Re: [KVM PATCH v3 2/2] kvm: add support for irqfd viaeventfd-notification interface

From: Al Viro
Date: Sun May 03 2009 - 02:44:55 EST

Next message: H. Peter Anvin: "Re: Specific support for Intel Atom architecture"
Previous message: Lars Ellenberg: "Re: [PATCH 02/16] DRBD: lru_cache"
Next in thread: Davide Libenzi: "Re: [KVM PATCH v3 2/2] kvm: add support for irqfd via eventfd-notificationinterface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 27, 2009 at 02:33:34PM -0400, Gregory Haskins wrote:
> + /* We re-use eventfd for irqfd */
> + fd = sys_eventfd2(0, 0);
> + if (fd < 0) {
> + ret = fd;
> + goto fail;
> + }
> +
> + /* We maintain a reference to eventfd for the irqfd lifetime */
> + file = eventfd_fget(fd);
> + if (IS_ERR(file)) {
> + ret = PTR_ERR(file);
> + goto fail;
> + }
> +
> + irqfd->file = file;

This is just plain wrong. You have no promise whatsoever that caller of
that sucker won't race with e.g. dup2(). IOW, you can't assume that
file will be of the expected kind.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: H. Peter Anvin: "Re: Specific support for Intel Atom architecture"
Previous message: Lars Ellenberg: "Re: [PATCH 02/16] DRBD: lru_cache"
Next in thread: Davide Libenzi: "Re: [KVM PATCH v3 2/2] kvm: add support for irqfd via eventfd-notificationinterface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]