eue to make sure it won't be freed twice.
Cc: Darren Kenny <darren.ke...@oracle.com>
Reported-by: syzbot+c0272972b01b872e6...@syzkaller.appspotmail.com
Fixes: 2b8b328b61c79 ("vhost_net: handle polling errors when setting backend")
Signed-off-by: Jason Wang <jasow...@redhat.com&
Hi Jason,
On Tue, Mar 27, 2018 at 11:47:22AM +0800, Jason Wang wrote:
We tried to remove vq poll from wait queue, but do not check whether
or not it was in a list before. This will lead double free. Fixing
this by checking poll->wqh to make sure it was in a list.
This text seems at odds with
().
Signed-off-by: Sonny Rao <sonny...@chromium.org>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
All the other callers of this function already appear to assume that
it is an unsigned int.
Thanks,
Darren.
---
drivers/vhost/vhost.c | 2 +-
drivers/vhost/vhost.h | 4 ++--
2 f
