From patchwork Fri Jul 14 22:45:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Torokhov X-Patchwork-Id: 120701 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:6358:6406:b0:135:48c7:ea9a with SMTP id f6csp3930135rwh; Fri, 14 Jul 2023 16:09:20 -0700 (PDT) X-Google-Smtp-Source: APBJJlGVutGTrkpGyI8jdT2K107icZe1SU2cbEcPZ1q0IDgVwbo8ZXtvB6+fuTrz8kvq/BmJfM4l X-Received: by 2002:a05:6a00:170b:b0:668:6eed:7c0f with SMTP id h11-20020a056a00170b00b006686eed7c0fmr6149955pfc.12.1689376160561; Fri, 14 Jul 2023 16:09:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689376160; cv=none; d=google.com; s=arc-20160816; b=PR3acGzrWP/3lWNvRb9TP50RW4t1MMuwd2XmXR7h4rK7NV+eVoGEOwoGBrI1Mk9G7c yZncCeNIBHSdeVvF5EJAGQU8fbPdpuESX39fLWahxi6hy8nIAPzyoRbv1VQhfr0TmSH9 PBkLsjmqk+It1zoINvQAhgOkRBzYPWPjd/wQlApouu2YOEol9bMBwXGWx36LieThpAkv 5fTifEBVjEssJzMWF/CtrPDGb0c1rkVQdSSjNOjbMeGksnxtM72W9nO52PkDvDKHeqbb zRVV7fc/xCIwty82rKeuIyZqK+1467RgrNMP6S2hV972aVHX/cioQ0ZRY7YL99DuIsUc XTtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Rt6PphGaSWp2+mm0gUhqAdDTRb1FCdl8+rMRxrEr5H4=; fh=YDBWfEmoIWBJqduqk1+DwoXYTUpGwt0G715fJNJcwh4=; b=0wE4GPbF1UtlUElQJZNNXkHGHM3kvauJISAPfxb8e6a8qZqSCsTWTLyw2lbmV8asqi ML75Cwi2MZaHdxSJEMJxyxmC323/jI3fE86O3Mp7UkrG/8Lr6FWDi0SoclV4Uee0idYM 9pS1gCIM4QeMJOzQhFNO8gYEWaz/taX/ItsHzEYudH4KN9q/L5ZQJ4V4Kfnvhs/WzzGm CTDNyw2ng+XksEk1mSlvx44G6IjauGM2uNCI06GS7debak66x1xysmHckInWb3O4lgFu UG/tNX1gtkUtsX2WT7nEQfQufYkuJFNOXesg0ifn1hYeX8CywwKkRFsTjinX8Of5Zvvc 2ZZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=qeXTqgmp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u5-20020a6540c5000000b005348b4f79f1si7648685pgp.345.2023.07.14.16.09.08; Fri, 14 Jul 2023 16:09:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=qeXTqgmp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230038AbjGNWps (ORCPT + 99 others); Fri, 14 Jul 2023 18:45:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229879AbjGNWpp (ORCPT ); Fri, 14 Jul 2023 18:45:45 -0400 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2162C30FD; Fri, 14 Jul 2023 15:45:44 -0700 (PDT) Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6687466137bso1683694b3a.0; Fri, 14 Jul 2023 15:45:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689374743; x=1691966743; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Rt6PphGaSWp2+mm0gUhqAdDTRb1FCdl8+rMRxrEr5H4=; b=qeXTqgmpFTwkVy7IzpfccXoIuiWbJ+4Kj3ma4pXJvymox8TVb4aGcn+KOlAktvNMpS SS9fQggp18ftKGAA0c/s1oxcBq0AfhgzY4K/iWmz/cRpX7nEuOCBEbdS1RMUx0DEYGSD f6EutV7cd4XrwJAY+oDY/oUyUQuPraGXdlBun1/8cHhX4JiHv9ijqzIcdevq08yfxZGh 9sFqq9A8F98lZ5hTCUXO17abPfcb5KMtfXvz2lOrV2UoUTgvJ9r4YKFImjDZgFOBsv2v YoZ50gE8Acv1vQAWXPszif7967EejGuJBEbD4BTygV5435Lw+wHSpNjTSQ1uAHqY1Kf8 o+6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689374743; x=1691966743; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Rt6PphGaSWp2+mm0gUhqAdDTRb1FCdl8+rMRxrEr5H4=; b=U9pLRldbdX/8vu7SCOs4nv7Nv2hOcGvXQdjuN9Bcf5HKdQvG9vzzkaxsJpNCOpMcjN