Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ae599446 authored by Michael S. Tsirkin's avatar Michael S. Tsirkin Committed by Greg Kroah-Hartman
Browse files

vhost/test: stop device before reset 



[ Upstream commit 245cdd9fbd396483d501db83047116e2530f245f ]

When device stop was moved out of reset, test device wasn't updated to
stop before reset, this resulted in a use after free.  Fix by invoking
stop appropriately.

Fixes: b211616d ("vhost: move -net specific code out")
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 2e7d73cb

drivers/vhost/test.c

+2 −0
Original line number Diff line number Diff line
@@ -162,6 +162,7 @@ static int vhost_test_release(struct inode *inode, struct file *f) 


	vhost_test_stop(n, &private);

	vhost_test_flush(n);

	vhost_dev_stop(&n->dev);

	vhost_dev_cleanup(&n->dev);

	/* We do an extra flush before freeing memory,

	 * since jobs can re-queue themselves. */
@@ -238,6 +239,7 @@ static long vhost_test_reset_owner(struct vhost_test *n) 
	}

	vhost_test_stop(n, &priv);

	vhost_test_flush(n);

	vhost_dev_stop(&n->dev);

	vhost_dev_reset_owner(&n->dev, umem);

done:

	mutex_unlock(&n->dev.mutex);