Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

vhost: fix error handling in RESET_OWNER ioctl

RESET_OWNER ioctl would leave the fd in a bad state if
memory allocation failed: device is stopped
but owner is not reset. Make state changes
after allocating memory, such that a failed
ioctl has no effect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin 12 years ago
parent
061b16cfe3
commit
150b9e51ae
4 changed files with 24 additions and 12 deletions
Split View Show Diff Stats
  1. 7 1
      drivers/vhost/net.c
  2. 8 1
      drivers/vhost/test.c
  3. 7 9
      drivers/vhost/vhost.c
  4. 2 1
      drivers/vhost/vhost.h

+ 7 - 1
drivers/vhost/net.c
View File 

@@ -967,14 +967,20 @@ static long vhost_net_reset_owner(struct vhost_net *n)
 
 	struct socket *tx_sock = NULL;
 
 	struct socket *rx_sock = NULL;
 
 	long err;
 
+	struct vhost_memory *memory;
 
 
 	mutex_lock(&n->dev.mutex);
 
 	err = vhost_dev_check_owner(&n->dev);
 
 	if (err)
 
 		goto done;
 
+	memory = vhost_dev_reset_owner_prepare();
 
+	if (!memory) {
 
+		err = -ENOMEM;
 
+		goto done;
 
+	}
 
 	vhost_net_stop(n, &tx_sock, &rx_sock);
 
 	vhost_net_flush(n);
 
-	err = vhost_dev_reset_owner(&n->dev);
 
+	vhost_dev_reset_owner(&n->dev, memory);
 
 	vhost_net_vq_reset(n);
 
 done:
 
 	mutex_unlock(&n->dev.mutex);

+ 8 - 1
drivers/vhost/test.c
View File 

@@ -219,13 +219,20 @@ static long vhost_test_reset_owner(struct vhost_test *n)
 
 {
 
 	void *priv = NULL;
 
 	long err;
 
+	struct vhost_memory *memory;
 
+
 
 	mutex_lock(&n->dev.mutex);
 
 	err = vhost_dev_check_owner(&n->dev);
 
 	if (err)
 
 		goto done;
 
+	memory = vhost_dev_reset_owner_prepare();
 
+	if (!memory) {
 
+		err = -ENOMEM;
 
+		goto done;
 
+	}
 
 	vhost_test_stop(n, &priv);
 
 	vhost_test_flush(n);
 
-	err = vhost_dev_reset_owner(&n->dev);
 
+	vhost_dev_reset_owner(&n->dev, memory);
 
 done:
 
 	mutex_unlock(&n->dev.mutex);
 
 	return err;

+ 7 - 9
drivers/vhost/vhost.c
View File 

@@ -386,21 +386,19 @@ err_mm:
 
 	return err;
 
 }
 
 
-/* Caller should have device mutex */
 
-long vhost_dev_reset_owner(struct vhost_dev *dev)
 
+struct vhost_memory *vhost_dev_reset_owner_prepare(void)
 
 {
 
-	struct vhost_memory *memory;
 
-
 
-	/* Restore memory to default empty mapping. */
 
-	memory = kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
 
-	if (!memory)
 
-		return -ENOMEM;
 
+	return kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
 
+}
 
 
+/* Caller should have device mutex */
 
+void vhost_dev_reset_owner(struct vhost_dev *dev, struct vhost_memory *memory)
 
+{
 
 	vhost_dev_cleanup(dev, true);
 
 
+	/* Restore memory to default empty mapping. */
 
 	memory->nregions = 0;
 
 	RCU_INIT_POINTER(dev->memory, memory);
 
-	return 0;
 
 }
 
 
 void vhost_dev_stop(struct vhost_dev *dev)

+ 2 - 1
drivers/vhost/vhost.h
View File 

@@ -136,7 +136,8 @@ struct vhost_dev {
 
 
 long vhost_dev_init(struct vhost_dev *, struct vhost_virtqueue **vqs, int nvqs);
 
 long vhost_dev_check_owner(struct vhost_dev *);
 
-long vhost_dev_reset_owner(struct vhost_dev *);
 
+struct vhost_memory *vhost_dev_reset_owner_prepare(void);
 
+void vhost_dev_reset_owner(struct vhost_dev *, struct vhost_memory *);
 
 void vhost_dev_cleanup(struct vhost_dev *, bool locked);
 
 void vhost_dev_stop(struct vhost_dev *);
 
 long vhost_dev_ioctl(struct vhost_dev *, unsigned int ioctl, void __user *argp);