Re: [PATCH 1/1] powerpc/kvm/book3s: Fixes possible 'use after release' of kvm

From: Leonardo Bras
Date: Thu Nov 28 2019 - 11:24:50 EST

Next message: David Laight: "RE: epoll_wait() performance"
Previous message: Vasily Khoruzhick: "Re: [PATCH v6 2/7] dt-bindings: thermal: add YAML schema for sun8i-thermal driver bindings"
In reply to: Paul Mackerras: "Re: [PATCH 1/1] powerpc/kvm/book3s: Fixes possible 'use after release' of kvm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2019-11-28 at 09:57 +1100, Paul Mackerras wrote:
> There isn't a potential use-after-free here. We are relying on the
> property that the release function (kvm_vm_release) cannot be called
> in parallel with this function. The reason is that this function
> (kvm_vm_ioctl_create_spapr_tce) is handling an ioctl on a kvm VM file
> descriptor. That means that a userspace process has the file
> descriptor still open. The code that implements the close() system
> call makes sure that no thread is still executing inside any system
> call that is using the same file descriptor before calling the file
> descriptor's release function (in this case, kvm_vm_release). That
> means that this kvm_put_kvm() call here cannot make the reference
> count go to zero.

That was very informative. A lot of things are clear to me now.
Thanks for explaining this Paul.

Best regards,
Leonardo

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: David Laight: "RE: epoll_wait() performance"
Previous message: Vasily Khoruzhick: "Re: [PATCH v6 2/7] dt-bindings: thermal: add YAML schema for sun8i-thermal driver bindings"
In reply to: Paul Mackerras: "Re: [PATCH 1/1] powerpc/kvm/book3s: Fixes possible 'use after release' of kvm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]