From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 23 Apr 2021 14:01:34 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v4.4.268~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be972694986e4ec958b2437332866c76270d9e03;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	vhost-vdpa-protect-concurrent-access-to-vhost-device-iotlb.patch
---

diff --git a/queue-5.10/series b/queue-5.10/series
new file mode 100644
index 00000000000..c1f11fa6a14
--- /dev/null
+++ b/queue-5.10/series
@@ -0,0 +1 @@
+vhost-vdpa-protect-concurrent-access-to-vhost-device-iotlb.patch
diff --git a/queue-5.10/vhost-vdpa-protect-concurrent-access-to-vhost-device-iotlb.patch b/queue-5.10/vhost-vdpa-protect-concurrent-access-to-vhost-device-iotlb.patch
new file mode 100644
index 00000000000..c8212754efe
--- /dev/null
+++ b/queue-5.10/vhost-vdpa-protect-concurrent-access-to-vhost-device-iotlb.patch
@@ -0,0 +1,50 @@
+From a9d064524fc3cf463b3bb14fa63de78aafb40dab Mon Sep 17 00:00:00 2001
+From: Xie Yongji <xieyongji@bytedance.com>
+Date: Mon, 12 Apr 2021 17:55:12 +0800
+Subject: vhost-vdpa: protect concurrent access to vhost device iotlb
+
+From: Xie Yongji <xieyongji@bytedance.com>
+
+commit a9d064524fc3cf463b3bb14fa63de78aafb40dab upstream.
+
+Protect vhost device iotlb by vhost_dev->mutex. Otherwise,
+it might cause corruption of the list and interval tree in
+struct vhost_iotlb if userspace sends the VHOST_IOTLB_MSG_V2
+message concurrently.
+
+Fixes: 4c8cf318("vhost: introduce vDPA-based backend")
+Cc: stable@vger.kernel.org
+Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Link: https://lore.kernel.org/r/20210412095512.178-1-xieyongji@bytedance.com
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/vhost/vdpa.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/vhost/vdpa.c
++++ b/drivers/vhost/vdpa.c
+@@ -749,9 +749,11 @@ static int vhost_vdpa_process_iotlb_msg(
+ 	const struct vdpa_config_ops *ops = vdpa->config;
+ 	int r = 0;
+ 
++	mutex_lock(&dev->mutex);
++
+ 	r = vhost_dev_check_owner(dev);
+ 	if (r)
+-		return r;
++		goto unlock;
+ 
+ 	switch (msg->type) {
+ 	case VHOST_IOTLB_UPDATE:
+@@ -772,6 +774,8 @@ static int vhost_vdpa_process_iotlb_msg(
+ 		r = -EINVAL;
+ 		break;
+ 	}
++unlock:
++	mutex_unlock(&dev->mutex);
+ 
+ 	return r;
+ }