Re: [syzbot] INFO: task hung in vhost_work_dev_flush

From: Anirudh Rayabharam
Date: Mon Feb 21 2022 - 13:30:47 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH] char: ttyprintk: register console"
Previous message: Stefano Garzarella: "Re: [PATCH] vhost/vsock: don't check owner in vhost_vsock_stop() while releasing"
In reply to: Anirudh Rayabharam: "Re: [syzbot] INFO: task hung in vhost_work_dev_flush"
Next in thread: syzbot: "Re: [syzbot] INFO: task hung in vhost_work_dev_flush"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/drivers/vhost/iotlb.c b/drivers/vhost/iotlb.c
index 670d56c879e5..fef9daa9f09f 100644
--- a/drivers/vhost/iotlb.c
+++ b/drivers/vhost/iotlb.c
@@ -53,8 +53,13 @@ int vhost_iotlb_add_range_ctx(struct vhost_iotlb *iotlb,
void *opaque)
{
struct vhost_iotlb_map *map;
+ u64 size = last - start + 1;

- if (last < start)
+ pr_info("vhost_iotlb_add_range: iotlb=%p, start=%llu, last=%llx, addr=%llu\n",
+ iotlb, start, last, addr);
+
+ // size can overflow to 0 when start is 0 and last is (2^64 - 1).
+ if (last < start || size == 0)
return -EFAULT;

if (iotlb->limit &&
@@ -69,7 +74,7 @@ int vhost_iotlb_add_range_ctx(struct vhost_iotlb *iotlb,
return -ENOMEM;

map->start = start;
- map->size = last - start + 1;
+ map->size = size;
map->last = last;
map->addr = addr;
map->perm = perm;

Next message: Greg Kroah-Hartman: "Re: [PATCH] char: ttyprintk: register console"
Previous message: Stefano Garzarella: "Re: [PATCH] vhost/vsock: don't check owner in vhost_vsock_stop() while releasing"
In reply to: Anirudh Rayabharam: "Re: [syzbot] INFO: task hung in vhost_work_dev_flush"
Next in thread: syzbot: "Re: [syzbot] INFO: task hung in vhost_work_dev_flush"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]