Re: kvm: use-after-free in srcu_reschedule

From: Paolo Bonzini
Date: Mon Mar 27 2017 - 11:06:02 EST

Next message: Tony Lindgren: "Re: [PATCHv2] phy: cpcap-usb: Add CPCAP PMIC USB support"
Previous message: Benjamin Tissoires: "[PATCH v3 12/19] HID: logitech-hidpp: return an error if the queried feature is not present"
In reply to: Dmitry Vyukov: "kvm: use-after-free in srcu_reschedule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27/03/2017 16:46, Dmitry Vyukov wrote:
>
> Paul McKenney writes:
>
> ===
> Hmmm... I am not seeing a call to cleanup_srcu_struct() for the
> ->track_srcu field of the kvm_page_track_notifier_head structure.
> Or is this structure immortal, so that it is never cleaned up?
> Or am I just blind this morning?
>
> In any case, freeing the kvm_page_track_notifier_head structure
> without first invoking cleanup_srcu_struct() on its ->track_srcu
> srcu_struct field could easily result in a use-after-free bug.
> ===
>
> I also don't see cleanup of page track srcu.

Thanks, will take a look and fix.

Paolo

Next message: Tony Lindgren: "Re: [PATCHv2] phy: cpcap-usb: Add CPCAP PMIC USB support"
Previous message: Benjamin Tissoires: "[PATCH v3 12/19] HID: logitech-hidpp: return an error if the queried feature is not present"
In reply to: Dmitry Vyukov: "kvm: use-after-free in srcu_reschedule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]