Patch "virtio: Don't access index after unregister." has been added to the 3.6-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    virtio: Don't access index after unregister.

to the 3.6-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     virtio-don-t-access-index-after-unregister.patch
and it can be found in the queue-3.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 237242bddc99041e15a4ca51b8439657cadaff17 Mon Sep 17 00:00:00 2001
From: Cornelia Huck <cornelia.h...@de.ibm.com>
Date: Fri, 9 Nov 2012 14:54:12 +1030
Subject: virtio: Don't access index after unregister.

From: Cornelia Huck <cornelia.h...@de.ibm.com>

commit 237242bddc99041e15a4ca51b8439657cadaff17 upstream.

Virtio wants to release used indices after the corresponding
virtio device has been unregistered. However, virtio does not
hold an extra reference, giving up its last reference with
device_unregister(), making accessing dev->index afterwards
invalid.

I actually saw problems when testing my (not-yet-merged)
virtio-ccw code:

- device_add virtio-net,id=xxx
-> creates device virtio<n> with n>0

- device_del xxx
-> deletes virtio<n>, but calls ida_simple_remove with an
   index of 0

- device_add virtio-net,id=xxx
-> tries to add virtio0, which is still in use...

So let's save the index we want to release before calling
device_unregister().

Signed-off-by: Cornelia Huck <cornelia.h...@de.ibm.com>
Acked-by: Sjur Brændeland <sjur.brandel...@stericsson.com>
Signed-off-by: Rusty Russell <ru...@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 drivers/virtio/virtio.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -225,8 +225,10 @@ EXPORT_SYMBOL_GPL(register_virtio_device
 
 void unregister_virtio_device(struct virtio_device *dev)
 {
+       int index = dev->index; /* save for after device release */
+
        device_unregister(&dev->dev);
-       ida_simple_remove(&virtio_index_ida, dev->index);
+       ida_simple_remove(&virtio_index_ida, index);
 }
 EXPORT_SYMBOL_GPL(unregister_virtio_device);
 


Patches currently in stable-queue which might be from cornelia.h...@de.ibm.com 
are

queue-3.6/virtio-don-t-access-index-after-unregister.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html