QOXnSFG8+d96+Co9SSA/C0w4u9wTzTjcg5iFiC9y/cFFPmR3b5WUqpPUHQ4XpsHNJvvZ 9nVK1P67JKEb91Nren7/G0zH0JbgPUN1fb89cm/fz9pCWIvwhZlUp9hHeenJLAR5b5TV p0RYTNDZJwrSrIt3xMwrwjgt1xBu5k4R01oOge7zjk7Y0VpO5wEVAkBgS+51INojYqGe wF99xplWFAZHChg8weJKw7PkV4jGZk/Yt3q/psztRPnwbHFgqbVnxJ9mlhxsOKUNygE/ b/GA== X-Gm-Message-State: ABy/qLY6LjURe45Gg0OG0K3TL+AB22JGaU/UH5th1620gO6q923gjUHC TfbrcPm1/6IKmoUQn2SY4RVUxiZ98+U= X-Received: by 2002:a05:6a20:12cd:b0:133:5110:344c with SMTP id v13-20020a056a2012cd00b001335110344cmr5429857pzg.8.1689374742554; Fri, 14 Jul 2023 15:45:42 -0700 (PDT) Received: from dtor-ws.mtv.corp.google.com ([2620:15c:9d:2:fe13:1555:c84f:8fa3]) by smtp.gmail.com with ESMTPSA id jm23-20020a17090304d700b001b9de2b905asm8246120plb.231.2023.07.14.15.45.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Jul 2023 15:45:42 -0700 (PDT) From: Dmitry Torokhov To: Paolo Bonzini Cc: Alex Williamson , Greg KH , Sean Christopherson , Roxana Bradescu , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 1/2] kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add() Date: Fri, 14 Jul 2023 15:45:32 -0700 Message-ID: <20230714224538.404793-1-dmitry.torokhov@gmail.com> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771422989308441249 X-GMAIL-MSGID: 1771439297126941637 kvm_vfio_group_add() creates kvg instance, links it to kv->group_list, and calls kvm_vfio_file_set_kvm() with kvg->file as an argument after dropping kv->lock. If we race group addition and deletion calls, kvg instance may get freed by the time we get around to calling kvm_vfio_file_set_kvm(). Previous iterations of the code did not reference kvg->file outside of the critical section, but used a temporary variable. Still, they had similar problem of the file reference being owned by kvg structure and potential for kvm_vfio_group_del() dropping it before kvm_vfio_group_add() had a chance to complete. Fix this by moving call to kvm_vfio_file_set_kvm() under the protection of kv->lock. We already call it while holding the same lock when vfio group is being deleted, so it should be safe here as well. Fixes: 2fc1bec15883 ("kvm: set/clear kvm to/from vfio_group when group add/delete") Reviewed-by: Alex Williamson Signed-off-by: Dmitry Torokhov Reviewed-by: Kevin Tian --- v3: added Alex's reviewed-by v2: updated commit description with the correct "Fixes" tag (per Alex), expanded commit description to mention issues with the earlier implementation of kvm_vfio_group_add(). virt/kvm/vfio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/vfio.c b/virt/kvm/vfio.c index 9584eb57e0ed..cd46d7ef98d6 100644 --- a/virt/kvm/vfio.c +++ b/virt/kvm/vfio.c @@ -179,10 +179,10 @@ static int kvm_vfio_group_add(struct kvm_device *dev, unsigned int fd) list_add_tail(&kvg->node, &kv->group_list); kvm_arch_start_assignment(dev->kvm); + kvm_vfio_file_set_kvm(kvg->file, dev->kvm); mutex_unlock(&kv->lock); - kvm_vfio_file_set_kvm(kvg->file, dev->kvm); kvm_vfio_update_coherency(dev); return 0;