[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZAjr5o2v00YrArcH@google.com>
Date: Wed, 8 Mar 2023 12:11:18 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Ackerley Tng <ackerleytng@...gle.com>
Cc: Chao Peng <chao.p.peng@...ux.intel.com>, vannapurve@...gle.com,
x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, pbonzini@...hat.com,
vkuznets@...hat.com, wanpengli@...cent.com, jmattson@...gle.com,
joro@...tes.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
shuah@...nel.org, yang.zhong@...el.com, ricarkol@...gle.com,
aaronlewis@...gle.com, wei.w.wang@...el.com,
kirill.shutemov@...ux.intel.com, corbet@....net, hughd@...gle.com,
jlayton@...nel.org, bfields@...ldses.org,
akpm@...ux-foundation.org, yu.c.zhang@...ux.intel.com,
jun.nakajima@...el.com, dave.hansen@...el.com,
michael.roth@....com, qperret@...gle.com, steven.price@....com,
ak@...ux.intel.com, david@...hat.com, luto@...nel.org,
vbabka@...e.cz, marcorr@...gle.com, erdemaktas@...gle.com,
pgonda@...gle.com, nikunj@....com, diviness@...gle.com,
maz@...nel.org, dmatlack@...gle.com, axelrasmussen@...gle.com,
maciej.szmigiero@...cle.com, mizhang@...gle.com, bgardon@...gle.com
Subject: Re: [V2 PATCH 0/6] KVM: selftests: selftests for fd-based private memory
On Wed, Mar 08, 2023, Ackerley Tng wrote:
> While I was working on the selftests I noticed that this could perhaps
> be improved:
>
> https://github.com/chao-p/linux/blob/ddd2c92b268a2fdc6158f82a6169ad1a57f2a01d/virt/kvm/kvm_main.c#L1035
>
> We should use a temporary variable to hold the result of fget(fd).
>
> As it is now, if the user provides any invalide fd, like -1,
> slot->restrictedmem.file would be overwritten and lost.
Meh, that can happen if and only if KVM has a bug elsehwere. If
slot->restrictedmem.file is anything but NULL, KVM is hosed. E.g. waiting to set
slot->restrictedmem.file until the very end wouldn't magically prevent a file
descriptor leak if slot->restrictedmem.file is non-NULL.
> We cannot update slot->restrictedmem.file until after the
> file_is_restrictedmem() check.
>
> For now there isn't a big problem because kvm_restrictedmem_bind() is
> only called on a new struct kvm_memory_slot, but I think this should be
> changed in case the function is used elsewhere in future.
Nah, if anything we could add
if (WARN_ON_ONCE(slot->restrictedmem.file))
return -EIO;
but I don't see the point. There's exactly one caller and the entire scheme
depends on binding the memslot to restricted memory when the memslot is created,
i.e. this would be but one of many changes if KVM were to allowed re-binding a
memslot.
Powered by blists - more mailing lists