Re: [PATCH 1/1] vhost: Protect the virtqueue from being cleared whilst still in use
From: Michael S. Tsirkin
Date: Fri Mar 04 2022 - 11:48:17 EST
On Wed, Mar 02, 2022 at 07:54:21AM +0000, Lee Jones wrote:
> vhost_vsock_handle_tx_kick() already holds the mutex during its call
> to vhost_get_vq_desc(). All we have to do is take the same lock
> during virtqueue clean-up and we mitigate the reported issues.
>
> Link: https://syzkaller.appspot.com/bug?extid=279432d30d825e63ba00
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Reported-by: syzbot+adc3cb32385586bec859@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Lee Jones <lee.jones@xxxxxxxxxx>
OK so please post series with this and the warning
cleaned up comments and commit logs explaining that
this is just to make debugging easier in case
we have issues in the future, it's not a bugfix.
> ---
> drivers/vhost/vhost.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index 59edb5a1ffe28..bbaff6a5e21b8 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -693,6 +693,7 @@ void vhost_dev_cleanup(struct vhost_dev *dev)
> int i;
>
> for (i = 0; i < dev->nvqs; ++i) {
> + mutex_lock(&dev->vqs[i]->mutex);
> if (dev->vqs[i]->error_ctx)
> eventfd_ctx_put(dev->vqs[i]->error_ctx);
> if (dev->vqs[i]->kick)
> @@ -700,6 +701,7 @@ void vhost_dev_cleanup(struct vhost_dev *dev)
> if (dev->vqs[i]->call_ctx.ctx)
> eventfd_ctx_put(dev->vqs[i]->call_ctx.ctx);
> vhost_vq_reset(dev, dev->vqs[i]);
> + mutex_unlock(&dev->vqs[i]->mutex);
> }
> vhost_dev_free_iovecs(dev);
> if (dev->log_ctx)
> --
> 2.35.1.574.g5d30c73bfb-goog