xen/gntdev: fix unsafe vma access
In gntdev_ioctl_get_offset_for_vaddr, we need to hold mmap_sem while calling find_vma() to avoid potentially having the result freed out from under us. Similarly, the MMU notifier functions need to synchronize with gntdev_vma_close to avoid map->vma being freed during their iteration. Signed-off-by: NDaniel De Graaf <dgdegra@tycho.nsa.gov> Reported-by: NAl Viro <viro@ZenIV.linux.org.uk> Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Showing
想要评论请 注册 或 登录