From: Stefano Garzarella <sgarzare@redhat.com>
To: netdev@vger.kernel.org
Cc: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org,
Stefan Hajnoczi <stefanha@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Jason Wang <jasowang@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 3/3] vsock/virtio: fix flush of works during the .remove()
Date: Fri, 28 Jun 2019 14:36:59 +0200 [thread overview]
Message-ID: <20190628123659.139576-4-sgarzare@redhat.com> (raw)
In-Reply-To: <20190628123659.139576-1-sgarzare@redhat.com>
This patch moves the flush of works after vdev->config->del_vqs(vdev),
because we need to be sure that no workers run before to free the
'vsock' object.
Since we stopped the workers using the [tx|rx|event]_run flags,
we are sure no one is accessing the device while we are calling
vdev->config->reset(vdev), so we can safely move the workers' flush.
Before the vdev->config->del_vqs(vdev), workers can be scheduled
by VQ callbacks, so we must flush them after del_vqs(), to avoid
use-after-free of 'vsock' object.
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
net/vmw_vsock/virtio_transport.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 1b44ec6f3f6c..96dafa978268 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -680,12 +680,6 @@ static void virtio_vsock_remove(struct virtio_device *vdev)
rcu_assign_pointer(the_virtio_vsock, NULL);
synchronize_rcu();
- flush_work(&vsock->loopback_work);
- flush_work(&vsock->rx_work);
- flush_work(&vsock->tx_work);
- flush_work(&vsock->event_work);
- flush_work(&vsock->send_pkt_work);
-
/* Reset all connected sockets when the device disappear */
vsock_for_each_connected_socket(virtio_vsock_reset_sock);
@@ -740,6 +734,15 @@ static void virtio_vsock_remove(struct virtio_device *vdev)
/* Delete virtqueues and flush outstanding callbacks if any */
vdev->config->del_vqs(vdev);
+ /* Other works can be queued before 'config->del_vqs()', so we flush
+ * all works before to free the vsock object to avoid use after free.
+ */
+ flush_work(&vsock->loopback_work);
+ flush_work(&vsock->rx_work);
+ flush_work(&vsock->tx_work);
+ flush_work(&vsock->event_work);
+ flush_work(&vsock->send_pkt_work);
+
mutex_unlock(&the_virtio_vsock_mutex);
kfree(vsock);
--
2.20.1
next prev parent reply other threads:[~2019-06-28 12:37 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-28 12:36 [PATCH v2 0/3] vsock/virtio: several fixes in the .probe() and .remove() Stefano Garzarella
2019-06-28 12:36 ` [PATCH v2 1/3] vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock Stefano Garzarella
2019-07-01 14:54 ` Stefan Hajnoczi
2019-07-01 14:54 ` Stefan Hajnoczi
2019-07-01 15:10 ` Stefan Hajnoczi
2019-07-01 15:10 ` Stefan Hajnoczi
2019-07-03 9:53 ` Jason Wang
2019-07-03 9:53 ` Jason Wang
2019-07-03 10:41 ` Stefano Garzarella
2019-07-04 3:58 ` Jason Wang
2019-07-04 3:58 ` Jason Wang
2019-07-04 9:20 ` Stefano Garzarella
2019-07-04 9:20 ` Stefano Garzarella
2019-07-05 0:18 ` Jason Wang
2019-07-05 0:18 ` Jason Wang
2019-07-04 10:17 ` Stefan Hajnoczi
2019-07-04 10:17 ` Stefan Hajnoczi
2019-07-03 10:41 ` Stefano Garzarella
2019-06-28 12:36 ` Stefano Garzarella
2019-06-28 12:36 ` [PATCH v2 2/3] vsock/virtio: stop workers during the .remove() Stefano Garzarella
2019-06-28 12:36 ` Stefano Garzarella
2019-07-04 4:00 ` Jason Wang
2019-07-04 4:00 ` Jason Wang
2019-06-28 12:36 ` [PATCH v2 3/3] vsock/virtio: fix flush of works " Stefano Garzarella
2019-06-28 12:36 ` Stefano Garzarella [this message]
2019-07-01 15:08 ` Stefan Hajnoczi
2019-07-01 15:08 ` Stefan Hajnoczi
2019-07-01 15:09 ` Stefan Hajnoczi
2019-07-01 15:09 ` Stefan Hajnoczi
2019-07-01 15:11 ` [PATCH v2 0/3] vsock/virtio: several fixes in the .probe() and .remove() Stefan Hajnoczi
2019-07-01 15:11 ` Stefan Hajnoczi
2019-07-01 17:03 ` Stefano Garzarella
2019-07-03 9:14 ` Stefan Hajnoczi
2019-07-03 9:14 ` Stefan Hajnoczi
2019-07-03 10:07 ` Stefano Garzarella
2019-07-03 10:07 ` Stefano Garzarella
2019-07-01 17:03 ` Stefano Garzarella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190628123659.139576-4-sgarzare@redhat.com \
--to=sgarzare@redhat.com \
--cc=davem@davemloft.net \
--cc=jasowang@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.