Re: [PATCH v2 1/3] vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock

From: Jason Wang
Date: Thu Jul 04 2019 - 20:18:58 EST

Next message: Olof Johansson: "[GIT PULL] ARM: SoC fixes"
Previous message: Luke Nelson: "[PATCH bpf-next] Enable zext optimization for more RV64G ALU ops"
In reply to: Stefano Garzarella: "Re: [PATCH v2 1/3] vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock"
Next in thread: Stefan Hajnoczi: "Re: [PATCH v2 1/3] vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019/7/4 äå5:20, Stefano Garzarella wrote:

This is still suspicious, can we access the_virtio_vsock through vdev->priv?
If yes, we may still get use-after-free since it was not protected by RCU.

We will free the object only after calling the del_vqs(), so we are sure
that the vq_callbacks ended and will no longer be invoked.
So, IIUC it shouldn't happen.

Yes, but any dereference that is not done in vq_callbacks will be very
dangerous in the future.

Right.

Do you think make sense to continue with this series in order to fix the
hot-unplug issue, then I'll work to refactor the driver code to use the refcnt
(as you suggested in patch 2) and singleton for the_virtio_vsock?

Thanks,
Stefano

Yes.

Thanks

Next message: Olof Johansson: "[GIT PULL] ARM: SoC fixes"
Previous message: Luke Nelson: "[PATCH bpf-next] Enable zext optimization for more RV64G ALU ops"
In reply to: Stefano Garzarella: "Re: [PATCH v2 1/3] vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock"
Next in thread: Stefan Hajnoczi: "Re: [PATCH v2 1/3] vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]