From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH 4/6] kvm-s390: Unlink vcpu on destroy Date: Wed, 06 May 2009 15:11:56 +0300 Message-ID: <4A017E8C.4010700@redhat.com> References: <1241534358-32172-1-git-send-email-ehrhardt@linux.vnet.ibm.com> <1241534358-32172-5-git-send-email-ehrhardt@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, Christian Borntraeger , Carsten Otte To: ehrhardt@linux.vnet.ibm.com Return-path: Received: from mx2.redhat.com ([66.187.237.31]:57047 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753795AbZEFMOc (ORCPT ); Wed, 6 May 2009 08:14:32 -0400 In-Reply-To: <1241534358-32172-5-git-send-email-ehrhardt@linux.vnet.ibm.com> Sender: kvm-owner@vger.kernel.org List-ID: ehrhardt@linux.vnet.ibm.com wrote: > From: Carsten Otte > > This patch makes sure we do unlink a vcpu's sie control block > from the system control area in kvm_arch_vcpu_destroy. This > prevents illegal accesses to the sie control block from other > virtual cpus after free. > > Reported-by: Mijo Safradin > Signed-off-by: Carsten Otte > --- > arch/s390/kvm/kvm-s390.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > Index: kvm/arch/s390/kvm/kvm-s390.c > =================================================================== > --- kvm.orig/arch/s390/kvm/kvm-s390.c > +++ kvm/arch/s390/kvm/kvm-s390.c > @@ -195,6 +195,9 @@ out_nokvm: > void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) > { > VCPU_EVENT(vcpu, 3, "%s", "free cpu"); > + if (vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda == > + (__u64) vcpu->arch.sie_block) > + vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda = 0; > free_page((unsigned long)(vcpu->arch.sie_block)); > > If this is accessed by hardware on a different cpu, don't you need a memory barrier here? -- Do not meddle in the internals of kernels, for they are subtle and quick to panic.