[PATCH 1/1] powerpc/kvm/book3s: Fixes possible 'use after release' of kvm
Leonardo Bras
leonardo at linux.ibm.com
Fri Nov 29 03:24:22 AEDT 2019
On Thu, 2019-11-28 at 09:57 +1100, Paul Mackerras wrote:
> There isn't a potential use-after-free here. We are relying on the
> property that the release function (kvm_vm_release) cannot be called
> in parallel with this function. The reason is that this function
> (kvm_vm_ioctl_create_spapr_tce) is handling an ioctl on a kvm VM file
> descriptor. That means that a userspace process has the file
> descriptor still open. The code that implements the close() system
> call makes sure that no thread is still executing inside any system
> call that is using the same file descriptor before calling the file
> descriptor's release function (in this case, kvm_vm_release). That
> means that this kvm_put_kvm() call here cannot make the reference
> count go to zero.
That was very informative. A lot of things are clear to me now.
Thanks for explaining this Paul.
Best regards,
Leonardo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20191128/f0723525/attachment.sig>
More information about the Linuxppc-dev
mailing list