user/sven/linux.git/drivers/vhost, branch v3.10.30

vhost/scsi: Fix incorrect usage of get_user_pages_fast write parameter

2013-11-13T03:05:32Z

commit 60a01f558af9c48b0bb31f303c479e32721add3f upstream. This patch addresses a long-standing bug where the get_user_pages_fast() write parameter used for setting the underlying page table entry permission bits was incorrectly set to write=1 for data_direction=DMA_TO_DEVICE, and passed into get_user_pages_fast() via vhost_scsi_map_iov_to_sgl(). However, this parameter is intended to signal WRITEs to pinned userspace PTEs for the virtio-scsi DMA_FROM_DEVICE -> READ payload case, and *not* for the virtio-scsi DMA_TO_DEVICE -> WRITE payload case. This bug would manifest itself as random process segmentation faults on KVM host after repeated vhost starts + stops and/or with lots of vhost endpoints + LUNs. Cc: Stefan Hajnoczi Cc: Michael S. Tsirkin Cc: Asias He Signed-off-by: Nicholas Bellinger Signed-off-by: Greg Kroah-Hartman

vhost_net: poll vhost queue after marking DMA is done

2013-09-14T13:54:56Z

[ Upstream commit 19c73b3e08d16ee923f3962df4abf6205127896a ] We used to poll vhost queue before making DMA is done, this is racy if vhost thread were waked up before marking DMA is done which can result the signal to be missed. Fix this by always polling the vhost thread before DMA is done. Signed-off-by: Jason Wang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman

vhost-net: fix use-after-free in vhost_net_flush

2013-07-28T23:29:57Z

[ Upstream commit c38e39c378f46f00ce922dd40a91043a9925c28d ] vhost_net_ubuf_put_and_wait has a confusing name: it will actually also free it's argument. Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 "vhost-net: flush outstanding DMAs on memory change" vhost_net_flush tries to use the argument after passing it to vhost_net_ubuf_put_and_wait, this results in use after free. To fix, don't free the argument in vhost_net_ubuf_put_and_wait, add an new API for callers that want to free ubufs. Acked-by: Asias He Acked-by: Jason Wang Signed-off-by: Michael S. Tsirkin Signed-off-by: Greg Kroah-Hartman

vhost: fix ubuf_info cleanup

2013-06-11T09:46:21Z

vhost_net_clear_ubuf_info didn't clear ubuf_info after kfree, this could trigger double free. Fix this and simplify this code to make it more robust: make sure ubuf info is always freed through vhost_net_clear_ubuf_info. Reported-by: Tommi Rantala Signed-off-by: Michael S. Tsirkin Signed-off-by: David S. Miller

vhost: check owner before we overwrite ubuf_info

2013-06-11T09:46:21Z

If device has an owner, we shouldn't touch ubuf_info since it might be in use. Signed-off-by: Michael S. Tsirkin Signed-off-by: David S. Miller

vhost_net: clear msg.control for non-zerocopy case during tx

2013-06-10T21:31:45Z

When we decide not use zero-copy, msg.control should be set to NULL otherwise macvtap/tap may set zerocopy callbacks which may decrease the kref of ubufs wrongly. Bug were introduced by commit cedb9bdce099206290a2bdd02ce47a7b253b6a84 (vhost-net: skip head management if no outstanding). This solves the following warnings: WARNING: at include/linux/kref.h:47 handle_tx+0x477/0x4b0 [vhost_net]() Modules linked in: vhost_net macvtap macvlan tun nfsd exportfs bridge stp llc openvswitch kvm_amd kvm bnx2 megaraid_sas [last unloaded: tun] CPU: 5 PID: 8670 Comm: vhost-8668 Not tainted 3.10.0-rc2+ #1566 Hardware name: Dell Inc. PowerEdge R715/00XHKG, BIOS 1.5.2 04/19/2011 ffffffffa0198323 ffff88007c9ebd08 ffffffff81796b73 ffff88007c9ebd48 ffffffff8103d66b 000000007b773e20 ffff8800779f0000 ffff8800779f43f0 ffff8800779f8418 000000000000015c 0000000000000062 ffff88007c9ebd58 Call Trace: [] dump_stack+0x19/0x1e [] warn_slowpath_common+0x6b/0xa0 [] warn_slowpath_null+0x15/0x20 [] handle_tx+0x477/0x4b0 [vhost_net] [] handle_tx_kick+0x10/0x20 [vhost_net] [] vhost_worker+0xfe/0x1a0 [vhost_net] [] ? vhost_attach_cgroups_work+0x30/0x30 [vhost_net] [] ? vhost_attach_cgroups_work+0x30/0x30 [vhost_net] [] kthread+0xc6/0xd0 [] ? kthread_freezable_should_stop+0x70/0x70 [] ret_from_fork+0x7c/0xb0 [] ? kthread_freezable_should_stop+0x70/0x70 Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller

Add missing module license tag to vring helpers.

2013-05-08T01:19:03Z

[ 624.286653] vringh: module license 'unspecified' taints kernel. Signed-off-by: Dave Jones Signed-off-by: Rusty Russell

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

2013-05-07T17:13:52Z

Pull more vhost fixes from Michael Tsirkin: "This fixes some minor issues in the patches that have been merged. We also finally drop the workaround disabling event_idx for scsi: it was always questionable, and now we know it's not needed. There's also a memory leak fix" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vhost-scsi: Enable VIRTIO_RING_F_EVENT_IDX vhost: drop virtio_net.h dependency vhost-net: Cleanup vhost_ubuf and vhost_zcopy vhost: Remove vhost_enable_zcopy in vhost.h vhost: Remove comments for hdr in vhost.h vhost: Move VHOST_NET_FEATURES to net.c vhost-net: Free ubuf when vhost_dev_set_owner fails vhost: Export vhost_dev_set_owner

vhost-scsi: Enable VIRTIO_RING_F_EVENT_IDX

2013-05-07T08:11:08Z

It was disabled as a workaround. Now userspace bits work fine with it. The broken version was not ever committed to QEMU, I guess the same is true for nlkt. So, let's enable it. Signed-off-by: Asias He Acked-by: Paolo Bonzini Signed-off-by: Michael S. Tsirkin

vhost: drop virtio_net.h dependency

2013-05-06T11:04:06Z

There's no net specific code in vhost.c anymore, don't include the virtio_net.h header. Signed-off-by: Michael S. Tsirkin