From: Greg Kroah-Hartman Date: Wed, 7 Feb 2018 19:36:38 +0000 (-0800) Subject: 4.4-stable patches X-Git-Tag: v4.15.3~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=72d0df4f3d34df68e2382f538533302fc98c4812;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: vhost_net-stop-device-during-reset-owner.patch --- diff --git a/queue-4.4/series b/queue-4.4/series index 67ac75d5b7e..67df348dc6e 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -30,3 +30,4 @@ qlcnic-fix-deadlock-bug.patch r8169-fix-rtl8168ep-take-too-long-to-complete-driver-initialization.patch tcp-release-sk_frag.page-in-tcp_disconnect.patch ipv6-fix-so_reuseport-udp-socket-with-implicit-sk_ipv6only.patch +vhost_net-stop-device-during-reset-owner.patch diff --git a/queue-4.4/vhost_net-stop-device-during-reset-owner.patch b/queue-4.4/vhost_net-stop-device-during-reset-owner.patch new file mode 100644 index 00000000000..6a70009eb7e --- /dev/null +++ b/queue-4.4/vhost_net-stop-device-during-reset-owner.patch @@ -0,0 +1,34 @@ +From foo@baz Wed Feb 7 11:22:35 PST 2018 +From: Jason Wang +Date: Thu, 25 Jan 2018 22:03:52 +0800 +Subject: vhost_net: stop device during reset owner + +From: Jason Wang + + +[ Upstream commit 4cd879515d686849eec5f718aeac62a70b067d82 ] + +We don't stop device before reset owner, this means we could try to +serve any virtqueue kick before reset dev->worker. This will result a +warn since the work was pending at llist during owner resetting. Fix +this by stopping device during owner reset. + +Reported-by: syzbot+eb17c6162478cc50632c@syzkaller.appspotmail.com +Fixes: 3a4d5c94e9593 ("vhost_net: a kernel-level virtio server") +Signed-off-by: Jason Wang +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vhost/net.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/vhost/net.c ++++ b/drivers/vhost/net.c +@@ -981,6 +981,7 @@ static long vhost_net_reset_owner(struct + } + vhost_net_stop(n, &tx_sock, &rx_sock); + vhost_net_flush(n); ++ vhost_dev_stop(&n->dev); + vhost_dev_reset_owner(&n->dev, memory); + vhost_net_vq_reset(n); + done: