From: Oliver Upton <oupton@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: kvm@vger.kernel.org, Peter Shier <pshier@google.com>,
stable@kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/3] KVM: Don't create VM debugfs files outside of the VM directory
Date: Wed, 6 Apr 2022 17:59:02 +0000 [thread overview]
Message-ID: <Yk3U5tfqBQBOeSs+@google.com> (raw)
In-Reply-To: <87fsmqvgaf.wl-maz@kernel.org>
On Wed, Apr 06, 2022 at 08:10:00AM +0100, Marc Zyngier wrote:
> Hi Oliver,
>
> On Mon, 04 Apr 2022 19:21:17 +0100,
> Oliver Upton <oupton@google.com> wrote:
> >
> > Unfortunately, there is no guarantee that KVM was able to instantiate a
> > debugfs directory for a particular VM. To that end, KVM shouldn't even
> > attempt to create new debugfs files in this case. If the specified
> > parent dentry is NULL, debugfs_create_file() will instantiate files at
> > the root of debugfs.
> >
> > For arm64, it is possible to create the vgic-state file outside of a
> > VM directory, the file is not cleaned up when a VM is destroyed.
> > Nonetheless, the corresponding struct kvm is freed when the VM is
> > destroyed.
> >
> > Nip the problem in the bud for all possible errant debugfs file
> > creations by initializing kvm->debugfs_dentry to -ENOENT. In so doing,
> > debugfs_create_file() will fail instead of creating the file in the root
> > directory.
> >
> > Cc: stable@kernel.org
> > Fixes: 929f45e32499 ("kvm: no need to check return value of debugfs_create functions")
> > Signed-off-by: Oliver Upton <oupton@google.com>
> > ---
> > virt/kvm/kvm_main.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> > index 70e05af5ebea..04a426e65cb8 100644
> > --- a/virt/kvm/kvm_main.c
> > +++ b/virt/kvm/kvm_main.c
> > @@ -932,7 +932,7 @@ static void kvm_destroy_vm_debugfs(struct kvm *kvm)
> > int kvm_debugfs_num_entries = kvm_vm_stats_header.num_desc +
> > kvm_vcpu_stats_header.num_desc;
> >
> > - if (!kvm->debugfs_dentry)
> > + if (!IS_ERR(kvm->debugfs_dentry))
> > return;
>
> Shouldn't this condition be inverted? It certainly looks odd.
Err... Yep, this is plain wrong. Let me fix this obvious mistake.
--
Thanks,
Oliver
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oupton@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>,
Reiji Watanabe <reijiw@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
stable@kernel.org
Subject: Re: [PATCH v2 1/3] KVM: Don't create VM debugfs files outside of the VM directory
Date: Wed, 6 Apr 2022 17:59:02 +0000 [thread overview]
Message-ID: <Yk3U5tfqBQBOeSs+@google.com> (raw)
In-Reply-To: <87fsmqvgaf.wl-maz@kernel.org>
On Wed, Apr 06, 2022 at 08:10:00AM +0100, Marc Zyngier wrote:
> Hi Oliver,
>
> On Mon, 04 Apr 2022 19:21:17 +0100,
> Oliver Upton <oupton@google.com> wrote:
> >
> > Unfortunately, there is no guarantee that KVM was able to instantiate a
> > debugfs directory for a particular VM. To that end, KVM shouldn't even
> > attempt to create new debugfs files in this case. If the specified
> > parent dentry is NULL, debugfs_create_file() will instantiate files at
> > the root of debugfs.
> >
> > For arm64, it is possible to create the vgic-state file outside of a
> > VM directory, the file is not cleaned up when a VM is destroyed.
> > Nonetheless, the corresponding struct kvm is freed when the VM is
> > destroyed.
> >
> > Nip the problem in the bud for all possible errant debugfs file
> > creations by initializing kvm->debugfs_dentry to -ENOENT. In so doing,
> > debugfs_create_file() will fail instead of creating the file in the root
> > directory.
