mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Gavin Shan a2c1c0cfab vhost: Add smp_rmb() in vhost_enable_notify() 
commit df9ace7647 upstream.

A smp_rmb() has been missed in vhost_enable_notify(), inspired by
Will. Otherwise, it's not ensured the available ring entries pushed
by guest can be observed by vhost in time, leading to stale available
ring entries fetched by vhost in vhost_get_vq_desc(), as reported by
Yihuang Yu on NVidia's grace-hopper (ARM64) platform.

  /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64      \
  -accel kvm -machine virt,gic-version=host -cpu host          \
  -smp maxcpus=1,cpus=1,sockets=1,clusters=1,cores=1,threads=1 \
  -m 4096M,slots=16,maxmem=64G                                 \
  -object memory-backend-ram,id=mem0,size=4096M                \
   :                                                           \
  -netdev tap,id=vnet0,vhost=true                              \
  -device virtio-net-pci,bus=pcie.8,netdev=vnet0,mac=52:54:00:f1:26:b0
   :
  guest# netperf -H 10.26.1.81 -l 60 -C -c -t UDP_STREAM
  virtio_net virtio0: output.0:id 100 is not a head!

Add the missed smp_rmb() in vhost_enable_notify(). When it returns true,
it means there's still pending tx buffers. Since it might read indices,
so it still can bypass the smp_rmb() in vhost_get_vq_desc(). Note that
it should be safe until vq->avail_idx is changed by commit d3bb267bbd
("vhost: cache avail index in vhost_enable_notify()").

