vhost: reset metadata cache when initializing new IOTLB
We need to reset metadata cache during new IOTLB initialization,
otherwise the stale pointers to previous IOTLB may be still accessed
which will lead a use after free.
Reported-by: syzbot+c51e6736a1bf614b3272@syzkaller.appspotmail.com
Fixes: f889491380 ("vhost: introduce O(1) vq metadata cache")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jason Wang
David S. Miller
parent
0dcb82254d
commit
b13f9c6364
1 changed files with 6 additions and 3 deletions
|
|
@ -1560,9 +1560,12 @@ int vhost_init_device_iotlb(struct vhost_dev *d, bool enabled)
|
|||
d->iotlb = niotlb;
|
||||
|
||||
for (i = 0; i < d->nvqs; ++i) {
|
||||
mutex_lock(&d->vqs[i]->mutex);
|
||||
d->vqs[i]->iotlb = niotlb;
|
||||
mutex_unlock(&d->vqs[i]->mutex);
|
||||
struct vhost_virtqueue *vq = d->vqs[i];
|
||||
|
||||
mutex_lock(&vq->mutex);
|
||||
vq->iotlb = niotlb;
|
||||
__vhost_vq_meta_reset(vq);
|
||||
mutex_unlock(&vq->mutex);
|
||||
}
|
||||
|
||||
vhost_umem_clean(oiotlb);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue