On Thu, Feb 26, 2026 at 7:56 PM Zhang Tianci <[email protected]> wrote: > > There is one race case in vduse_dev_msg_sync and vduse_dev_read_iter: > > vduse_dev_read_iter(): > lock(msg_lock); > dequeue_msg(send_list); > unlock(msg_lock); > vduse_dev_msg_sync(): > wait_timeout() finish > lock(msg_lock); > check msg->complete is false > list_del(msg); <- double list_del() crash! > > To fix this case, we shall ensure vduse_msg is on send_list or recv_list > outside the msg_lock critical section. > > Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") > Cc: [email protected] > Signed-off-by: Zhang Tianci <[email protected]> > Reviewed-by: Xie Yongji <[email protected]> > ---
Acked-by: Jason Wang <[email protected]> Thanks
