Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/806365/?format=api
{ "id": 806365, "url": "http://patchwork.ozlabs.org/api/patches/806365/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20170828044228.GB12629@fergus.ozlabs.ibm.com/", "project": { "id": 2, "url": "http://patchwork.ozlabs.org/api/projects/2/?format=api", "name": "Linux PPC development", "link_name": "linuxppc-dev", "list_id": "linuxppc-dev.lists.ozlabs.org", "list_email": "linuxppc-dev@lists.ozlabs.org", "web_url": "https://github.com/linuxppc/wiki/wiki", "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git", "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/", "list_archive_url_format": "https://lore.kernel.org/linuxppc-dev/{}/", "commit_url_format": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}" }, "msgid": "<20170828044228.GB12629@fergus.ozlabs.ibm.com>", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/20170828044228.GB12629@fergus.ozlabs.ibm.com/", "date": "2017-08-28T04:42:29", "name": "KVM: PPC: Book3S HV: Protect updates to spapr_tce_tables list", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "5724e7c23e933f12e8c8489c2119479f3e305432", "submitter": { "id": 67079, "url": "http://patchwork.ozlabs.org/api/people/67079/?format=api", "name": "Paul Mackerras", "email": "paulus@ozlabs.org" }, "delegate": { "id": 13, "url": "http://patchwork.ozlabs.org/api/users/13/?format=api", "username": "paulus", "first_name": "Paul", "last_name": "Mackerras", "email": "paulus@samba.org" }, "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20170828044228.GB12629@fergus.ozlabs.ibm.com/mbox/", "series": [ { "id": 71, "url": "http://patchwork.ozlabs.org/api/series/71/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=71", "date": "2017-08-28T04:42:29", "name": "KVM: PPC: Book3S HV: Protect updates to spapr_tce_tables list", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/71/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/806365/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/806365/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "patchwork-incoming@ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Delivered-To": [ "patchwork-incoming@ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xgfLC6JWMz9s9Y\n\tfor <patchwork-incoming@ozlabs.org>;\n\tMon, 28 Aug 2017 14:44:03 +1000 (AEST)", "from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3xgfLC546BzDqYR\n\tfor <patchwork-incoming@ozlabs.org>;\n\tMon, 28 Aug 2017 14:44:03 +1000 (AEST)", "from ozlabs.org (ozlabs.org [IPv6:2401:3900:2:1::2])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3xgfJR6x6MzDq8f\n\tfor <linuxppc-dev@lists.ozlabs.org>;\n\tMon, 28 Aug 2017 14:42:31 +1000 (AEST)", "by ozlabs.org (Postfix, from userid 1003)\n\tid 3xgfJR5fNNz9s9Y; Mon, 28 Aug 2017 14:42:31 +1000 (AEST)" ], "Authentication-Results": [ "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tsecure) header.d=ozlabs.org header.i=@ozlabs.org header.b=\"KN0uFsws\";\n\tdkim-atps=neutral", "lists.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tsecure) header.d=ozlabs.org header.i=@ozlabs.org header.b=\"KN0uFsws\";\n\tdkim-atps=neutral", "lists.ozlabs.org; dkim=pass (2048-bit key;\n\tsecure) header.d=ozlabs.org header.i=@ozlabs.org header.b=\"KN0uFsws\"; \n\tdkim-atps=neutral" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=ozlabs.org; s=201707; \n\tt=1503895351; bh=9xLWyDRG3Wc7dvWeZgiUXrBcfjL8HhlSwnm4XWw43i8=;\n\th=Date:From:To:Cc:Subject:From;\n\tb=KN0uFswsSiVGvmfRqi9cv3Vy3d+uud+W0N9eb1ig/ahdTu0ZltQO7c/8rVyV+9GQg\n\t9pPnkFkSjmYLxc206dZ1dJux5+Zz0woQh501W3rB7lsT/8suQHQ6xfbtXcsolrjryN\n\tJX3u1lDg+RinF5eRIQOalPnL3rbiKtX14F81u2bkRYlYyZG576NjigLuQoi27Jng+B\n\tEjrJutFf5aoChQL5wximirtYAEsN/oypWjSXI0SNepTra1GaXPgfGRF9eEuOgj6gCg\n\tc0KXXVe8HJup1bikRw2TJss+CBkJLs5Mw7cvSSygLJMB3SZpbcyMdbHqZcjbaQv0HN\n\tSKdnSWtjUkhBw==", "Date": "Mon, 28 Aug 2017 14:42:29 +1000", "From": "Paul Mackerras <paulus@ozlabs.org>", "To": "kvm-ppc@vger.kernel.org, kvm@vger.kernel.org,\n\tlinuxppc-dev@lists.ozlabs.org", "Subject": "[PATCH] KVM: PPC: Book3S HV: Protect updates to spapr_tce_tables\n\tlist", "Message-ID": "<20170828044228.GB12629@fergus.ozlabs.ibm.com>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=us-ascii", "Content-Disposition": "inline", "User-Agent": "Mutt/1.5.24 (2015-08-30)", "X-BeenThere": "linuxppc-dev@lists.ozlabs.org", "X-Mailman-Version": "2.1.23", "Precedence": "list", "List-Id": "Linux on PowerPC Developers Mail