From mboxrd@z Thu Jan  1 00:00:00 1970
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: Re: [patch 01/12] [PATCH] kvm-s390: ioctl to switch to user
 controlled virtual machines
Date: Thu, 1 Dec 2011 15:20:16 +0100
Message-ID: <20111201152016.6de7eea3@de.ibm.com>
References: <20111201125732.085553111@de.ibm.com>
	<20111201130408.897496445@de.ibm.com>
	<4ED77DD7.7090507@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: Carsten Otte <cotte@de.ibm.com>,
	Marcelo Tossati <mtosatti@redhat.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	KVM <kvm@vger.kernel.org>,
	Joachim von Buttlar <joachim_von_buttlar@de.ibm.com>,
	Jens Freimann <jfrei@de.ibm.com>,
	Constantin Werner <constantin.werner@de.ibm.com>
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from e06smtp18.uk.ibm.com ([195.75.94.114]:60832 "EHLO
	e06smtp18.uk.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754663Ab1LAOUY (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 1 Dec 2011 09:20:24 -0500
Received: from /spool/local
	by e06smtp18.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
	for <kvm@vger.kernel.org> from <schwidefsky@de.ibm.com>;
	Thu, 1 Dec 2011 14:20:21 -0000
Received: from d06av05.portsmouth.uk.ibm.com (d06av05.portsmouth.uk.ibm.com [9.149.37.229])
	by d06nrmr1707.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id pB1EKI5l2629850
	for <kvm@vger.kernel.org>; Thu, 1 Dec 2011 14:20:18 GMT
Received: from d06av05.portsmouth.uk.ibm.com (loopback [127.0.0.1])
	by d06av05.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id pB1EKIdv014782
	for <kvm@vger.kernel.org>; Thu, 1 Dec 2011 07:20:18 -0700
In-Reply-To: <4ED77DD7.7090507@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, 01 Dec 2011 15:15:03 +0200
Avi Kivity <avi@redhat.com> wrote:

> > +
> > +	if (kvm->arch.gmap)
> > +		gmap_free(kvm->arch.gmap);
> > +
> > +	kvm->arch.gmap = NULL;
> 
> Locking?
> 
> What happens if a vcpu is created afterwards?
> 
> I guess you don't mind too much since this is a privileged interface for
> a single purpose.

That is indeed a race. A malicious user space could create a new cpu with
KVM_CREATE_VCPU on another thread after the for loop checked that there
are no VCPUs. The new VCPU could then pick up the kvm->arch.gmap and use it
while the caller of KVM_S390_ENABLE_UCONTROL frees the structure.
The kvm_s390_enable_ucontrol function needs to lock with the kvm->lock mutex.

-- 
blue skies,
   Martin.

"Reality continues to ruin my life." - Calvin.