• Vlad Yasevich's avatar
    macvtap: Fix race between device delete and open. · 34596a86
    Vlad Yasevich authored
    [ Upstream commit 40b8fe45 ]
    
    In macvtap device delete and open calls can race and
    this causes a list curruption of the vlan queue_list.
    
    The race intself is triggered by the idr accessors
    that located the vlan device.  The device is stored
    into and removed from the idr under both an rtnl and
    a mutex.  However, when attempting to locate the device
    in idr, only a mutex is taken.  As a result, once cpu
    perfoming a delete may take an rtnl and wait for the mutex,
    while another cput doing an open() will take the idr
    mutex first to fetch the device pointer and later take
    an rtnl to add a queue for the device which may have
    just gotten deleted.
    
    With this patch, we now hold the rtnl for the duration
    of the macvtap_open() call thus making sure that
    open will not race with delete.
    
    CC: Michael S. Tsirkin <mst@redhat.com>
    CC: Jason Wang <jasowang@redhat.com>
    Signed-off-by: default avatarVladislav Yasevich <vyasevic@redhat.com>
    Acked-by: default avatarJason Wang <jasowang@redhat.com>
    Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    34596a86
macvtap.c 29.3 KB