Re: [PATCH net v2] vhost: fix a theoretical race in device cleanup
From: David Miller <davem@davemloft.net>
Date: 2014-02-13 23:48:31
Also in:
kvm, lkml, netdev
From: "Michael S. Tsirkin" <mst@redhat.com> Date: Thu, 13 Feb 2014 11:45:11 +0200
vhost_zerocopy_callback accesses VQ right after it drops a ubuf reference. In theory, this could race with device removal which waits on the ubuf kref, and crash on use after free. Do all accesses within rcu read side critical section, and synchronize on release. Since callbacks are always invoked from bh, synchronize_rcu_bh seems enough and will help release complete a bit faster. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> --- This is was previously posted as part of patch series, but it's an independent fix really. Theoretical race so not needed for stable I think.
Ok, no -stable, applied.