Commit 86a07da3 authored by Jason Wang's avatar Jason Wang Committed by David S. Miller

Revert "net: vhost: lock the vqs one by one"

This reverts commit 78139c94. We don't
protect device IOTLB with vq mutex, which will lead e.g use after free
for device IOTLB entries. And since we've switched to use
mutex_trylock() in previous patch, it's safe to revert it without
having deadlock.

Fixes: commit 78139c94 ("net: vhost: lock the vqs one by one")
Cc: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 476e8ba7
...@@ -295,11 +295,8 @@ static void vhost_vq_meta_reset(struct vhost_dev *d) ...@@ -295,11 +295,8 @@ static void vhost_vq_meta_reset(struct vhost_dev *d)
{ {
int i; int i;
for (i = 0; i < d->nvqs; ++i) { for (i = 0; i < d->nvqs; ++i)
mutex_lock(&d->vqs[i]->mutex);
__vhost_vq_meta_reset(d->vqs[i]); __vhost_vq_meta_reset(d->vqs[i]);
mutex_unlock(&d->vqs[i]->mutex);
}
} }
static void vhost_vq_reset(struct vhost_dev *dev, static void vhost_vq_reset(struct vhost_dev *dev,
...@@ -895,6 +892,20 @@ static inline void __user *__vhost_get_user(struct vhost_virtqueue *vq, ...@@ -895,6 +892,20 @@ static inline void __user *__vhost_get_user(struct vhost_virtqueue *vq,
#define vhost_get_used(vq, x, ptr) \ #define vhost_get_used(vq, x, ptr) \
vhost_get_user(vq, x, ptr, VHOST_ADDR_USED) vhost_get_user(vq, x, ptr, VHOST_ADDR_USED)
static void vhost_dev_lock_vqs(struct vhost_dev *d)
{
int i = 0;
for (i = 0; i < d->nvqs; ++i)
mutex_lock_nested(&d->vqs[i]->mutex, i);
}
static void vhost_dev_unlock_vqs(struct vhost_dev *d)
{
int i = 0;
for (i = 0; i < d->nvqs; ++i)
mutex_unlock(&d->vqs[i]->mutex);
}
static int vhost_new_umem_range(struct vhost_umem *umem, static int vhost_new_umem_range(struct vhost_umem *umem,
u64 start, u64 size, u64 end, u64 start, u64 size, u64 end,
u64 userspace_addr, int perm) u64 userspace_addr, int perm)
...@@ -976,6 +987,7 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev, ...@@ -976,6 +987,7 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev,
int ret = 0; int ret = 0;
mutex_lock(&dev->mutex); mutex_lock(&dev->mutex);
vhost_dev_lock_vqs(dev);
switch (msg->type) { switch (msg->type) {
case VHOST_IOTLB_UPDATE: case VHOST_IOTLB_UPDATE:
if (!dev->iotlb) { if (!dev->iotlb) {
...@@ -1009,6 +1021,7 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev, ...@@ -1009,6 +1021,7 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev,
break; break;
} }
vhost_dev_unlock_vqs(dev);
mutex_unlock(&dev->mutex); mutex_unlock(&dev->mutex);
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment