Re: [PATCH gmem FIXUP] kvm: guestmem: do not use a file system

From: Al Viro
Date: Mon Oct 09 2023 - 20:38:16 EST

Next message: Philip Li: "Re: arch/alpha/mm/init.c:265:1: error: no previous prototype for 'srm_paging_stop'"
Previous message: Maciej Żenczykowski: "Re: [PATCH 2/2] usb: gadget: ncm: Add support to update wMaxSegmentSize via configfs"
In reply to: Sean Christopherson: "Re: [PATCH gmem FIXUP] kvm: guestmem: do not use a file system"
Next in thread: Sean Christopherson: "Re: [PATCH gmem FIXUP] kvm: guestmem: do not use a file system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 09, 2023 at 05:27:04PM -0700, Sean Christopherson wrote:

> If the last reference is effectively held by guest_memfd, it would be:
>
> kvm_gmem_release(), a.k.a. file_operations.release()
> |
> -> kvm_put_kvm()
> |
> -> kvm_destroy_vm()
> |
> -> module_put(kvm_chardev_ops.owner);

... and now your thread gets preempted and loses CPU; before you get
it back, some joker calls delete_module(), and page of code containing
kvm_gmem_release() is unmapped. Even though an address within that
page is stored as return address in a frame on your thread's stack.
That thread gets the timeslice again and proceeds to return into
unmapped page. Oops...

Next message: Philip Li: "Re: arch/alpha/mm/init.c:265:1: error: no previous prototype for 'srm_paging_stop'"
Previous message: Maciej Żenczykowski: "Re: [PATCH 2/2] usb: gadget: ncm: Add support to update wMaxSegmentSize via configfs"
In reply to: Sean Christopherson: "Re: [PATCH gmem FIXUP] kvm: guestmem: do not use a file system"
Next in thread: Sean Christopherson: "Re: [PATCH gmem FIXUP] kvm: guestmem: do not use a file system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]