List\n\t<linuxppc-dev.lists.ozlabs.org>", "List-Unsubscribe": "<https://lists.ozlabs.org/options/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>", "List-Archive": "<http://lists.ozlabs.org/pipermail/linuxppc-dev/>", "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>", "List-Help": "<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>", "List-Subscribe": "<https://lists.ozlabs.org/listinfo/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>", "Cc": "David Gibson <david@gibson.dropbear.id.au>,\n\tnixiaoming <nixiaoming@huawei.com>, Al Viro <viro@ZenIV.linux.org.uk>,\n\tDavid Hildenbrand <david@redhat.com>", "Errors-To": "linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org", "Sender": "\"Linuxppc-dev\"\n\t<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>" }, "content": "Al Viro pointed out that while one thread of a process is executing\nin kvm_vm_ioctl_create_spapr_tce(), another thread could guess the\nfile descriptor returned by anon_inode_getfd() and close() it before\nthe first thread has added it to the kvm->arch.spapr_tce_tables list.\nThat highlights a more general problem: there is no mutual exclusion\nbetween writers to the spapr_tce_tables list, leading to the\npossibility of the list becoming corrupted, which could cause a\nhost kernel crash.\n\nTo fix the mutual exclusion problem, we add a mutex_lock/unlock\npair around the list_del_rce in kvm_spapr_tce_release(). Also,\nthis moves the call to anon_inode_getfd() inside the region\nprotected by the kvm->lock mutex, after we have done the check for\na duplicate LIOBN. This means that if another thread does guess the\nfile descriptor and closes it, its call to kvm_spapr_tce_release()\nwill not do any harm because it will have to wait until the first\nthread has released kvm->lock.\n\nThe other things that the second thread could do with the guessed\nfile descriptor are to mmap it or to pass it as a parameter to a\nKVM_DEV_VFIO_GROUP_SET_SPAPR_TCE ioctl on a KVM device fd. An mmap\ncall won't cause any harm because kvm_spapr_tce_mmap() and\nkvm_spapr_tce_fault() don't access the spapr_tce_tables list or\nthe kvmppc_spapr_tce_table.list field, and the fields that they do use\nhave been properly initialized by the time of the anon_inode_getfd()\ncall.\n\nThe KVM_DEV_VFIO_GROUP_SET_SPAPR_TCE ioctl calls\nkvm_spapr_tce_attach_iommu_group(), which scans the spapr_tce_tables\nlist looking for the kvmppc_spapr_tce_table struct corresponding to\nthe fd given as the parameter. Either it will find the new entry\nor it won't; if it doesn't, it just returns an error, and if it\ndoes, it will function normally. So, in each case there is no\nharmful effect.\n\nSigned-off-by: Paul Mackerras <paulus@ozlabs.org>\n---\n arch/powerpc/kvm/book3s_64_vio.c | 21 ++++++++++-----------\n 1 file changed, 10 insertions(+), 11 deletions(-)", "diff": "diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c\nindex 53766e2..8f2da8b 100644\n--- a/arch/powerpc/kvm/book3s_64_vio.c\n+++ b/arch/powerpc/kvm/book3s_64_vio.c\n@@ -265,8 +265,11 @@ static int kvm_spapr_tce_release(struct inode *inode, struct file *filp)\n {\n \tstruct kvmppc_spapr_tce_table *stt = filp->private_data;\n \tstruct kvmppc_spapr_tce_iommu_table *stit, *tmp;\n+\tstruct kvm *kvm = stt->kvm;\n \n+\tmutex_lock(&kvm->lock);\n \tlist_del_rcu(&stt->list);\n+\tmutex_unlock(&kvm->lock);\n \n \tlist_for_each_entry_safe(stit, tmp, &stt->iommu_tables, next) {\n \t\tWARN_ON(!kref_read(&stit->kref));\n@@ -298,7 +301,6 @@ long kvm_vm_ioctl_create_spapr_tce(struct kvm *kvm,\n \tunsigned long npages, size;\n \tint ret = -ENOMEM;\n \tint i;\n-\tint fd = -1;\n \n \tif (!args->size)\n \t\treturn -EINVAL;\n@@ -328,11 +330,6 @@ long kvm_vm_ioctl_create_spapr_tce(struct kvm *kvm,\n \t\t\tgoto fail;\n \t}\n \n-\tret = fd = anon_inode_getfd(\"kvm-spapr-tce\", &kvm_spapr_tce_fops,\n-\t\t\t\t stt, O_RDWR | O_CLOEXEC);\n-\tif (ret < 0)\n-\t\tgoto fail;\n-\n \tmutex_lock(&kvm->lock);\n \n \t/* Check this LIOBN hasn't been previously allocated */\n@@ -344,17 +341,19 @@ long kvm_vm_ioctl_create_spapr_tce(struct kvm *kvm,\n \t\t}\n \t}\n \n-\tif (!ret) {\n+\tif (!ret)\n+\t\tret = anon_inode_getfd(\"kvm-spapr-tce\", &kvm_spapr_tce_fops,\n+\t\t\t\t stt, O_RDWR | O_CLOEXEC);\n+\n+\tif (ret >= 0) {\n \t\tlist_add_rcu(&stt->list, &kvm->arch.spapr_tce_tables);\n \t\tkvm_get_kvm(kvm);\n \t}\n \n \tmutex_unlock(&kvm->lock);\n \n-\tif (!ret)\n-\t\treturn fd;\n-\n-\tput_unused_fd(fd);\n+\tif (ret >= 0)\n+\t\treturn ret;\n \n fail:\n \tfor (i = 0; i < npages; i++)\n", "prefixes": [] }