On Thu, Nov 01, 2018 at 04:43:28PM +0000, Stefan Hajnoczi wrote: > Here's the refcount approach to avoiding struct vhost_vsock > use-after-free. On the plus side it allows multiple CPUs to run > .send_pkt()/.cancel_pkt() instead of the previous locking solution. On > the other hand, it results in a useless waitqueue wake_up() on most > .send_pkt()/.cancel_pkt() calls (which involves a waitqueue spinlock). I figured out an easy way to avoid wake_up() during normal operation: hold a refcount until .release(). That way the data path never calls wake_up() until .release() time. Now I'm happier with my refcount approach. Stefan
Attachment:
signature.asc
Description: PGP signature
