Commit a9d06452 authored by Xie Yongji's avatar Xie Yongji Committed by Michael S. Tsirkin

vhost-vdpa: protect concurrent access to vhost device iotlb

Protect vhost device iotlb by vhost_dev->mutex. Otherwise,
it might cause corruption of the list and interval tree in
struct vhost_iotlb if userspace sends the VHOST_IOTLB_MSG_V2
message concurrently.

Fixes: 4c8cf318("vhost: introduce vDPA-based backend")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarXie Yongji <xieyongji@bytedance.com>
Acked-by: default avatarJason Wang <jasowang@redhat.com>
Reviewed-by: default avatarStefano Garzarella <sgarzare@redhat.com>
Link: https://lore.kernel.org/r/20210412095512.178-1-xieyongji@bytedance.comSigned-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent bc04d93e
...@@ -745,9 +745,11 @@ static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, ...@@ -745,9 +745,11 @@ static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev,
const struct vdpa_config_ops *ops = vdpa->config; const struct vdpa_config_ops *ops = vdpa->config;
int r = 0; int r = 0;
mutex_lock(&dev->mutex);
r = vhost_dev_check_owner(dev); r = vhost_dev_check_owner(dev);
if (r) if (r)
return r; goto unlock;
switch (msg->type) { switch (msg->type) {
case VHOST_IOTLB_UPDATE: case VHOST_IOTLB_UPDATE:
...@@ -768,6 +770,8 @@ static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, ...@@ -768,6 +770,8 @@ static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev,
r = -EINVAL; r = -EINVAL;
break; break;
} }
unlock:
mutex_unlock(&dev->mutex);
return r; return r;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment