vhost: fix error handling in RESET_OWNER ioctl
RESET_OWNER ioctl would leave the fd in a bad state if memory allocation failed: device is stopped but owner is not reset. Make state changes after allocating memory, such that a failed ioctl has no effect. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
parent
061b16cfe3
commit
150b9e51ae
@ -967,14 +967,20 @@ static long vhost_net_reset_owner(struct vhost_net *n)
|
||||
struct socket *tx_sock = NULL;
|
||||
struct socket *rx_sock = NULL;
|
||||
long err;
|
||||
struct vhost_memory *memory;
|
||||
|
||||
mutex_lock(&n->dev.mutex);
|
||||
err = vhost_dev_check_owner(&n->dev);
|
||||
if (err)
|
||||
goto done;
|
||||
memory = vhost_dev_reset_owner_prepare();
|
||||
if (!memory) {
|
||||
err = -ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
vhost_net_stop(n, &tx_sock, &rx_sock);
|
||||
vhost_net_flush(n);
|
||||
err = vhost_dev_reset_owner(&n->dev);
|
||||
vhost_dev_reset_owner(&n->dev, memory);
|
||||
vhost_net_vq_reset(n);
|
||||
done:
|
||||
mutex_unlock(&n->dev.mutex);
|
||||
|
@ -219,13 +219,20 @@ static long vhost_test_reset_owner(struct vhost_test *n)
|
||||
{
|
||||
void *priv = NULL;
|
||||
long err;
|
||||
struct vhost_memory *memory;
|
||||
|
||||
mutex_lock(&n->dev.mutex);
|
||||
err = vhost_dev_check_owner(&n->dev);
|
||||
if (err)
|
||||
goto done;
|
||||
memory = vhost_dev_reset_owner_prepare();
|
||||
if (!memory) {
|
||||
err = -ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
vhost_test_stop(n, &priv);
|
||||
vhost_test_flush(n);
|
||||
err = vhost_dev_reset_owner(&n->dev);
|
||||
vhost_dev_reset_owner(&n->dev, memory);
|
||||
done:
|
||||
mutex_unlock(&n->dev.mutex);
|
||||
return err;
|
||||
|
@ -386,21 +386,19 @@ err_mm:
|
||||
return err;
|
||||
}
|
||||
|
||||
/* Caller should have device mutex */
|
||||
long vhost_dev_reset_owner(struct vhost_dev *dev)
|
||||
struct vhost_memory *vhost_dev_reset_owner_prepare(void)
|
||||
{
|
||||
struct vhost_memory *memory;
|
||||
|
||||
/* Restore memory to default empty mapping. */
|
||||
memory = kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
|
||||
if (!memory)
|
||||
return -ENOMEM;
|
||||
return kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
|
||||
}
|
||||
|
||||
/* Caller should have device mutex */
|
||||
void vhost_dev_reset_owner(struct vhost_dev *dev, struct vhost_memory *memory)
|
||||
{
|
||||
vhost_dev_cleanup(dev, true);
|
||||
|
||||
/* Restore memory to default empty mapping. */
|
||||
memory->nregions = 0;
|
||||
RCU_INIT_POINTER(dev->memory, memory);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void vhost_dev_stop(struct vhost_dev *dev)
|
||||
|
@ -136,7 +136,8 @@ struct vhost_dev {
|
||||
|
||||
long vhost_dev_init(struct vhost_dev *, struct vhost_virtqueue **vqs, int nvqs);
|
||||
long vhost_dev_check_owner(struct vhost_dev *);
|
||||
long vhost_dev_reset_owner(struct vhost_dev *);
|
||||
struct vhost_memory *vhost_dev_reset_owner_prepare(void);
|
||||
void vhost_dev_reset_owner(struct vhost_dev *, struct vhost_memory *);
|
||||
void vhost_dev_cleanup(struct vhost_dev *, bool locked);
|
||||
void vhost_dev_stop(struct vhost_dev *);
|
||||
long vhost_dev_ioctl(struct vhost_dev *, unsigned int ioctl, void __user *argp);
|
||||
|
Loading…
Reference in New Issue
Block a user