All of lore.kernel.org
 help / color / mirror / Atom feed
From: Marcelo Tosatti <mtosatti@redhat.com>
To: "Darrick J. Wong" <djwong@us.ibm.com>
Cc: Avi Kivity <avi@redhat.com>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	kvm@vger.kernel.org
Subject: Re: [PATCH] kvm: Prevent kvm_init from corrupting debugfs structures
Date: Thu, 15 Oct 2009 13:04:23 -0300	[thread overview]
Message-ID: <20091015160423.GC9629@amt.cnet> (raw)
In-Reply-To: <20091014232100.GE26149@tux1.beaverton.ibm.com>

On Wed, Oct 14, 2009 at 04:21:00PM -0700, Darrick J. Wong wrote:
> I'm seeing an oops condition when kvm-intel and kvm-amd are modprobe'd
> during boot (say on an Intel system) and then rmmod'd:
> 
>    # modprobe kvm-intel
>      kvm_init()
>      kvm_init_debug()
>      kvm_arch_init()  <-- stores debugfs dentries internally
>      (success, etc)
> 
>    # modprobe kvm-amd
>      kvm_init()
>      kvm_init_debug() <-- second initialization clobbers kvm's
>                           internal pointers to dentries
>      kvm_arch_init()
>      kvm_exit_debug() <-- and frees them
> 
>    # rmmod kvm-intel
>      kvm_exit()
>      kvm_exit_debug() <-- double free of debugfs files!
> 
>      *BOOM*
> 
> If execution gets to the end of kvm_init(), then the calling module has been
> established as the kvm provider.  Move the debugfs initialization to the end of
> the function, and remove the now-unnecessary call to kvm_exit_debug() from the
> error path.  That way we avoid trampling on the debugfs entries and freeing
> them twice.
> 
> Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>

Applied, thanks.


      parent reply	other threads:[~2009-10-15 16:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-14 23:21 [PATCH] kvm: Prevent kvm_init from corrupting debugfs structures Darrick J. Wong
2009-10-15  7:12 ` Avi Kivity
2009-10-15 16:04 ` Marcelo Tosatti [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20091015160423.GC9629@amt.cnet \
    --to=mtosatti@redhat.com \
    --cc=avi@redhat.com \
    --cc=djwong@us.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.