lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 11 Mar 2024 15:23:58 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: Async #PF changes for 6.9

On 3/8/24 23:36, Sean Christopherson wrote:
> Fix a long-standing bug in the async #PF code where KVM code could be left
> running in a workqueue even after all *external* references to KVM-the-module
> have been put, and a few minor cleanups on top.
> 
> The following changes since commit 41bccc98fb7931d63d03f326a746ac4d429c1dd3:
> 
>    Linux 6.8-rc2 (2024-01-28 17:01:12 -0800)
> 
> are available in the Git repository at:
> 
>    https://github.com/kvm-x86/linux.git tags/kvm-x86-asyncpf-6.9
> 
> for you to fetch changes up to c2744ed2230a92636f04cde48f2f7d8d3486e194:
> 
>    KVM: Nullify async #PF worker's "apf" pointer as soon as it might be freed (2024-02-06 11:04:58 -0800)
> 
> ----------------------------------------------------------------
> KVM async page fault changes for 6.9:
> 
>   - Always flush the async page fault workqueue when a work item is being
>     removed, especially during vCPU destruction, to ensure that there are no
>     workers running in KVM code when all references to KVM-the-module are gone,
>     i.e. to prevent a use-after-free if kvm.ko is unloaded.
> 
>   - Grab a reference to the VM's mm_struct in the async #PF worker itself instead
>     of gifting the worker a reference, e.g. so that there's no need to remember
>     to *conditionally* clean up after the worker.
> 
> ----------------------------------------------------------------

Pulled, thanks.

Paolo

> Sean Christopherson (4):
>        KVM: Always flush async #PF workqueue when vCPU is being destroyed
>        KVM: Put mm immediately after async #PF worker completes remote gup()
>        KVM: Get reference to VM's address space in the async #PF worker
>        KVM: Nullify async #PF worker's "apf" pointer as soon as it might be freed
> 
>   include/linux/kvm_host.h |  1 -
>   virt/kvm/async_pf.c      | 73 ++++++++++++++++++++++++++++++++----------------
>   2 files changed, 49 insertions(+), 25 deletions(-)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