vduse: Fix race in vduse_dev_msg_sync and vduse_dev_read_iter - kernel/linux.git

diff options

author	Zhang Tianci <zhangtianci.1997@bytedance.com>	2026-02-26 14:55:50 +0300
committer	Michael S. Tsirkin <mst@redhat.com>	2026-06-10 09:16:59 +0300
commit	ae9c13b6fd79087cc5a216ee1649b6f012c2a238 (patch)
tree	ba0485454532e64a15a76fae147f5e060143f18c /include/linux
parent	373ec43ded742b2f3aecf14731ffe1a57f438f38 (diff)
download	linux-ae9c13b6fd79087cc5a216ee1649b6f012c2a238.tar.xz

vduse: Fix race in vduse_dev_msg_sync and vduse_dev_read_iter

There is one race case in vduse_dev_msg_sync and vduse_dev_read_iter: vduse_dev_read_iter(): lock(msg_lock); dequeue_msg(send_list); unlock(msg_lock); vduse_dev_msg_sync(): wait_timeout() finish lock(msg_lock); check msg->complete is false list_del(msg); <- double list_del() crash! To fix this case, we shall ensure vduse_msg is on send_list or recv_list outside the msg_lock critical section. Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") Cc: stable@vger.kernel.org Signed-off-by: Zhang Tianci <zhangtianci.1997@bytedance.com> Reviewed-by: Xie Yongji <xieyongji@bytedance.com> Acked-by: Jason Wang <jasowang@redhat.com> Acked-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Message-ID: <20260226115550.1814-3-zhangtianci.1997@bytedance.com>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: