vhost/vsock: fix use-after-free in network stack callers - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Stefan Hajnoczi <[email protected]>	2018-11-05 10:35:47 +0000
committer	Michael S. Tsirkin <[email protected]>	2018-12-06 14:28:38 -0500
commit	834e772c8db0c6a275d75315d90aba4ebbb1e249 (patch)
tree	9883c42fbb27228dacc9685f4e39f077016574a5 /tools/perf/util/trace-event-scripting.c
parent	78b1a52e05c9db11d293342e8d6d8a230a04b4e7 (diff)

vhost/vsock: fix use-after-free in network stack callers

If the network stack calls .send_pkt()/.cancel_pkt() during .release(), a struct vhost_vsock use-after-free is possible. This occurs because .release() does not wait for other CPUs to stop using struct vhost_vsock. Switch to an RCU-enabled hashtable (indexed by guest CID) so that .release() can wait for other CPUs by calling synchronize_rcu(). This also eliminates vhost_vsock_lock acquisition in the data path so it could have a positive effect on performance. This is CVE-2018-14625 "kernel: use-after-free Read in vhost_transport_send_pkt". Cc: [email protected] Reported-and-tested-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Acked-by: Jason Wang <[email protected]>

Diffstat (limited to 'tools/perf/util/trace-event-scripting.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: