[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231002133230.195738-1-michael.roth@amd.com>
Date: Mon, 2 Oct 2023 08:32:30 -0500
From: Michael Roth <michael.roth@....com>
To: <kvm@...r.kernel.org>
CC: <linux-kernel@...r.kernel.org>, <seanjc@...gle.com>,
Paolo Bonzini <pbonzini@...hat.com>
Subject: [PATCH gmem FIXUP] KVM: Don't re-use inodes when creating guest_memfd files
anon_inode_getfile() uses a singleton inode, which results in the inode
size changing based with each new KVM_CREATE_GUEST_MEMFD call, which
can later lead to previously-created guest_memfd files failing bounds
checks that are later performed when memslots are bound to them. More
generally, the inode may be associated with other state that cannot be
shared across multiple guest_memfd instances.
Revert back to having 1 inode per guest_memfd instance by using the
"secure" variant of anon_inode_getfile().
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Sean Christopherson <seanjc@...gle.com>
Fixes: 0f7e60a5f42a ("kvm: guestmem: do not use a file system")
Signed-off-by: Michael Roth <michael.roth@....com>
---
fs/anon_inodes.c | 1 +
virt/kvm/guest_memfd.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
index 24192a7667ed..4190336180ee 100644
--- a/fs/anon_inodes.c
+++ b/fs/anon_inodes.c
@@ -176,6 +176,7 @@ struct file *anon_inode_getfile_secure(const char *name,
return __anon_inode_getfile(name, fops, priv, flags,
context_inode, true);
}
+EXPORT_SYMBOL_GPL(anon_inode_getfile_secure);
static int __anon_inode_getfd(const char *name,
const struct file_operations *fops,
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index 78928ebd1bff..4d74b66cfbf7 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -378,8 +378,8 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags)
goto err_fd;
}
- file = anon_inode_getfile(anon_name, &kvm_gmem_fops, gmem,
- O_RDWR);
+ file = anon_inode_getfile_secure(anon_name, &kvm_gmem_fops, gmem,
+ O_RDWR, NULL);
if (IS_ERR(file)) {
err = PTR_ERR(file);
goto err_gmem;
--
2.25.1
Powered by blists - more mailing lists