
in port unplug path") added locking around the freeing of buffers in the
vq. However, when free_buf() is called with can_sleep = true and rproc
is enabled, it calls dma_free_coherent() directly, requiring interrupts
to be enabled. Currently a WARNING is triggered due to the spin locking
around free_buf, with a call stack like this:

WARNING: CPU: 3 PID: 121 at ./include/linux/dma-mapping.h:433
free_buf+0x1a8/0x288
Call Trace:
[&lt;8040c538&gt;] show_stack+0x74/0xc0
[&lt;80757240&gt;] dump_stack+0xd0/0x110
[&lt;80430d98&gt;] __warn+0xfc/0x130
[&lt;80430ee0&gt;] warn_slowpath_null+0x2c/0x3c
[&lt;807e7c6c&gt;] free_buf+0x1a8/0x288
[&lt;807ea590&gt;] remove_port_data+0x50/0xac
[&lt;807ea6a0&gt;] unplug_port+0xb4/0x1bc
[&lt;807ea858&gt;] virtcons_remove+0xb0/0xfc
[&lt;807b6734&gt;] virtio_dev_remove+0x58/0xc0
[&lt;807f918c&gt;] __device_release_driver+0xac/0x134
[&lt;807f924c&gt;] device_release_driver+0x38/0x50
[&lt;807f7edc&gt;] bus_remove_device+0xfc/0x130
[&lt;807f4b74&gt;] device_del+0x17c/0x21c
[&lt;807f4c38&gt;] device_unregister+0x24/0x38
[&lt;807b6b50&gt;] unregister_virtio_device+0x28/0x44

Fix this by restructuring the loops to allow the locks to only be taken
where it is necessary to protect the vqs, and release it while the
buffer is being freed.

Fixes: c6017e793b93 ("virtio: console: add locks around buffer removal in port unplug path")
Cc: stable@vger.kernel.org
Signed-off-by: Matt Redfearn &lt;matt.redfearn@imgtec.com&gt;
Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio_console: Use bool function return values of true/false not 1/0</title>
<updated>2015-04-03T14:15:30+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2015-03-30T23:46:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f580d730c90c11be0ef4fe88aff3de80845176cb'/>
<id>f580d730c90c11be0ef4fe88aff3de80845176cb</id>
<content type='text'>
Use the normal return values for bool functions

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Use the normal return values for bool functions

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio_console: avoid config access from irq</title>
<updated>2015-03-05T03:06:18+00:00</updated>
<author>
<name>Michael S. Tsirkin</name>
<email>mst@redhat.com</email>
</author>
<published>2015-03-05T00:15:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=eeb8a7e8bb123e84daeef84f5a2eab99ad2839a2'/>
<id>eeb8a7e8bb123e84daeef84f5a2eab99ad2839a2</id>
<content type='text'>
when multiport is off, virtio console invokes config access from irq
context, config access is blocking on s390.
Fix this up by scheduling work from config irq - similar to what we do
for multiport configs.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
Cc: stable@kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
when multiport is off, virtio console invokes config access from irq
context, config access is blocking on s390.
Fix this up by scheduling work from config irq - similar to what we do
for multiport configs.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
Cc: stable@kernel.org
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio_console: init work unconditionally</title>
<updated>2015-03-05T03:06:17+00:00</updated>
<author>
<name>Michael S. Tsirkin</name>
<email>mst@redhat.com</email>
</author>
<published>2015-03-05T00:15:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4f6e24ed9de8634d6471ef86b382cba6d4e57ca8'/>
<id>4f6e24ed9de8634d6471ef86b382cba6d4e57ca8</id>
<content type='text'>
when multiport is off, we don't initialize config work,
but we then cancel uninitialized control_work on freeze.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
Cc: stable@kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
when multiport is off, we don't initialize config work,
but we then cancel uninitialized control_work on freeze.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Reviewed-by: Amit Shah &lt;amit.shah@redhat.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
Cc: stable@kernel.org
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio: don't require a config space on the console device.</title>
<updated>2015-02-11T04:33:17+00:00</updated>
<author>
<name>Rusty Russell</name>
<email>rusty@rustcorp.com.au</email>
</author>
<published>2015-02-11T04:31:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=be8ff5952a8d943660d3c01f1abf4e71eb565fdb'/>
<id>be8ff5952a8d943660d3c01f1abf4e71eb565fdb</id>
<content type='text'>
Strictly, it's only needed when we have features (size or multiport).

Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Strictly, it's only needed when we have features (size or multiport).

Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio/console: verify device has config space</title>
<updated>2015-01-21T05:58:46+00:00</updated>
<author>
<name>Michael S. Tsirkin</name>
<email>mst@redhat.com</email>
</author>
<published>2015-01-12T14:23:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=011f0e7a6944855436fb29c7a7e6c3c89c95f8fb'/>
<id>011f0e7a6944855436fb29c7a7e6c3c89c95f8fb</id>
<content type='text'>
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/console needs config space access so make it
fail gracefully if not there.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/console needs config space access so make it
fail gracefully if not there.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>virtio_console: fix sparse warnings</title>
<updated>2014-12-09T10:06:33+00:00</updated>
<author>
<name>Michael S. Tsirkin</name>
<email>mst@redhat.com</email>
</author>
<published>2014-12-01T11:31:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=48b36066b48025b7cd7d46c9a879f2f72fd9086a'/>
<id>48b36066b48025b7cd7d46c9a879f2f72fd9086a</id>
<content type='text'>
CHECK drivers/char/virtio_console.c
drivers/char/virtio_console.c:687:36: warning: incorrect type in
	argument 1 (different address spaces)
drivers/char/virtio_console.c:687:36:    expected void [noderef]
	&lt;asn:1&gt;*to
drivers/char/virtio_console.c:687:36:    got char *out_buf
drivers/char/virtio_console.c:790:35: warning: incorrect type in
	argument 2 (different address spaces)
drivers/char/virtio_console.c:790:35:    expected char *out_buf
drivers/char/virtio_console.c:790:35:    got char [noderef]
	&lt;asn:1&gt;*ubuf

fill_readbuf is reused with both kernel and userspace pointers,
depending on value of to_user flag.

Tag address parameter as __user, and cast to/from regular pointer type
when we know it's safe.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;




</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
CHECK drivers/char/virtio_console.c
drivers/char/virtio_console.c:687:36: warning: incorrect type in
	argument 1 (different address spaces)
drivers/char/virtio_console.c:687:36:    expected void [noderef]
	&lt;asn:1&gt;*to
drivers/char/virtio_console.c:687:36:    got char *out_buf
drivers/char/virtio_console.c:790:35: warning: incorrect type in
	argument 2 (different address spaces)
drivers/char/virtio_console.c:790:35:    expected char *out_buf
drivers/char/virtio_console.c:790:35:    got char [noderef]
	&lt;asn:1&gt;*ubuf

fill_readbuf is reused with both kernel and userspace pointers,
depending on value of to_user flag.

Tag address parameter as __user, and cast to/from regular pointer type
when we know it's safe.

Signed-off-by: Michael S. Tsirkin &lt;mst@redhat.com&gt;




</pre>
</div>
</content>
</entry>
</feed>
