From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dmitry Vyukov <dvyukov@google.com>,
Xiao Guangrong <xiaoguangrong.eric@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 4.10 05/17] KVM: x86: cleanup the page tracking SRCU instance
Date: Thu, 30 Mar 2017 12:00:20 +0200 [thread overview]
Message-ID: <20170330095926.727368365@linuxfoundation.org> (raw)
In-Reply-To: <20170330095925.918515862@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit 2beb6dad2e8f95d710159d5befb390e4f62ab5cf upstream.
SRCU uses a delayed work item. Skip cleaning it up, and
the result is use-after-free in the work item callbacks.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: 0eb05bf290cfe8610d9680b49abef37febd1c38a
Reviewed-by: Xiao Guangrong <xiaoguangrong.eric@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_page_track.h | 1 +
arch/x86/kvm/page_track.c | 8 ++++++++
arch/x86/kvm/x86.c | 1 +
3 files changed, 10 insertions(+)
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -46,6 +46,7 @@ struct kvm_page_track_notifier_node {
};
void kvm_page_track_init(struct kvm *kvm);
+void kvm_page_track_cleanup(struct kvm *kvm);
void kvm_page_track_free_memslot(struct kvm_memory_slot *free,
struct kvm_memory_slot *dont);
--- a/arch/x86/kvm/page_track.c
+++ b/arch/x86/kvm/page_track.c
@@ -158,6 +158,14 @@ bool kvm_page_track_is_active(struct kvm
return !!ACCESS_ONCE(slot->arch.gfn_track[mode][index]);
}
+void kvm_page_track_cleanup(struct kvm *kvm)
+{
+ struct kvm_page_track_notifier_head *head;
+
+ head = &kvm->arch.track_notifier_head;
+ cleanup_srcu_struct(&head->track_srcu);
+}
+
void kvm_page_track_init(struct kvm *kvm)
{
struct kvm_page_track_notifier_head *head;
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8052,6 +8052,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm
kvm_free_vcpus(kvm);
kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
kvm_mmu_uninit_vm(kvm);
+ kvm_page_track_cleanup(kvm);
}
void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
next prev parent reply other threads:[~2017-03-30 10:01 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 10:00 [PATCH 4.10 00/17] 4.10.8-stable review Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 01/17] xfrm: policy: init locks early Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 02/17] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 03/17] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder Greg Kroah-Hartman
2017-03-30 10:00 ` Greg Kroah-Hartman [this message]
2017-03-30 10:00 ` [PATCH 4.10 06/17] virtio_balloon: init 1st buffer in stats vq Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 07/17] pinctrl: qcom: Dont clear status bit on irq_unmask Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 08/17] c6x/ptrace: Remove useless PTRACE_SETREGSET implementation Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 09/17] h8300/ptrace: Fix incorrect register transfer count Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 10/17] mips/ptrace: Preserve previous registers for short regset write Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 11/17] sparc/ptrace: " Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 12/17] metag/ptrace: " Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 13/17] metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 14/17] metag/ptrace: Reject partial NT_METAG_RPIPE writes Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 15/17] qla2xxx: Allow vref count to timeout on vport delete Greg Kroah-Hartman
2017-03-31 7:50 ` Nicholas A. Bellinger
2017-03-30 10:00 ` [PATCH 4.10 16/17] sched/rt: Add a missing rescheduling point Greg Kroah-Hartman
2017-03-30 10:00 ` [PATCH 4.10 17/17] usb: musb: fix possible spinlock deadlock Greg Kroah-Hartman
2017-03-30 18:54 ` [PATCH 4.10 00/17] 4.10.8-stable review Shuah Khan
2017-03-31 7:48 ` Greg Kroah-Hartman
2017-03-31 3:46 ` Guenter Roeck
2017-03-31 7:48 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170330095926.727368365@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dvyukov@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
--cc=xiaoguangrong.eric@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.