mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Gavin Shan d771b8818b vhost: Add smp_rmb() in vhost_enable_notify() 
commit df9ace7647 upstream.

A smp_rmb() has been missed in vhost_enable_notify(), inspired by
Will. Otherwise, it's not ensured the available ring entries pushed
by guest can be observed by vhost in time, leading to stale available
ring entries fetched by vhost in vhost_get_vq_desc(), as reported by
Yihuang Yu on NVidia's grace-hopper (ARM64) platform.

  /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64      \
  -accel kvm -machine virt,gic-version=host -cpu host          \
  -smp maxcpus=1,cpus=1,sockets=1,clusters=1,cores=1,threads=1 \
  -m 4096M,slots=16,maxmem=64G                                 \
  -object memory-backend-ram,id=mem0,size=4096M                \
   :                                                           \
  -netdev tap,id=vnet0,vhost=true                              \
  -device virtio-net-pci,bus=pcie.8,netdev=vnet0,mac=52:54:00:f1:26:b0
   :
  guest# netperf -H 10.26.1.81 -l 60 -C -c -t UDP_STREAM
  virtio_net virtio0: output.0:id 100 is not a head!

Add the missed smp_rmb() in vhost_enable_notify(). When it returns true,
it means there's still pending tx buffers. Since it might read indices,
so it still can bypass the smp_rmb() in vhost_get_vq_desc(). Note that
it should be safe until vq->avail_idx is changed by commit d3bb267bbd
("vhost: cache avail index in vhost_enable_notify()").

