AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
834e772c8d
kernel_optimize_test/drivers/vhost
History
Stefan Hajnoczi 834e772c8d vhost/vsock: fix use-after-free in network stack callers 
If the network stack calls .send_pkt()/.cancel_pkt() during .release(),
a struct vhost_vsock use-after-free is possible.  This occurs because
.release() does not wait for other CPUs to stop using struct
vhost_vsock.

Switch to an RCU-enabled hashtable (indexed by guest CID) so that
.release() can wait for other CPUs by calling synchronize_rcu().  This
also eliminates vhost_vsock_lock acquisition in the data path so it
could have a positive effect on performance.

This is CVE-2018-14625 "kernel: use-after-free Read in vhost_transport_send_pkt".

Cc: stable@vger.kernel.org
Reported-and-tested-by: syzbot+bd391451452fb0b93039@syzkaller.appspotmail.com
Reported-by: syzbot+e3e074963495f92a89ed@syzkaller.appspotmail.com
Reported-by: syzbot+d5a0a170c5069658b141@syzkaller.appspotmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
2018-12-06 14:28:38 -05:00
..
Kconfig vhost: allow vhost-scsi driver to be built-in 2018-08-22 01:01:32 +03:00
Kconfig.vringh
Makefile
net.c net: vhost: remove bad code line 2018-10-07 21:31:32 -07:00
scsi.c vhost/scsi: Use common handling code in request queue handler 2018-10-24 21:16:13 -04:00
test.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
test.h
vhost.c vhost: Fix Spectre V1 vulnerability 2018-10-31 12:39:15 -07:00
vhost.h vhost: switch to use new message format 2018-08-06 10:41:04 -07:00
vringh.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
vsock.c vhost/vsock: fix use-after-free in network stack callers 2018-12-06 14:28:38 -05:00