> >
> > Cc: stable@kernel.org
> > Fixes: 929f45e32499 ("kvm: no need to check return value of debugfs_create functions")
> > Signed-off-by: Oliver Upton <oupton@google.com>
> > ---
> > virt/kvm/kvm_main.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> > index 70e05af5ebea..04a426e65cb8 100644
> > --- a/virt/kvm/kvm_main.c
> > +++ b/virt/kvm/kvm_main.c
> > @@ -932,7 +932,7 @@ static void kvm_destroy_vm_debugfs(struct kvm *kvm)
> > int kvm_debugfs_num_entries = kvm_vm_stats_header.num_desc +
> > kvm_vcpu_stats_header.num_desc;
> >
> > - if (!kvm->debugfs_dentry)
> > + if (!IS_ERR(kvm->debugfs_dentry))
> > return;
>
> Shouldn't this condition be inverted? It certainly looks odd.
Err... Yep, this is plain wrong. Let me fix this obvious mistake.
--
Thanks,
Oliver
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oupton@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>,
Reiji Watanabe <reijiw@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
stable@kernel.org
Subject: Re: [PATCH v2 1/3] KVM: Don't create VM debugfs files outside of the VM directory
Date: Wed, 6 Apr 2022 17:59:02 +0000 [thread overview]
Message-ID: <Yk3U5tfqBQBOeSs+@google.com> (raw)
In-Reply-To: <87fsmqvgaf.wl-maz@kernel.org>
On Wed, Apr 06, 2022 at 08:10:00AM +0100, Marc Zyngier wrote:
> Hi Oliver,
>
> On Mon, 04 Apr 2022 19:21:17 +0100,
> Oliver Upton <oupton@google.com> wrote:
> >
> > Unfortunately, there is no guarantee that KVM was able to instantiate a
> > debugfs directory for a particular VM. To that end, KVM shouldn't even
> > attempt to create new debugfs files in this case. If the specified
> > parent dentry is NULL, debugfs_create_file() will instantiate files at
> > the root of debugfs.
> >
> > For arm64, it is possible to create the vgic-state file outside of a
> > VM directory, the file is not cleaned up when a VM is destroyed.
> > Nonetheless, the corresponding struct kvm is freed when the VM is
> > destroyed.
> >
> > Nip the problem in the bud for all possible errant debugfs file
> > creations by initializing kvm->debugfs_dentry to -ENOENT. In so doing,
> > debugfs_create_file() will fail instead of creating the file in the root
> > directory.
> >
> > Cc: stable@kernel.org
> > Fixes: 929f45e32499 ("kvm: no need to check return value of debugfs_create functions")
> > Signed-off-by: Oliver Upton <oupton@google.com>
> > ---
> > virt/kvm/kvm_main.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> > index 70e05af5ebea..04a426e65cb8 100644
> > --- a/virt/kvm/kvm_main.c
> > +++ b/virt/kvm/kvm_main.c
> > @@ -932,7 +932,7 @@ static void kvm_destroy_vm_debugfs(struct kvm *kvm)
> > int kvm_debugfs_num_entries = kvm_vm_stats_header.num_desc +
> > kvm_vcpu_stats_header.num_desc;
> >
> > - if (!kvm->debugfs_dentry)
> > + if (!IS_ERR(kvm->debugfs_dentry))
> > return;
>
> Shouldn't this condition be inverted? It certainly looks odd.
Err... Yep, this is plain wrong. Let me fix this obvious mistake.
--
Thanks,
Oliver
next prev parent reply other threads:[~2022-04-06 17:59 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-04 18:21 [PATCH v2 0/3] KVM: Fix use-after-free in debugfs Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-04 18:21 ` [PATCH v2 1/3] KVM: Don't create VM debugfs files outside of the VM directory Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-06 7:10 ` Marc Zyngier
2022-04-06 7:10 ` Marc Zyngier
2022-04-06 7:10 ` Marc Zyngier
2022-04-06 17:59 ` Oliver Upton [this message]
2022-04-06 17:59 ` Oliver Upton
2022-04-06 17:59 ` Oliver Upton
2022-04-04 18:21 ` [PATCH v2 2/3] selftests: KVM: Don't leak GIC FD across dirty log test iterations Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-04 18:21 ` [PATCH v2 3/3] selftests: KVM: Free the GIC FD when cleaning up in arch_timer Oliver Upton
2022-04-04 18:21 ` Oliver Upton
2022-04-04 18:21 ` Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yk3U5tfqBQBOeSs+@google.com \
--to=oupton@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.