Fixes: d3bb267bbd ("vhost: cache avail index in vhost_enable_notify()")
Cc: <stable@kernel.org> # v5.18+
Reported-by: Yihuang Yu <yihyu@redhat.com>
Suggested-by: Will Deacon <will@kernel.org>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20240328002149.1141302-3-gshan@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-17 11:18:27 +02:00
..
accessibility speakup: Fix 8bit characters from direct synth 2024-04-03 15:19:33 +02:00
acpi Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" 2024-04-13 13:05:11 +02:00
amba
android binder: signal epoll threads of self-work 2024-02-23 09:12:39 +01:00
ata ata: libata-scsi: Fix ata_scsi_dev_rescan() error path 2024-04-17 11:18:22 +02:00
atm
auxdisplay
base driver core: Introduce device_link_wait_removal() 2024-04-10 16:28:32 +02:00
bcma
block aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 2024-03-26 18:20:29 -04:00
bluetooth Bluetooth: btintel: Fixe build regression 2024-04-13 13:05:27 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:05:16 +02:00
cdrom
char
clk clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays 2024-04-03 15:19:29 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-03 15:19:44 +02:00
comedi comedi: comedi_test: Prevent timers rescheduling during deletion 2024-03-26 18:20:57 -04:00
connector
counter
cpufreq cpufreq: Don't unregister cpufreq cooling on CPU hotplug 2024-04-13 13:05:00 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:04:54 +02:00
crypto crypto: qat - resolve race condition during AER recovery 2024-04-03 15:19:26 +02:00
cxl cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window 2024-03-01 13:26:31 +01:00
dax
dca
devfreq
dio
dma dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA 2024-03-26 18:20:45 -04:00
dma-buf dma-buf: Fix NULL pointer dereference in sanitycheck() 2024-04-10 16:28:21 +02:00
edac
eisa
extcon
firewire firewire: core: use long bus reset on gap count error 2024-03-26 18:20:27 -04:00
firmware firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() 2024-04-13 13:04:56 +02:00
fpga
fsi
gnss
gpio gpio: vf610: allow disabling the vf610 driver 2024-03-26 18:20:33 -04:00
gpu drm/client: Fully protect modes[] with dev->mode_config.mutex 2024-04-17 11:18:27 +02:00
greybus
hid HID: amd_sfh: Avoid disabling the interrupt 2024-03-26 18:20:51 -04:00
hsi
hte
hv
hwmon hwmon: (amc6821) add of_match table 2024-04-03 15:19:32 +02:00
hwspinlock
hwtracing hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() 2024-03-26 18:20:58 -04:00
i2c i2c: i801: Avoid potential double call to gpiod_remove_lookup_table 2024-04-03 15:19:43 +02:00
i3c
idle
iio iio: accel: adxl367: fix I2C FIFO data register 2024-04-03 15:19:43 +02:00
infiniband RDMA/cm: add timeout to cm_destroy_id wait 2024-04-13 13:05:13 +02:00
input Input: imagis - use FIELD_GET where applicable 2024-04-13 13:05:13 +02:00
interconnect Revert "interconnect: Teach lockdep about icc_bw_lock order" 2024-03-06 14:45:19 +00:00
iommu iommu/vt-d: Allocate local memory for page request queue 2024-04-17 11:18:26 +02:00
ipack
irqchip irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type 2024-04-03 15:19:45 +02:00
isdn
leds leds: sgm3140: Add missing timer cleanup and flash gpio control 2024-03-26 18:20:52 -04:00
macintosh
mailbox
mcb
md dm integrity: fix out-of-range warning 2024-04-10 16:28:23 +02:00
media media: cec: core: remove length check of Timer Status 2024-04-17 11:18:23 +02:00
memory
memstick
message
mfd mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:20:50 -04:00
misc VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() 2024-04-13 13:05:27 +02:00
mmc mmc: core: Avoid negative index with array access 2024-04-03 15:19:49 +02:00
most
mtd mtd: rawnand: meson: fix scrambling mode value in command macro 2024-04-03 15:19:27 +02:00
mux
net net: ena: Fix incorrect descriptor free behavior 2024-04-17 11:18:26 +02:00
nfc
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:20:49 -04:00
nubus
nvdimm
nvme drivers/nvme: Add quirks for device 126f:2262 2024-04-13 13:05:20 +02:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-03 15:19:32 +02:00
of of: dynamic: Synchronize of_changeset_destroy() with the devlink removals 2024-04-10 16:28:32 +02:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:20:42 -04:00
parisc
parport
pci PCI: hv: Fix ring buffer size calculation 2024-04-03 15:19:34 +02:00
pcmcia
peci
perf drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported 2024-04-10 16:28:30 +02:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-04-03 15:19:33 +02:00
pinctrl pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs 2024-04-13 13:05:05 +02:00
platform platform/x86: intel-vbtn: Update tablet mode switch at end of probe 2024-04-13 13:05:26 +02:00
pnp
power power: supply: bq27xxx-i2c: Do not free non existing IRQ 2024-03-06 14:45:09 +00:00
powercap powercap: dtpm_cpu: Fix error check against freq_qos_add_request() 2024-03-26 18:20:36 -04:00
pps
ps3
ptp
pwm pwm: img: fix pwm clock lookup 2024-04-03 15:19:45 +02:00
rapidio
ras
regulator regulator: pwm-regulator: Add validity checks in continuous .get_voltage 2024-03-01 13:26:26 +01:00
remoteproc remoteproc: virtio: Fix wdg cannot recovery remote processor 2024-04-03 15:19:24 +02:00
reset
rpmsg
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:20:58 -04:00
s390 s390/qeth: handle deferred cc1 2024-04-10 16:28:21 +02:00
sbus
scsi scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() 2024-04-17 11:18:23 +02:00
sh
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-03 15:19:33 +02:00
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-03 15:19:36 +02:00
soundwire ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops 2024-04-13 13:05:07 +02:00
spi spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 2024-03-26 18:21:02 -04:00
spmi
ssb
staging staging: vc04_services: fix information leak in create_component() 2024-04-03 15:19:51 +02:00
target scsi: target: pscsi: Fix bio_put() for error case 2024-03-01 13:26:31 +01:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-04-03 15:19:42 +02:00
thermal thermal/of: Assume polling-delay(-passive) 0 when absent 2024-04-13 13:05:19 +02:00
thunderbolt thunderbolt: Keep the domain powered when USB4 port is in redrive mode 2024-04-13 13:05:17 +02:00
tty tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc 2024-04-13 13:05:23 +02:00
ufs scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() 2024-03-01 13:26:30 +01:00
uio
usb scsi: sd: usb_storage: uas: Access media prior to querying device properties 2024-04-13 13:05:24 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:21:00 -04:00
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-04-03 15:19:47 +02:00
vhost vhost: Add smp_rmb() in vhost_enable_notify() 2024-04-17 11:18:27 +02:00
video fbmon: prevent division by zero in fb_videomode_from_videomode() 2024-04-13 13:05:21 +02:00
virt
virtio virtio: reenable config if freezing device failed 2024-04-13 13:05:25 +02:00
vlynq
w1
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:20:56 -04:00
xen xen/events: close evtchn after mapping cleanup 2024-03-06 14:45:20 +00:00
zorro
Kconfig
Makefile