diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-02 17:57:11 -0500 |
---|---|---|
committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2013-01-15 16:01:06 -0500 |
commit | 2512f298cb9886e06938e761c9e924c8448d9ab8 (patch) | |
tree | 959938beb9ef789e72217844d159c95604817ac5 /drivers/vfio | |
parent | 99beae6cb8f4dd5dab81a370b79c3b1085848d89 (diff) |
xen/gntdev: fix unsafe vma access
In gntdev_ioctl_get_offset_for_vaddr, we need to hold mmap_sem while
calling find_vma() to avoid potentially having the result freed out from
under us. Similarly, the MMU notifier functions need to synchronize with
gntdev_vma_close to avoid map->vma being freed during their iteration.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/vfio')
0 files changed, 0 insertions, 0 deletions