| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jan 2023 15:09:30 -0700
From: Alex Williamson <alex.williamson@...hat.com>
To: Matthew Rosato <mjrosato@...ux.ibm.com>
Cc: jgg@...dia.com, cohuck@...hat.com, borntraeger@...ux.ibm.com,
jjherne@...ux.ibm.com, akrowiak@...ux.ibm.com, pasic@...ux.ibm.com,
zhenyuw@...ux.intel.com, zhi.a.wang@...el.com, hch@...radead.org,
intel-gfx@...ts.freedesktop.org,
intel-gvt-dev@...ts.freedesktop.org, linux-s390@...r.kernel.org,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Kevin Tian <kevin.tian@...el.com>,
Christoph Hellwig <hch@....de>
Subject: Re: [PATCH v3 1/1] vfio: remove VFIO_GROUP_NOTIFY_SET_KVM
On Thu, 19 May 2022 14:33:11 -0400
Matthew Rosato <mjrosato@...ux.ibm.com> wrote:
> Rather than relying on a notifier for associating the KVM with
> the group, let's assume that the association has already been
> made prior to device_open. The first time a device is opened
> associate the group KVM with the device.
>
> This fixes a user-triggerable oops in GVT.
It seems this has traded an oops for a deadlock, which still exists
today in both GVT-g and vfio-ap. These are the only vfio drivers that
care about kvm, so they make use of kvm_{get,put}_kvm(), where the
latter is called by their .close_device() callbacks.
.close_device() is called holding the group->group_lock, or at the time
of this commit group->group_rwsem. The remaining call chain looks like
this:
kvm_put_kvm
-> kvm_destroy_vm
-> kvm_destroy_devices
-> kvm_vfio_destroy
-> kvm_vfio_file_set_kvm
-> vfio_file_set_kvm
-> group->group_lock/group_rwsem
Any suggestions for a fix? Thanks,
Alex
Powered by blists - more mailing lists