joel16/android_kernel_sony_msm8994
1
0
Fork 0
mirror of https://github.com/joel16/android_kernel_sony_msm8994.git synced 2025-02-10 14:53:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

KVM: kill file->f_count abuse in kvm

Browse Source 
Use kvm own refcounting instead of playing with ->filp->f_count.
That will allow to get rid of a lot of crap in anon_inode_getfd() and
kill a race in kvm_dev_ioctl_create_vm() (file might have been closed
immediately by another thread, so ->filp might point to already freed
struct file when we get around to setting it).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Avi Kivity <avi@qumranet.com>
This commit is contained in:
Al Viro 2008-04-19 20:33:56 +01:00 committed by Avi Kivity
parent 960b399169
commit 66c0b394f0
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/linux/kvm_host.h
View File

@ -110,7 +110,6 @@ struct kvm {
KVM_PRIVATE_MEM_SLOTS]; KVM_PRIVATE_MEM_SLOTS];
struct kvm_vcpu *vcpus[KVM_MAX_VCPUS]; struct kvm_vcpu *vcpus[KVM_MAX_VCPUS];
struct list_head vm_list; struct list_head vm_list;
struct file *filp;
struct kvm_io_bus mmio_bus; struct kvm_io_bus mmio_bus;
struct kvm_io_bus pio_bus; struct kvm_io_bus pio_bus;
struct kvm_vm_stat stat; struct kvm_vm_stat stat;

12
virt/kvm/kvm_main.c
View File

@ -818,7 +818,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
{ {
struct kvm_vcpu *vcpu = filp->private_data; struct kvm_vcpu *vcpu = filp->private_data;
fput(vcpu->kvm->filp); kvm_put_kvm(vcpu->kvm);
return 0; return 0;
} }
@ -840,9 +840,10 @@ static int create_vcpu_fd(struct kvm_vcpu *vcpu)
r = anon_inode_getfd(&fd, &inode, &file, r = anon_inode_getfd(&fd, &inode, &file,
"kvm-vcpu", &kvm_vcpu_fops, vcpu); "kvm-vcpu", &kvm_vcpu_fops, vcpu);
if (r) if (r) {
kvm_put_kvm(vcpu->kvm);
return r; return r;
atomic_inc(&vcpu->kvm->filp->f_count); }
return fd; return fd;
} }
@ -877,6 +878,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n)
mutex_unlock(&kvm->lock); mutex_unlock(&kvm->lock);
/* Now it's all set up, let userspace reach it */ /* Now it's all set up, let userspace reach it */
kvm_get_kvm(kvm);
r = create_vcpu_fd(vcpu); r = create_vcpu_fd(vcpu);
if (r < 0) if (r < 0)
goto unlink; goto unlink;
@ -1176,12 +1178,10 @@ static int kvm_dev_ioctl_create_vm(void)
return PTR_ERR(kvm); return PTR_ERR(kvm);
r = anon_inode_getfd(&fd, &inode, &file, "kvm-vm", &kvm_vm_fops, kvm); r = anon_inode_getfd(&fd, &inode, &file, "kvm-vm", &kvm_vm_fops, kvm);
if (r) { if (r) {
kvm_destroy_vm(kvm); kvm_put_kvm(kvm);
return r; return r;
} }
kvm->filp = file;
return fd; return fd;
} }