Al Viro ec0d801d1a Fix double fget() in vhost_net_set_backend() ... commit fb4554c2232e44d595920f4d5c66cf8f7d13f9bc upstream. Descriptor table is a shared resource; two fget() on the same descriptor may return different struct file references. get_tap_ptr_ring() is called after we'd found (and pinned) the socket we'll be using and it tries to find the private tun/tap data structures associated with it. Redoing the lookup by the same file descriptor we'd used to get the socket is racy - we need to same struct file. Thanks to Jason for spotting a braino in the original variant of patch - I'd missed the use of fd == -1 for disabling backend, and in that case we can end up with sock == NULL and sock != oldsock. Cc: stable@kernel.org Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2022-05-25 09:17:55 +02:00
..
iotlb.c	vhost: Fix documentation	2020-09-24 05:54:36 -04:00
Kconfig	vhost_vdpa: implement IRQ offloading in vhost_vdpa	2020-08-05 11:08:42 -04:00
Makefile	vhost: introduce vDPA-based backend	2020-04-02 10:41:40 -04:00
net.c	Fix double fget() in vhost_net_set_backend()	2022-05-25 09:17:55 +02:00
scsi.c	vhost scsi: fix error return code in vhost_scsi_set_endpoint()	2020-12-30 11:54:00 +01:00
test.c	tools/virtio: Add --reset	2020-06-22 12:34:21 -04:00
test.h	tools/virtio: Add --reset	2020-06-22 12:34:21 -04:00
vdpa.c	vhost_vdpa: don't setup irq offloading when irq_num < 0	2022-05-25 09:17:53 +02:00
vhost.c	vhost: Fix the calculation in vhost_overflow()	2021-08-26 08:35:42 -04:00
vhost.h	vhost: add helper to check if a vq has been setup	2020-11-15 17:30:54 -05:00
vringh.c	vringh: Use wiov->used to check for read/write desc order	2021-09-03 10:09:27 +02:00
vsock.c	vsock: each transport cycles only on its own sockets	2022-03-23 09:13:27 +01:00