forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers/vhost
History
Al Viro ec0d801d1a Fix double fget() in vhost_net_set_backend() 
commit fb4554c223 upstream.

Descriptor table is a shared resource; two fget() on the same descriptor
may return different struct file references.  get_tap_ptr_ring() is
called after we'd found (and pinned) the socket we'll be using and it
tries to find the private tun/tap data structures associated with it.
Redoing the lookup by the same file descriptor we'd used to get the
socket is racy - we need to same struct file.

Thanks to Jason for spotting a braino in the original variant of patch -
I'd missed the use of fd == -1 for disabling backend, and in that case
we can end up with sock == NULL and sock != oldsock.

Cc: stable@kernel.org
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-25 09:17:55 +02:00
..
iotlb.c
Kconfig
Makefile
net.c Fix double fget() in vhost_net_set_backend() 2022-05-25 09:17:55 +02:00
scsi.c vhost scsi: fix error return code in vhost_scsi_set_endpoint() 2020-12-30 11:54:00 +01:00
test.c
test.h
vdpa.c vhost_vdpa: don't setup irq offloading when irq_num < 0 2022-05-25 09:17:53 +02:00
vhost.c vhost: Fix the calculation in vhost_overflow() 2021-08-26 08:35:42 -04:00
vhost.h
vringh.c vringh: Use wiov->used to check for read/write desc order 2021-09-03 10:09:27 +02:00
vsock.c vsock: each transport cycles only on its own sockets 2022-03-23 09:13:27 +01:00