Yes, and it also protects the kernel from the PoC, as I've tested.
On 2025-01-14 10:17:50 Lei Yang wrote:
> I tested this patch with virtio-net regression tests, everything works fine.
>
> Tested-by: Lei Yang <leiyang@xxxxxxxxxx>
>
>
> On Mon, Jan 13, 2025 at 5:20 AM Mike Christie
> <michael.christie@xxxxxxxxxx> wrote:
> >
> > On 1/12/25 11:35 AM, michael.christie@xxxxxxxxxx wrote:
> > > So I think to fix the issue, we would want to:
> > >
> > > 1. move the
> > >
> > > memcpy(vs_tpg, vs->vs_tpg, len);
> > >
> > > to the end of the function after we do the vhost_scsi_flush. This will
> > > be more complicated than the current memcpy though. We will want to
> > > merge the local vs_tpg and the vs->vs_tpg like:
> > >
> > > for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
> > > if (vs_tpg[i])
> > > vs->vs_tpg[i] = vs_tpg[i])
> > > }
> >
> > I think I wrote that in reverse. We would want:
> >
> > vhost_scsi_flush(vs);
> >
> > if (vs->vs_tpg) {
> > for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
> > if (vs->vs_tpg[i])
> > vs_tpg[i] = vs->vs_tpg[i])
> > }
> > }
> >
> > kfree(vs->vs_tpg);
> > vs->vs_tpg = vs_tpg;
> >
> > or we could just allocate the vs_tpg with the vhost_scsi like:
> >
> > struct vhost_scsi {
> > ....
> >
> > struct vhost_scsi_tpg *vs_tpg[VHOST_SCSI_MAX_TARGET];
> >
> > then when we loop in vhost_scsi_set/clear_endpoint set/clear the
> > every vs_tpg entry.
> >
