vhost: fix error handling in RESET_OWNER ioctl

RESET_OWNER ioctl would leave the fd in a bad state if memory allocation failed: device is stopped but owner is not reset. Make state changes after allocating memory, such that a failed ioctl has no effect. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
author: Michael S. Tsirkin <mst@redhat.com> 2013-04-28 10:12:08 -0400
committer: Michael S. Tsirkin <mst@redhat.com> 2013-05-01 03:02:54 -0400
commit: 150b9e51ae975ca1fe468c565870fbc4a96e0574 (patch)
tree: c708d0c69807c7ac4eb14e86498536c5ec1c6c82
parent: 061b16cfe3dc7a106dd29b76f6355d84464d126c (diff)
4 files changed, 24 insertions, 12 deletions
diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
index e34e195b9cf6..a3645bd163d8 100644
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -967,14 +967,20 @@ static long vhost_net_reset_owner(struct vhost_net *n)
        struct socket *tx_sock = NULL;
        struct socket *rx_sock = NULL;
        long err;
+        struct vhost_memory *memory;
        mutex_lock(&n->dev.mutex);
        err = vhost_dev_check_owner(&n->dev);
        if (err)
                goto done;
+        memory = vhost_dev_reset_owner_prepare();
+        if (!memory) {
+                err = -ENOMEM;
+                goto done;
+        }
        vhost_net_stop(n, &tx_sock, &rx_sock);
        vhost_net_flush(n);
-        err = vhost_dev_reset_owner(&n->dev);
+        vhost_dev_reset_owner(&n->dev, memory);
        vhost_net_vq_reset(n);
 done:
        mutex_unlock(&n->dev.mutex);
diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c
index 91d6f060aade..be65414d5bb1 100644
--- a/drivers/vhost/test.c
+++ b/drivers/vhost/test.c
@@ -219,13 +219,20 @@ static long vhost_test_reset_owner(struct vhost_test *n)
 {
        void *priv = NULL;
        long err;
+        struct vhost_memory *memory;
        mutex_lock(&n->dev.mutex);
        err = vhost_dev_check_owner(&n->dev);
        if (err)
                goto done;
+        memory = vhost_dev_reset_owner_prepare();
+        if (!memory) {
+                err = -ENOMEM;
+                goto done;
+        }
        vhost_test_stop(n, &priv);
        vhost_test_flush(n);
-        err = vhost_dev_reset_owner(&n->dev);
+        vhost_dev_reset_owner(&n->dev, memory);
 done:
        mutex_unlock(&n->dev.mutex);
        return err;
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 6dcd81c87432..749b5ab5bfbb 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -386,21 +386,19 @@ err_mm:
        return err;
 }
-/* Caller should have device mutex */
+struct vhost_memory *vhost_dev_reset_owner_prepare(void)
-long vhost_dev_reset_owner(struct vhost_dev *dev)
 {
-        struct vhost_memory *memory;
+        return kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
+}
-        /* Restore memory to default empty mapping. */
-        memory = kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
-        if (!memory)
-                return -ENOMEM;
+/* Caller should have device mutex */
+void vhost_dev_reset_owner(struct vhost_dev *dev, struct vhost_memory *memory)
+{
        vhost_dev_cleanup(dev, true);
+        /* Restore memory to default empty mapping. */
        memory->nregions = 0;
        RCU_INIT_POINTER(dev->memory, memory);
-        return 0;
 }
 void vhost_dev_stop(struct vhost_dev *dev)
diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
index 1627eec0ca25..b58f4ae82cb8 100644
--- a/drivers/vhost/vhost.h
+++ b/drivers/vhost/vhost.h
@@ -136,7 +136,8 @@ struct vhost_dev {
 long vhost_dev_init(struct vhost_dev *, struct vhost_virtqueue **vqs, int nvqs);
 long vhost_dev_check_owner(struct vhost_dev *);
-long vhost_dev_reset_owner(struct vhost_dev *);
+struct vhost_memory *vhost_dev_reset_owner_prepare(void);
+void vhost_dev_reset_owner(struct vhost_dev *, struct vhost_memory *);
 void vhost_dev_cleanup(struct vhost_dev *, bool locked);
 void vhost_dev_stop(struct vhost_dev *);
 long vhost_dev_ioctl(struct vhost_dev *, unsigned int ioctl, void __user *argp);
author	Michael S. Tsirkin <mst@redhat.com>	2013-04-28 10:12:08 -0400
committer	Michael S. Tsirkin <mst@redhat.com>	2013-05-01 03:02:54 -0400
commit	150b9e51ae975ca1fe468c565870fbc4a96e0574 (patch)
tree	c708d0c69807c7ac4eb14e86498536c5ec1c6c82
parent	061b16cfe3dc7a106dd29b76f6355d84464d126c (diff)

diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index e34e195b9cf6..a3645bd163d8 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c
@@ -967,14 +967,20 @@ static long vhost_net_reset_owner(struct vhost_net *n)
967	struct socket *tx_sock = NULL;	967	struct socket *tx_sock = NULL;
968	struct socket *rx_sock = NULL;	968	struct socket *rx_sock = NULL;
969	long err;	969	long err;
		970	struct vhost_memory *memory;
970		971
971	mutex_lock(&n->dev.mutex);	972	mutex_lock(&n->dev.mutex);
972	err = vhost_dev_check_owner(&n->dev);	973	err = vhost_dev_check_owner(&n->dev);
973	if (err)	974	if (err)
974	goto done;	975	goto done;
		976	memory = vhost_dev_reset_owner_prepare();
		977	if (!memory) {
		978	err = -ENOMEM;
		979	goto done;
		980	}
975	vhost_net_stop(n, &tx_sock, &rx_sock);	981	vhost_net_stop(n, &tx_sock, &rx_sock);
976	vhost_net_flush(n);	982	vhost_net_flush(n);
977	err = vhost_dev_reset_owner(&n->dev);	983	vhost_dev_reset_owner(&n->dev, memory);
978	vhost_net_vq_reset(n);	984	vhost_net_vq_reset(n);
979	done:	985	done:
980	mutex_unlock(&n->dev.mutex);	986	mutex_unlock(&n->dev.mutex);


diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c index 91d6f060aade..be65414d5bb1 100644 --- a/drivers/vhost/test.c +++ b/drivers/vhost/test.c
@@ -219,13 +219,20 @@ static long vhost_test_reset_owner(struct vhost_test *n)
219	{	219	{
220	void *priv = NULL;	220	void *priv = NULL;
221	long err;	221	long err;
		222	struct vhost_memory *memory;
		223
222	mutex_lock(&n->dev.mutex);	224	mutex_lock(&n->dev.mutex);
223	err = vhost_dev_check_owner(&n->dev);	225	err = vhost_dev_check_owner(&n->dev);
224	if (err)	226	if (err)
225	goto done;	227	goto done;
		228	memory = vhost_dev_reset_owner_prepare();
		229	if (!memory) {
		230	err = -ENOMEM;
		231	goto done;
		232	}
226	vhost_test_stop(n, &priv);	233	vhost_test_stop(n, &priv);
227	vhost_test_flush(n);	234	vhost_test_flush(n);
228	err = vhost_dev_reset_owner(&n->dev);	235	vhost_dev_reset_owner(&n->dev, memory);
229	done:	236	done:
230	mutex_unlock(&n->dev.mutex);	237	mutex_unlock(&n->dev.mutex);
231	return err;	238	return err;


diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 6dcd81c87432..749b5ab5bfbb 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c
@@ -386,21 +386,19 @@ err_mm:
386	return err;	386	return err;
387	}	387	}
388		388
389	/* Caller should have device mutex */	389	struct vhost_memory *vhost_dev_reset_owner_prepare(void)
390	long vhost_dev_reset_owner(struct vhost_dev *dev)
391	{	390	{
392	struct vhost_memory *memory;	391	return kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
393		392	}
394	/* Restore memory to default empty mapping. */
395	memory = kmalloc(offsetof(struct vhost_memory, regions), GFP_KERNEL);
396	if (!memory)
397	return -ENOMEM;
398		393
		394	/* Caller should have device mutex */
		395	void vhost_dev_reset_owner(struct vhost_dev dev, struct vhost_memory memory)
		396	{
399	vhost_dev_cleanup(dev, true);	397	vhost_dev_cleanup(dev, true);
400		398
		399	/* Restore memory to default empty mapping. */
401	memory->nregions = 0;	400	memory->nregions = 0;
402	RCU_INIT_POINTER(dev->memory, memory);	401	RCU_INIT_POINTER(dev->memory, memory);
403	return 0;
404	}	402	}
405		403
406	void vhost_dev_stop(struct vhost_dev *dev)	404	void vhost_dev_stop(struct vhost_dev *dev)


diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h index 1627eec0ca25..b58f4ae82cb8 100644 --- a/drivers/vhost/vhost.h +++ b/drivers/vhost/vhost.h
@@ -136,7 +136,8 @@ struct vhost_dev {
136		136
137	long vhost_dev_init(struct vhost_dev , struct vhost_virtqueue *vqs, int nvqs);	137	long vhost_dev_init(struct vhost_dev , struct vhost_virtqueue *vqs, int nvqs);
138	long vhost_dev_check_owner(struct vhost_dev *);	138	long vhost_dev_check_owner(struct vhost_dev *);
139	long vhost_dev_reset_owner(struct vhost_dev *);	139	struct vhost_memory *vhost_dev_reset_owner_prepare(void);
		140	void vhost_dev_reset_owner(struct vhost_dev , struct vhost_memory );
140	void vhost_dev_cleanup(struct vhost_dev *, bool locked);	141	void vhost_dev_cleanup(struct vhost_dev *, bool locked);
141	void vhost_dev_stop(struct vhost_dev *);	142	void vhost_dev_stop(struct vhost_dev *);
142	long vhost_dev_ioctl(struct vhost_dev , unsigned int ioctl, void __user argp);	143	long vhost_dev_ioctl(struct vhost_dev , unsigned int ioctl, void __user argp);