diff options
| author | Michael S. Tsirkin <mst@redhat.com> | 2019-10-07 13:56:59 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-01-27 14:51:19 +0100 |
| commit | ae599446db7401194fd5a1956115e22dd2c0ffc7 (patch) | |
| tree | 70093512a44d930f409f6f8f0ded2419e17841ac /drivers | |
| parent | 2e7d73cb2291f9cc7ea99fc55ae2ddc68c7f7b77 (diff) | |
vhost/test: stop device before reset
[ Upstream commit 245cdd9fbd396483d501db83047116e2530f245f ]
When device stop was moved out of reset, test device wasn't updated to
stop before reset, this resulted in a use after free. Fix by invoking
stop appropriately.
Fixes: b211616d7125 ("vhost: move -net specific code out")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/vhost/test.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c index a9be2d8e98df..55090d9f9de0 100644 --- a/drivers/vhost/test.c +++ b/drivers/vhost/test.c @@ -162,6 +162,7 @@ static int vhost_test_release(struct inode *inode, struct file *f) vhost_test_stop(n, &private); vhost_test_flush(n); + vhost_dev_stop(&n->dev); vhost_dev_cleanup(&n->dev); /* We do an extra flush before freeing memory, * since jobs can re-queue themselves. */ @@ -238,6 +239,7 @@ static long vhost_test_reset_owner(struct vhost_test *n) } vhost_test_stop(n, &priv); vhost_test_flush(n); + vhost_dev_stop(&n->dev); vhost_dev_reset_owner(&n->dev, umem); done: mutex_unlock(&n->dev.mutex); |