| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Sep 2020 13:00:38 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Qian Cai <cai@....pw>,
Daniel Wagner <dwagner@...e.de>,
Cornelia Huck <cohuck@...hat.com>,
Alex Williamson <alex.williamson@...hat.com>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 4.4 71/85] vfio/pci: Clear error and request eventfd ctx after releasing
From: Alex Williamson <alex.williamson@...hat.com>
[ Upstream commit 5c5866c593bbd444d0339ede6a8fb5f14ff66d72 ]
The next use of the device will generate an underflow from the
stale reference.
Cc: Qian Cai <cai@....pw>
Fixes: 1518ac272e78 ("vfio/pci: fix memory leaks of eventfd ctx")
Reported-by: Daniel Wagner <dwagner@...e.de>
Reviewed-by: Cornelia Huck <cohuck@...hat.com>
Tested-by: Daniel Wagner <dwagner@...e.de>
Signed-off-by: Alex Williamson <alex.williamson@...hat.com>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/vfio/pci/vfio_pci.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index ab765770e8dd6..662ea7ec82926 100644
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -255,10 +255,14 @@ static void vfio_pci_release(void *device_data)
if (!(--vdev->refcnt)) {
vfio_spapr_pci_eeh_release(vdev->pdev);
vfio_pci_disable(vdev);
- if (vdev->err_trigger)
+ if (vdev->err_trigger) {
eventfd_ctx_put(vdev->err_trigger);
- if (vdev->req_trigger)
+ vdev->err_trigger = NULL;
+ }
+ if (vdev->req_trigger) {
eventfd_ctx_put(vdev->req_trigger);
+ vdev->req_trigger = NULL;
+ }
}
mutex_unlock(&driver_lock);
--
2.25.1
Powered by blists - more mailing lists