On Wed, Jan 12, 2022 at 2:34 AM Eli Cohen <elic at nvidia.com>
wrote:>
> Call reset using the wrapper function vdpa_reset() to make sure the
> operation is serialized with cf_mutex.
>
> This comes to protect from the following possible scenario:
>
> vhost_vdpa_set_status() could call the reset op. Since the call is not
> protected by cf_mutex, a netlink thread calling vdpa_dev_config_fill
> could get passed the VIRTIO_CONFIG_S_FEATURES_OK check in
> vdpa_dev_config_fill() and end up reporting wrong features.
>
> Fixes: 5f6e85953d8f ("vdpa: Read device configuration only if
FEATURES_OK")
> Signed-off-by: Eli Cohen <elic at nvidia.com>
Acked-by: Jason Wang <jasowang at redhat.com>
> ---
> drivers/vhost/vdpa.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
> index 0ed6cbadb52d..851539807bc9 100644
> --- a/drivers/vhost/vdpa.c
> +++ b/drivers/vhost/vdpa.c
> @@ -178,7 +178,7 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v,
u8 __user *statusp)
> vhost_vdpa_unsetup_vq_irq(v, i);
>
> if (status == 0) {
> - ret = ops->reset(vdpa);
> + ret = vdpa_reset(vdpa);
> if (ret)
> return ret;
> } else
> --
> 2.34.1
>