[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.1.2 53/57] vdpa net: zero vhost_vdpa iova_tree pointer at clea
From: |
Michael Tokarev |
Subject: |
[Stable-8.1.2 53/57] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup |
Date: |
Fri, 6 Oct 2023 21:14:42 +0300 |
From: Eugenio Pérez <eperezma@redhat.com>
Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
net device restart.
This is caused because CVQ tries to reuse the iova_tree that is present
in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
As a consequence, it tries to access an iova_tree that has been already
free.
Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
Reported-by: Yanhui Ma <yama@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230913123408.2819185-1-eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Tested-by: Lei Yang <leiyang@redhat.com>
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 0a7a164bc37b4ecbf74466e1e5243d72a768ad06)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 9795306742..977faeb44b 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
dev = s->vhost_vdpa.dev;
if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
+ } else {
+ s->vhost_vdpa.iova_tree = NULL;
}
}
--
2.39.2
- [Stable-8.1.2 00/57] Patch Round-up for stable 8.1.2, freeze on 2023-10-14, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 46/57] subprojects/berkeley-testfloat-3: Update to fix a problem with compiler warnings, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 47/57] target/i386: generalize operand size "ph" for use in CVTPS2PD, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 48/57] target/i386: fix memory operand size for CVTPS2PD, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 49/57] win32: avoid discarding the exception handler, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 50/57] hw/display/ramfb: plug slight guest-triggerable leak on mode setting, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 51/57] chardev/char-pty: Avoid losing bytes when the other side just (re-)connected, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 52/57] linux-user/hppa: Fix struct target_sigcontext layout, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 53/57] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup,
Michael Tokarev <=
- [Stable-8.1.2 54/57] vdpa net: fix error message setting virtio status, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 55/57] vdpa net: stop probing if cannot set features, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 56/57] vdpa net: follow VirtIO initialization properly at cvq isolation probing, Michael Tokarev, 2023/10/06
- [Stable-8.1.2 57/57] amd_iommu: Fix APIC address check, Michael Tokarev, 2023/10/06