vhost: fix a theoretical race in device cleanup
authorMichael S. Tsirkin <mst@redhat.com>
Thu, 13 Feb 2014 09:45:11 +0000 (11:45 +0200)
committerDavid S. Miller <davem@davemloft.net>
Thu, 13 Feb 2014 23:47:30 +0000 (18:47 -0500)
commitb0c057ca7e835b36c6050c7627634b664796c1d6
tree328353448d8946ef639ed9c0d5be239e38058859
parent0ad8b480d6ee916aa84324f69acf690142aecd0e
vhost: fix a theoretical race in device cleanup

vhost_zerocopy_callback accesses VQ right after it drops a ubuf
reference.  In theory, this could race with device removal which waits
on the ubuf kref, and crash on use after free.

Do all accesses within rcu read side critical section, and synchronize
on release.

Since callbacks are always invoked from bh, synchronize_rcu_bh seems
enough and will help release complete a bit faster.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/vhost/net.c