From patchwork Wed Oct 18 20:46:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 155146 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp5057822vqb; Wed, 18 Oct 2023 13:47:07 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHDGPn0etKjJsO+mAE5ttEuG5wqy374VVeguKF04Cqx3TmW71eyOa3QTZbSz6mkG5fvEvly X-Received: by 2002:a05:6359:610a:b0:13c:f631:bed with SMTP id rz10-20020a056359610a00b0013cf6310bedmr92014rwb.32.1697662026777; Wed, 18 Oct 2023 13:47:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697662026; cv=none; d=google.com; s=arc-20160816; b=uPBlK80TO84M3DDcJMD0vTPYVd3n6D5ZBSfEKZKwboCsfUA1uN3oRJV5LKNnzOxnTg XYkSsPnTzpqcXQDCo2O1/HDv6/I2CMhff3L0ZW0f2NvoITtBTNmNUBwZlM4G/QWi01ap W3jChRtfs6zIqWBpmolPbqJUhNgpiCl5gW6XfXF/ctHCchkXKdbQIKvfAYEYXiAnaloI 21f+7xqhR8dVg9Ub1sqFYSALlorxeXZJjDZ3CGPoCAJDg5rdGXIaOZqX5wstMqA5kd6A hFPMY2LH8A+6qNZVhFw06B739s7NTO79Wwd/plSIwo5EjZxnAFnEQCHFPv+06xGc5+sS KX5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=AxQtUaL497jm8Kvv+JzkijCCW6oqSLgiPCMTJq7eWjY=; fh=S++QvovuovGo8dWglP3zfPiw3tBjpuKi+q/HqjmYx30=; b=vRf0I+JV6xpu8q4+vgpA/8w6Hgc1hTYCmDWxU5ryolBe8YS6AyLhLqiQkxtk0gL+Vl +xCQmk4InKrsOlEOeGGH5hTsWatRWod1A2A97z72f5e3Odwra9ISpZ+SnvPOr1A4eTs5 tD028HHjhL0E+6s5rsENOEKCRlhA0jclO+szIQhTqGGVKlWqWhhL0pcPlrHEWSW950tA 8UpBqH1N7N32EAigqOcs3l1+wTmgV/gsQbNN5NEi9shyi/X8ytSToCIatDDZibDb4sM5 k15qp5DyFOqkkf3R0fovogsxpd73ta9YGecU8I7pebQA+3kCcqQ95aEucUDyaiExvWk5 EAWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qHUULQsS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id 184-20020a6300c1000000b0057942bfab4dsi2902988pga.395.2023.10.18.13.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 13:47:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qHUULQsS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id E1F4681D2AE9; Wed, 18 Oct 2023 13:47:05 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232560AbjJRUqs (ORCPT + 24 others); Wed, 18 Oct 2023 16:46:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232262AbjJRUqj (ORCPT ); Wed, 18 Oct 2023 16:46:39 -0400 Received: from mail-oi1-x249.google.com (mail-oi1-x249.google.com [IPv6:2607:f8b0:4864:20::249]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 601DDFA for ; Wed, 18 Oct 2023 13:46:37 -0700 (PDT) Received: by mail-oi1-x249.google.com with SMTP id 5614622812f47-3af6a12b2a8so12070975b6e.1 for ; Wed, 18 Oct 2023 13:46:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697661996; x=1698266796; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=AxQtUaL497jm8Kvv+JzkijCCW6oqSLgiPCMTJq7eWjY=; b=qHUULQsSo3Ub018clPnEeoGy1KFO9nj/b12yYOWutZRQBYALkbLj/B2C+oF0XuLbcR NLeJjUPJAz0tFXBku3c22stWEspn5R2O4ncJx0EvYY7DolE9X5pB3I+LJWgZcuLKloqt PiT7noNmG96kEbTH0XsmnICSTFzgyoRdU1F3MhtJe4koukZUBoikGDcr1D+WJX1mmb2h 73HmsFByuSSZnPR6AQQdzUeqpc7x54czTNbpa5Zk9BjWN8+l3z/jO9xXwPI60qqAp8OW +Yqed/Fmzo0XRFg1nG4AVH8v3UiV6MTSiMx+oZ36n8hhz7F7kVQ28Wwvk+5en1RPGiGn IkHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697661996; x=1698266796; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AxQtUaL497jm8Kvv+JzkijCCW6oqSLgiPCMTJq7eWjY=; b=AMUD6a3OWq71IRP4ruauqs7Ta93yENCBa5F9XLCZ5qxAVfOEFmoTap2wI4MUJUGJd0 g+p9WJGN5I6FgF+pRirOrgVrnrRmaaAgIDYGB7lpwelzvFmNId3aunPUi/Rk5lZVL3Db ulz+/geyVMi8gsK9C8wWYQoBpL6jCBWwxCA9Xz/1U3JsqholUF270zKHj38bAL6njz3A RZ0yUZ5Ye6pvmxCBV8sB7FGpaR0/Li5+9cJmGcvzmoAvGL44Ths4SXeQ8NuBitDXEEb/ fFtrclHatyqLRbzKWCiO2JbKiBaHI5g2K8AswNaViykYtWccPJWcoAjrvrqFCjo/XW+0 JdOg== X-Gm-Message-State: AOJu0YxJ7rCjDG2yezmqOa5qDjmXGJA5LjKyuSlr6s7RC4o5Xe0ucfRB O+jODfvskNLnmfjN1mDHS8JDXFp5hII= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6808:1884:b0:3a9:d030:5023 with SMTP id bi4-20020a056808188400b003a9d0305023mr94020oib.3.1697661996735; Wed, 18 Oct 2023 13:46:36 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 18 Oct 2023 13:46:24 -0700 In-Reply-To: <20231018204624.1905300-1-seanjc@google.com> Mime-Version: 1.0 References: <20231018204624.1905300-1-seanjc@google.com> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog Message-ID: <20231018204624.1905300-4-seanjc@google.com> Subject: [PATCH 3/3] Revert "KVM: Prevent module exit until all VMs are freed" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Al Viro , David Matlack X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 18 Oct 2023 13:47:05 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780127657304913893 X-GMAIL-MSGID: 1780127657304913893 Revert KVM's misguided attempt to "fix" a use-after-module-unload bug that was actually due to failure to flush a workqueue, not a lack of module refcounting. Pinning the KVM module until kvm_vm_destroy() doesn't prevent use-after-free due to the module being unloaded, as userspace can invoke delete_module() the instant the last reference to KVM is put, i.e. can cause all KVM code to be unmapped while KVM is actively executing said code. Generally speaking, the many instances of module_put(THIS_MODULE) notwithstanding, outside of a few special paths, a module can never safely put the last reference to itself without creating deadlock, i.e. something external to the module *must* put the last reference. In other words, having VMs grab a reference to the KVM module is futile, pointless, and as evidenced by the now-reverted commit 70375c2d8fa3 ("Revert "KVM: set owner of cpu and vm file operations""), actively dangerous. This reverts commit 405294f29faee5de8c10cb9d4a90e229c2835279 and commit 5f6de5cbebee925a612856fce6f9182bb3eee0db. Fixes: 405294f29fae ("KVM: Unconditionally get a ref to /dev/kvm module when creating a VM") Fixes: 5f6de5cbebee ("KVM: Prevent module exit until all VMs are freed") Signed-off-by: Sean Christopherson --- virt/kvm/kvm_main.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 1e65a506985f..3b1b9e8dd70c 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -115,8 +115,6 @@ EXPORT_SYMBOL_GPL(kvm_debugfs_dir); static const struct file_operations stat_fops_per_vm; -static struct file_operations kvm_chardev_ops; - static long kvm_vcpu_ioctl(struct file *file, unsigned int ioctl, unsigned long arg); #ifdef CONFIG_KVM_COMPAT @@ -1157,9 +1155,6 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) if (!kvm) return ERR_PTR(-ENOMEM); - /* KVM is pinned via open("/dev/kvm"), the fd passed to this ioctl(). */ - __module_get(kvm_chardev_ops.owner); - KVM_MMU_LOCK_INIT(kvm); mmgrab(current->mm); kvm->mm = current->mm; @@ -1279,7 +1274,6 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) out_err_no_srcu: kvm_arch_free_vm(kvm); mmdrop(current->mm); - module_put(kvm_chardev_ops.owner); return ERR_PTR(r); } @@ -1348,7 +1342,6 @@ static void kvm_destroy_vm(struct kvm *kvm) preempt_notifier_dec(); hardware_disable_all(); mmdrop(mm); - module_put(kvm_chardev_ops.owner); } void kvm_get_kvm(struct kvm *kvm)