diff options
| author | Michael S. Tsirkin <mst@redhat.com> | 2019-10-07 13:56:59 -0400 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2019-10-13 09:38:27 -0400 |
| commit | 245cdd9fbd396483d501db83047116e2530f245f (patch) | |
| tree | 07c9fa9e0b3ce7785c91522282fb8e0b9150139e /drivers/vhost | |
| parent | edc5774c097f6463e9fb2373832e7db726247809 (diff) | |
| download | linux-245cdd9fbd396483d501db83047116e2530f245f.tar.bz2 | |
vhost/test: stop device before reset
When device stop was moved out of reset, test device wasn't updated to
stop before reset, this resulted in a use after free. Fix by invoking
stop appropriately.
Fixes: b211616d7125 ("vhost: move -net specific code out")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'drivers/vhost')
| -rw-r--r-- | drivers/vhost/test.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c index 7804869c6a31..056308008288 100644 --- a/drivers/vhost/test.c +++ b/drivers/vhost/test.c @@ -161,6 +161,7 @@ static int vhost_test_release(struct inode *inode, struct file *f) vhost_test_stop(n, &private); vhost_test_flush(n); + vhost_dev_stop(&n->dev); vhost_dev_cleanup(&n->dev); /* We do an extra flush before freeing memory, * since jobs can re-queue themselves. */ @@ -237,6 +238,7 @@ static long vhost_test_reset_owner(struct vhost_test *n) } vhost_test_stop(n, &priv); vhost_test_flush(n); + vhost_dev_stop(&n->dev); vhost_dev_reset_owner(&n->dev, umem); done: mutex_unlock(&n->dev.mutex); |