On 5/18/21 5:30 AM, Christian Borntraeger wrote:
On 17.05.21 21:10, Halil Pasic wrote:
On Mon, 17 May 2021 09:37:42 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:
Because of this, I don't think the rest of your argument is valid.
Okay, so your concern is that between the point in time the
vcpu->kvm->arch.crypto.pqap_hook pointer is checked in
priv.c and the point in time the handle_pqap() function
in vfio_ap_ops.c is called, the memory allocated for the
matrix_mdev containing the struct kvm_s390_module_hook
may get freed, thus rendering the function pointer invalid.
While not impossible, that seems extremely unlikely to
happen. Can you articulate a scenario where that could
Malicious userspace. We tend to do the pqap aqic just once
in the guest right after the queue is detected. I do agree
it ain't very likely to happen during normal operation. But why are
Would it help, if the code in priv.c would read the hook once
and then only work on the copy? We could protect that with rcu
and do a synchronize rcu in vfio_ap_mdev_unset_kvm after
unsetting the pointer?
I'll look into this.