korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 12:28:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
60bb8b451c
linux/drivers
History
Gavin Shan 60bb8b451c vhost: Add smp_rmb() in vhost_vq_avail_empty() 
commit 22e1992cf7 upstream.

A smp_rmb() has been missed in vhost_vq_avail_empty(), spotted by
Will. Otherwise, it's not ensured the available ring entries pushed
by guest can be observed by vhost in time, leading to stale available
ring entries fetched by vhost in vhost_get_vq_desc(), as reported by
Yihuang Yu on NVidia's grace-hopper (ARM64) platform.

  /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64      \
  -accel kvm -machine virt,gic-version=host -cpu host          \
  -smp maxcpus=1,cpus=1,sockets=1,clusters=1,cores=1,threads=1 \
  -m 4096M,slots=16,maxmem=64G                                 \
  -object memory-backend-ram,id=mem0,size=4096M                \
   :                                                           \
  -netdev tap,id=vnet0,vhost=true                              \
  -device virtio-net-pci,bus=pcie.8,netdev=vnet0,mac=52:54:00:f1:26:b0
   :
  guest# netperf -H 10.26.1.81 -l 60 -C -c -t UDP_STREAM
  virtio_net virtio0: output.0:id 100 is not a head!

Add the missed smp_rmb() in vhost_vq_avail_empty(). When tx_can_batch()
returns true, it means there's still pending tx buffers. Since it might
read indices, so it still can bypass the smp_rmb() in vhost_get_vq_desc().
Note that it should be safe until vq->avail_idx is changed by commit
275bf960ac ("vhost: better detection of available buffers").

Fixes: 275bf960ac ("vhost: better detection of available buffers")
Cc: <stable@kernel.org> # v4.11+
Reported-by: Yihuang Yu <yihyu@redhat.com>
Suggested-by: Will Deacon <will@kernel.org>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20240328002149.1141302-2-gshan@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-02 16:17:08 +02:00
..
accessibility
acpi ACPI: scan: Fix device check notification handling 2024-03-26 18:22:35 -04:00
amba amba: bus: fix refcount leak 2023-09-23 10:48:09 +02:00
android binder: signal epoll threads of self-work 2024-02-23 08:12:57 +01:00
ata ata: sata_mv: Fix PCI device ID table declaration compilation warning 2024-04-13 12:50:14 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-23 08:12:53 +01:00
auxdisplay
base PM: sleep: wakeirq: fix wake irq warning in system suspend 2024-04-13 12:50:05 +02:00
bcma
block loop: loop_set_status_from_info() check before assignment 2024-04-13 12:50:10 +02:00
bluetooth Bluetooth: btintel: Fixe build regression 2024-04-13 12:50:17 +02:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-03-26 18:22:35 -04:00
cdrom
char hwrng: core - Fix page fault dead lock on mmap-ed hwrng 2024-02-23 08:12:40 +01:00
clk clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays 2024-04-13 12:50:05 +02:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2023-11-28 16:46:31 +00:00
connector
cpufreq cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily 2023-12-08 08:43:26 +01:00
cpuidle sched,idle,rcu: Push rcu_idle deeper into the idle path 2023-10-25 11:16:26 +02:00
crypto crypto: qat - resolve race condition during AER recovery 2024-04-13 12:50:04 +02:00
dax
dca
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-09-23 10:48:10 +02:00
dio drivers: dio: fix possible memory leak in dio_init() 2023-01-18 11:30:23 +01:00
dma dmaengine: shdma: increase size of 'dev_id' 2024-03-01 13:06:09 +01:00
dma-buf dma-buf/sw_sync: Avoid recursive lock during fence signal 2023-08-30 16:31:56 +02:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 14:33:31 -08:00
eisa
extcon extcon: Fix kernel doc of property capability fields to avoid warnings 2023-08-11 11:45:12 +02:00
firewire firewire: core: use long bus reset on gap count error 2024-03-26 18:22:33 -04:00
firmware efivarfs: Request at most 512 bytes for variable names 2024-04-13 12:50:10 +02:00
fmc
fpga fpga: bridge: fix kernel-doc parameter description 2023-05-17 11:13:15 +02:00
fsi fsi: master-ast-cf: Add MODULE_FIRMWARE macro 2023-09-23 10:47:57 +02:00
gnss
gpio gpio: 74x164: Enable output pins after registers are reset 2024-03-06 14:35:23 +00:00
gpu nouveau: fix function cast warning 2024-05-02 16:17:08 +02:00
hid HID: wacom: Do not register input devices until after hid_hw_start 2024-02-23 08:12:56 +01:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2023-01-18 11:30:30 +01:00
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-06-28 10:15:28 +02:00
hwmon hwmon: (amc6821) add of_match table 2024-04-13 12:50:06 +02:00
hwspinlock
hwtracing coresight: etm4x: Fix width of CCITMIN field 2024-01-25 14:33:31 -08:00
i2c i2c: s3c24xx: fix transferring more than one message in polling mode 2024-01-25 14:33:39 -08:00
ide treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
idle intel_idle: Disable IBRS during long idle 2022-11-23 07:53:45 +01:00
iio iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table 2024-01-08 11:27:35 +01:00
infiniband RDMA/srpt: fix function pointer cast warnings 2024-03-01 13:06:10 +01:00
input Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails 2024-04-13 12:50:15 +02:00
iommu iommu/amd: Mark interrupt as managed 2024-03-26 18:22:35 -04:00
ipack
irqchip irqchip/irq-brcmstb-l2: Add write memory barrier before exit 2024-02-23 08:12:58 +01:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:13:00 +02:00
leds leds: trigger: panic: Don't register panic notifier if creating the trigger failed 2024-02-23 08:12:50 +01:00
lightnvm
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-05-17 11:13:18 +02:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-08-11 11:45:13 +02:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 16:46:35 +00:00
md dm-raid: fix lockdep waring in "pers->hot_add_disk" 2024-04-13 12:50:06 +02:00
media media: sta2x11: fix irq handler cast 2024-04-13 12:50:15 +02:00
memory
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-08-11 11:45:06 +02:00
message scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition 2023-05-30 12:42:09 +01:00
mfd mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:22:40 -04:00
misc VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() 2024-04-13 12:50:17 +02:00
mmc mmc: core: Fix switch on gp3 partition 2024-04-13 12:50:06 +02:00
mtd ubi: correct the calculation of fastmap size 2024-04-13 12:50:04 +02:00
mux
net net/mlx5: Properly link new fs rules into the tree 2024-05-02 16:17:08 +02:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 10:15:31 +02:00
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-23 10:48:10 +02:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 10:29:18 +01:00
nvme nvme-pci: do not set the NUMA node of device if it has none 2023-10-10 21:44:59 +02:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2023-11-08 11:22:16 +01:00
of of: unittest: Fix of_count_phandle_with_args() expected value message 2024-01-25 14:33:36 -08:00
opp
oprofile
parisc parisc: iosapic.c: Fix sparse warnings 2023-10-10 21:44:58 +02:00
parport parport: Add support for Brainboxes IX/UC/PX parallel cards 2023-12-13 17:42:19 +01:00
pci PCI/PM: Drain runtime-idle callbacks before driver removal 2024-04-13 12:50:06 +02:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 10:29:20 +01:00
perf perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() 2023-01-18 11:30:02 +01:00
phy phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP 2024-02-23 08:12:53 +01:00
pinctrl pinctrl: at91-pio4: use dedicated lock class for IRQ 2024-01-08 11:27:34 +01:00
platform platform/x86: intel_telemetry: Fix kernel doc descriptions 2023-12-20 15:38:02 +01:00
pnp PNP: ACPI: fix fortify warning 2024-02-23 08:12:44 +01:00
power power: supply: bq27xxx-i2c: Do not free non existing IRQ 2024-03-06 14:35:23 +00:00
powercap powercap: fix possible name leak in powercap_register_zone() 2023-03-11 16:31:36 +01:00
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 16:46:33 +00:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2023-11-20 10:29:20 +01:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2023-01-18 11:30:08 +01:00
ras
regulator regulator: pwm-regulator: Add validity checks in continuous .get_voltage 2024-03-01 13:06:09 +01:00
remoteproc
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-25 14:33:30 -08:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-02-23 08:12:40 +01:00
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:22:42 -04:00
s390 s390/zcrypt: fix reference counting on zcrypt card objects 2024-04-13 12:50:07 +02:00
sbus
scsi scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() 2024-04-13 12:50:15 +02:00
sfi
sh
siox siox: fix possible memory leak in siox_device_add() 2022-11-25 17:40:23 +01:00
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-13 12:50:06 +02:00
sn
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-13 12:50:07 +02:00
soundwire
spi spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 2024-03-26 18:22:43 -04:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-17 11:13:17 +02:00
ssb treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
staging staging: vc04_services: fix information leak in create_component() 2024-04-13 12:50:13 +02:00
target scsi: target: core: Add TMF to tmr_list handling 2024-03-01 13:06:09 +01:00
tc
tee
thermal thermal: core: prevent potential string overflow 2023-11-20 10:29:17 +01:00
thunderbolt thunderbolt: Use const qualifier for ring_interrupt_index 2023-04-05 11:15:35 +02:00
tty tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc 2024-04-13 12:50:16 +02:00
uio uio: Fix use-after-free in uio_open 2024-01-25 14:33:30 -08:00
usb usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined 2024-04-13 12:50:16 +02:00
uwb
vfio vfio/platform: Disable virqfds on cleanup 2024-04-13 12:50:06 +02:00
vhost vhost: Add smp_rmb() in vhost_vq_avail_empty() 2024-05-02 16:17:08 +02:00
video fbmon: prevent division by zero in fb_videomode_from_videomode() 2024-04-13 12:50:16 +02:00
virt
virtio virtio: reenable config if freezing device failed 2024-04-13 12:50:16 +02:00
visorbus
vlynq
vme vme: Fix error not catched in fake_init() 2023-01-18 11:30:28 +01:00
w1 w1: fix loop in w1_fini() 2023-08-11 11:45:11 +02:00
watchdog watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling 2024-01-25 14:33:36 -08:00
xen xen/events: fix delayed eoi list handling 2023-11-28 16:46:33 +00:00
zorro
Kconfig
Makefile