From: "Michael S. Tsirkin" <mst@xxxxxxxxxx> Date: Thu, 13 Feb 2014 11:45:11 +0200 > vhost_zerocopy_callback accesses VQ right after it drops a ubuf > reference. In theory, this could race with device removal which waits > on the ubuf kref, and crash on use after free. > > Do all accesses within rcu read side critical section, and synchronize > on release. > > Since callbacks are always invoked from bh, synchronize_rcu_bh seems > enough and will help release complete a bit faster. > > Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx> > --- > > This is was previously posted as part of patch > series, but it's an independent fix really. > Theoretical race so not needed for stable I think. Ok, no -stable, applied. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
