Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b13f9c63 authored by Jason Wang's avatar Jason Wang Committed by David S. Miller
Browse files

vhost: reset metadata cache when initializing new IOTLB 



We need to reset metadata cache during new IOTLB initialization,
otherwise the stale pointers to previous IOTLB may be still accessed
which will lead a use after free.

Reported-by: default avatar <syzbot+c51e6736a1bf614b3272@syzkaller.appspotmail.com>
Fixes: f8894913 ("vhost: introduce O(1) vq metadata cache")
Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0dcb8225

drivers/vhost/vhost.c

+6 −3
Original line number Diff line number Diff line
@@ -1560,9 +1560,12 @@ int vhost_init_device_iotlb(struct vhost_dev *d, bool enabled) 
	d->iotlb = niotlb;



	for (i = 0; i < d->nvqs; ++i) {

		mutex_lock(&d->vqs[i]->mutex);

		d->vqs[i]->iotlb = niotlb;

		mutex_unlock(&d->vqs[i]->mutex);

		struct vhost_virtqueue *vq = d->vqs[i];



		mutex_lock(&vq->mutex);

		vq->iotlb = niotlb;

		__vhost_vq_meta_reset(vq);

		mutex_unlock(&vq->mutex);

	}



	vhost_umem_clean(oiotlb);