Fixes: d3bb267bbd ("vhost: cache avail index in vhost_enable_notify()")
Cc: <stable@kernel.org> # v5.18+
Reported-by: Yihuang Yu <yihyu@redhat.com>
Suggested-by: Will Deacon <will@kernel.org>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20240328002149.1141302-3-gshan@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-17 11:23:39 +02:00
..
accel accel/ivpu: Fix deadlock in context_xa 2024-04-17 11:23:37 +02:00
accessibility speakup: Fix 8bit characters from direct synth 2024-04-03 15:32:16 +02:00
acpi ACPI: HMAT / cxl: Add retrieval of generic port coordinates for both access classes 2024-04-17 11:23:29 +02:00
amba
android binder: signal epoll threads of self-work 2024-01-31 14:08:28 -08:00
ata ata: libata-scsi: Fix ata_scsi_dev_rescan() error path 2024-04-17 11:23:23 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-03 12:46:13 +00:00
auxdisplay drm-next for 6.8: 2024-01-12 11:32:19 -08:00
base base/node / ACPI: Enumerate node access class for 'struct access_coordinate' 2024-04-17 11:23:29 +02:00
bcma
block aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 2024-03-26 18:16:29 -04:00
bluetooth Bluetooth: btintel: Fixe build regression 2024-04-13 13:10:12 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:10:08 +02:00
cache cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() 2024-02-21 16:24:10 +00:00
cdrom
cdx cdx: Unlock on error path in rescan_store() 2024-01-04 17:01:14 +01:00
char tpm,tpm_tis: Avoid warning splat at shutdown 2024-04-03 15:32:19 +02:00
clk clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays 2024-04-03 15:32:10 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-03 15:32:32 +02:00
comedi comedi: comedi_test: Prevent timers rescheduling during deletion 2024-03-05 14:21:45 +00:00
connector connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" 2024-02-13 11:15:44 +01:00
counter counter: fix privdata alignment 2024-02-16 18:51:00 -05:00
cpufreq cpufreq: Don't unregister cpufreq cooling on CPU hotplug 2024-04-13 13:10:01 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:09:58 +02:00
crypto crypto: iaa - Fix async_disable descriptor leak 2024-04-13 13:10:07 +02:00
cxl cxl: Fix retrieving of access_coordinates in PCIe path 2024-04-17 11:23:30 +02:00
dax New code for 6.8: 2024-01-10 08:45:22 -08:00
dca
devfreq
dio
dma dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA 2024-03-26 18:17:00 -04:00
dma-buf dma-buf: Fix NULL pointer dereference in sanitycheck() 2024-04-10 16:37:54 +02:00
dpll dpll: indent DPLL option type by a tab 2024-04-10 16:37:56 +02:00
edac Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
eisa
extcon
firewire firewire: ohci: prevent leak of left-over IRQ on unbind 2024-03-06 22:35:22 +09:00
firmware firmware: arm_scmi: Make raw debugfs entries non-seekable 2024-04-17 11:23:26 +02:00
fpga Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
fsi
gnss TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
gpio gpio: cdev: fix missed label sanitizing in debounce_setup() 2024-04-10 16:38:15 +02:00
gpu drm/amdgpu/umsch: reinitialize write pointer in hw init 2024-04-17 11:23:38 +02:00
greybus TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
hid HID: input: avoid polling stylus battery on Chromebook Pompom 2024-04-13 13:10:06 +02:00
hsi
hte
hv x86/hyperv: Use per cpu initial stack for vtl context 2024-03-26 18:17:30 -04:00
hwmon hwmon: (amc6821) add of_match table 2024-04-03 15:32:16 +02:00
hwspinlock
hwtracing hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() 2024-03-26 18:17:30 -04:00
i2c i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC 2024-04-13 13:10:06 +02:00
i3c i3c: dw: Disable IBI IRQ depends on hot-join and SIR enabling 2024-03-26 18:17:24 -04:00
idle Power management updates for 6.8-rc1 2024-01-09 16:32:11 -08:00
iio iio: adc: rockchip_saradc: use mask for write_enable bitfield 2024-04-03 15:32:08 +02:00
infiniband RDMA/cm: add timeout to cm_destroy_id wait 2024-04-13 13:10:07 +02:00
input Input: xpad - add support for Snakebyte GAMEPADs 2024-04-13 13:10:08 +02:00
interconnect interconnect: qcom: x1e80100: Add missing ACV enable_mask 2024-02-04 23:36:06 +02:00
iommu iommu/vt-d: Fix WARN_ON in iommu probe path 2024-04-17 11:23:35 +02:00
ipack TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
irqchip irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type 2024-04-03 15:32:34 +02:00
isdn
leds leds: trigger: netdev: Fix kernel panic on interface rename trig notify 2024-04-03 15:32:15 +02:00
macintosh
mailbox mediatek: add CMDQ support for mt8188 2024-01-17 15:39:32 -08:00
mcb
md raid1: fix use-after-free for original bio in raid1_write_request() 2024-04-17 11:23:24 +02:00
media media: cec: core: remove length check of Timer Status 2024-04-17 11:23:25 +02:00
memory memory: tegra: Correct DLA client names 2024-03-26 18:16:46 -04:00
memstick
message
mfd mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 2024-04-03 15:32:35 +02:00
misc VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() 2024-04-13 13:10:12 +02:00
mmc mmc: omap: restore original power up/down steps 2024-04-17 11:23:26 +02:00
most
mtd mtd: rawnand: Constrain even more when continuous reads are enabled 2024-04-03 15:32:23 +02:00
mux mux: mmio: use reg property when parent device is not a syscon 2024-01-04 17:01:14 +01:00
net net: ena: Set tx_info->xdpf value to NULL 2024-04-17 11:23:34 +02:00
nfc
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:17:06 -04:00
nubus nubus: Make nubus_bus_type static and constant 2024-01-03 13:33:59 +01:00
nvdimm virtio: features, fixes 2024-01-18 16:44:03 -08:00
nvme drivers/nvme: Add quirks for device 126f:2262 2024-04-13 13:10:10 +02:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-03 15:32:16 +02:00
of of: module: prevent NULL pointer dereference in vsnprintf() 2024-04-10 16:38:19 +02:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:16:56 -04:00
parisc parisc/power: Fix power soft-off button emulation on qemu 2024-01-07 22:59:16 +01:00
parport
pci PCI: hv: Fix ring buffer size calculation 2024-04-03 15:32:18 +02:00
pcmcia
peci
perf drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 2024-04-13 13:10:07 +02:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-04-03 15:32:16 +02:00
pinctrl pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs 2024-04-13 13:10:03 +02:00
platform platform/chrome: cros_ec_uart: properly fix race condition 2024-04-17 11:23:25 +02:00
pmdomain pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain 2024-04-13 13:09:59 +02:00
pnp More ACPI updates for 6.8-rc1 2024-01-17 14:37:40 -08:00
power power: supply: mm8013: fix "not charging" detection 2024-03-26 18:17:17 -04:00
powercap powercap: intel_rapl_tpmi: Fix System Domain probing 2024-04-03 15:32:04 +02:00
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-01-04 18:06:46 -08:00
pwm pwm: img: fix pwm clock lookup 2024-04-03 15:32:35 +02:00
rapidio
ras
regulator regulator: userspace-consumer: add module device table 2024-03-26 18:16:50 -04:00
remoteproc remoteproc: virtio: Fix wdg cannot recovery remote processor 2024-04-03 15:32:01 +02:00
reset SoC: driver updates for 6.8 2024-01-11 11:31:46 -08:00
rpmsg
rtc rtc: max31335: fix interrupt status reg 2024-03-26 18:17:30 -04:00
s390 Revert "s390/ism: fix receive message buffer allocation" 2024-04-17 11:23:33 +02:00
sbus
scsi scsi: sg: Avoid race in error handling & drop bogus warn 2024-04-17 11:23:36 +02:00
sh maple: make maple_bus_type static and const 2024-01-04 14:37:17 +01:00
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-03 15:32:16 +02:00
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-03 15:32:21 +02:00
soundwire ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops 2024-04-13 13:10:04 +02:00
spi spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe 2024-04-10 16:38:13 +02:00
spmi
ssb
staging staging: vc04_services: fix information leak in create_component() 2024-04-03 15:32:45 +02:00
target scsi: target: pscsi: Fix bio_put() for error case 2024-02-15 14:44:07 -05:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-03-04 09:49:03 +01:00
thermal thermal/of: Assume polling-delay(-passive) 0 when absent 2024-04-13 13:10:10 +02:00
thunderbolt thunderbolt: Keep the domain powered when USB4 port is in redrive mode 2024-04-13 13:10:09 +02:00
tty serial: 8250_of: Drop quirk fot NPCM from 8250_port 2024-04-13 13:10:09 +02:00
ufs scsi: ufs: qcom: Avoid re-init quirk when gears match 2024-04-13 13:10:03 +02:00
uio uio: Fix use-after-free in uio_open 2024-01-04 17:03:47 +01:00
usb usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined 2024-04-13 13:10:10 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:17:35 -04:00
vfio vfio/pds: Make sure migration file isn't accessed after reset 2024-04-03 15:32:44 +02:00
vhost vhost: Add smp_rmb() in vhost_enable_notify() 2024-04-17 11:23:39 +02:00
video fbmon: prevent division by zero in fb_videomode_from_videomode() 2024-04-13 13:10:11 +02:00
virt Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
virtio virtio: reenable config if freezing device failed 2024-04-03 15:32:25 +02:00
w1
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:17:25 -04:00
xen x86/xen: attempt to inflate the memory balloon on PVH 2024-04-13 13:10:10 +02:00
zorro
Kconfig
Makefile fbdev/intelfb: Remove driver 2024-01-12 12:38:37 +01:00