Re: [PATCH] KVM: Add separate helper for putting borrowed reference to kvm

[Leonardo Bras <leonardo@linux.ibm.com>]

[-- Attachment #1: Type: text/plain, Size: 1239 bytes --]

On Wed, 2019-11-27 at 17:38 +0100, Paolo Bonzini wrote:
> On 26/11/19 18:53, Leonardo Bras wrote:
> > I agree an use-after-free more problem than a memory leak, but I
> > think
> > that there is a way to solve this without leaking the memory also.
> > 
> > One option would be reordering the kvm_put_kvm(), like in this
> > patch:
> > https://lkml.org/lkml/2019/11/26/517
> 
> It's a tradeoff between "fix one bug" and "mitigate all bugs of that
> class", both are good things to do.  Reordering the kvm_put_kvm()
> fixes
> the bug.  kvm_put_kvm_no_destroy() makes all bugs of that kind less
> severe, but it doesn't try to fix them.
> 
> Paolo
> 

I think I understand it better now, thanks Paolo and Sean.

By what I could undestand up to now, these functions that use borrowed
references can only be called while the reference (file descriptor)
exists. 
So, suppose these threads, where:
- T1 uses a borrowed reference, and 
- T2 is releasing the reference (close, release):

T1				| T2
kvm_get_kvm()			|
...				| kvm_put_kvm()
kvm_put_kvm_no_destroy()	|

The above would not trigger a use-after-free bug, but will cause a
memory leak.
Is my above understanding right?

Best regards,

Leonardo


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]