@@ -2442,14 +2442,10 @@ struct virtqueue *vring_new_virtqueue(unsigned int index,
}
EXPORT_SYMBOL_GPL(vring_new_virtqueue);
-void vring_del_virtqueue(struct virtqueue *_vq)
+static void __vring_free(struct virtqueue *_vq)
{
struct vring_virtqueue *vq = to_vvq(_vq);
- spin_lock(&vq->vq.vdev->vqs_list_lock);
- list_del(&_vq->list);
- spin_unlock(&vq->vq.vdev->vqs_list_lock);
-
if (vq->we_own_ring) {
if (vq->packed_ring) {
vring_free_queue(vq->vq.vdev,
@@ -2480,6 +2476,25 @@ void vring_del_virtqueue(struct virtqueue *_vq)
kfree(vq->split.desc_state);
kfree(vq->split.desc_extra);
}
+}
+
+static void vring_free(struct virtqueue *vq)
+{
+ __vring_free(vq);
+ vq->reset = VIRTIO_VQ_RESET_STEP_VRING_RELEASE;
+}
+
+void vring_del_virtqueue(struct virtqueue *_vq)
+{
+ struct vring_virtqueue *vq = to_vvq(_vq);
+
+ spin_lock(&vq->vq.vdev->vqs_list_lock);
+ list_del(&_vq->list);
+ spin_unlock(&vq->vq.vdev->vqs_list_lock);
+
+ if (_vq->reset != VIRTIO_VQ_RESET_STEP_VRING_RELEASE)
+ __vring_free(_vq);
+
kfree(vq);
}
EXPORT_SYMBOL_GPL(vring_del_virtqueue);
@@ -10,6 +10,13 @@
#include <linux/mod_devicetable.h>
#include <linux/gfp.h>
+enum virtio_vq_reset_step {
+ VIRTIO_VQ_RESET_STEP_NONE,
+ VIRTIO_VQ_RESET_STEP_DEVICE,
+ VIRTIO_VQ_RESET_STEP_VRING_RELEASE,
+ VIRTIO_VQ_RESET_STEP_VRING_ATTACH,
+};
+
/**
* virtqueue - a queue to register buffers for sending or receiving.
* @list: the chain of virtqueues for this device
@@ -33,6 +40,7 @@ struct virtqueue {
unsigned int num_free;
unsigned int num_max;
void *priv;
+ enum virtio_vq_reset_step reset;
};
int virtqueue_add_outbuf(struct virtqueue *vq,
Introduce vring_free() to free the vring of vq. Prevent double free by setting vq->reset. Signed-off-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com> --- drivers/virtio/virtio_ring.c | 25 ++++++++++++++++++++----- include/linux/virtio.h | 8 ++++++++ 2 files changed, 28 insertions(+), 5 deletions(-)