1
linux/drivers/virtio
Feng Liu 97ee04feb6 virtio_pci: Fix admin vq cleanup by using correct info pointer
vp_modern_avq_cleanup() and vp_del_vqs() clean up admin vq
resources by virtio_pci_vq_info pointer. The info pointer of admin
vq is stored in vp_dev->admin_vq.info instead of vp_dev->vqs[].
Using the info pointer from vp_dev->vqs[] for admin vq causes a
kernel NULL pointer dereference bug.
In vp_modern_avq_cleanup() and vp_del_vqs(), get the info pointer
from vp_dev->admin_vq.info for admin vq to clean up the resources.
Also make info ptr as argument of vp_del_vq() to be symmetric with
vp_setup_vq().

vp_reset calls vp_modern_avq_cleanup, and causes the Call Trace:
==================================================================
BUG: kernel NULL pointer dereference, address:0000000000000000
...
CPU: 49 UID: 0 PID: 4439 Comm: modprobe Not tainted 6.11.0-rc5 #1
RIP: 0010:vp_reset+0x57/0x90 [virtio_pci]
Call Trace:
 <TASK>
...
 ? vp_reset+0x57/0x90 [virtio_pci]
 ? vp_reset+0x38/0x90 [virtio_pci]
 virtio_reset_device+0x1d/0x30
 remove_vq_common+0x1c/0x1a0 [virtio_net]
 virtnet_remove+0xa1/0xc0 [virtio_net]
 virtio_dev_remove+0x46/0xa0
...
 virtio_pci_driver_exit+0x14/0x810 [virtio_pci]
==================================================================

Fixes: 4c3b54af90 ("virtio_pci_modern: use completion instead of busy loop to wait on admin cmd result")
Signed-off-by: Feng Liu <feliu@nvidia.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Parav Pandit <parav@nvidia.com>
Message-Id: <20241024135406.81388-1-feliu@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-11-06 04:40:07 -05:00
..
Kconfig virtio-mem: Enable virtio-mem for RISC-V 2024-06-26 08:42:45 -07:00
Makefile virtio: add debugfs infrastructure to allow to debug virtio features 2024-04-26 13:26:53 +02:00
virtio_anchor.c virtio: replace restricted mem access flag with callback 2022-08-01 07:42:49 +02:00
virtio_balloon.c virtio_balloon: introduce memory scan/reclaim info 2024-09-10 02:51:48 -04:00
virtio_debug.c virtio: add debugfs infrastructure to allow to debug virtio features 2024-04-26 13:26:53 +02:00
virtio_dma_buf.c virtio: add missing MODULE_DESCRIPTION() macro 2024-07-17 05:43:20 -04:00
virtio_input.c virtio: rename virtio_find_vqs_info() to virtio_find_vqs() 2024-07-17 05:20:58 -04:00
virtio_mem.c mm/memory_hotplug: skip adjust_managed_page_count() for PageOffline() pages when offlining 2024-07-03 19:30:18 -07:00
virtio_mmio.c virtio: rename find_vqs_info() op to find_vqs() 2024-07-17 05:20:57 -04:00
virtio_pci_admin_legacy_io.c virtio-pci: Introduce APIs to execute legacy IO admin commands 2023-12-19 11:51:33 -07:00
virtio_pci_common.c virtio_pci: Fix admin vq cleanup by using correct info pointer 2024-11-06 04:40:07 -05:00
virtio_pci_common.h virtio_pci: Fix admin vq cleanup by using correct info pointer 2024-11-06 04:40:07 -05:00
virtio_pci_legacy_dev.c virtio/virtio_pci_legacy_dev: ensure the correct return value 2022-01-14 18:50:53 -05:00
virtio_pci_legacy.c virtio: rename find_vqs_info() op to find_vqs() 2024-07-17 05:20:57 -04:00
virtio_pci_modern_dev.c virtio-pci: Introduce admin virtqueue 2023-12-19 11:51:31 -07:00
virtio_pci_modern.c virtio_pci: Fix admin vq cleanup by using correct info pointer 2024-11-06 04:40:07 -05:00
virtio_ring.c virtio_ring: tag event_triggered as racy for KCSAN 2024-09-25 07:07:44 -04:00
virtio_vdpa.c virtio: rename find_vqs_info() op to find_vqs() 2024-07-17 05:20:57 -04:00
virtio.c virtio: allow driver to disable the configure change notification 2024-08-15 19:14:19 -07:00