On 2018.08.22 20:20:46 +0200, Paolo Bonzini wrote: > On 22/08/2018 18:44, Linus Torvalds wrote: > > An example of something that *isn't* right, is the i915 kvm interface, > > which does > > > > use_mm(kvm->mm); > > > > on an mm that was initialized in virt/kvm/kvm_main.c using > > > > mmgrab(current->mm); > > kvm->mm = current->mm; > > > > which is *not* right. Using "mmgrab()" does indeed guarantee the > > lifetime of the 'struct mm_struct' itself, but it does *not* guarantee > > the lifetime of the page tables. You need to use "mmget()" and > > "mmput()", which get the reference to the actual process address > > space! > > > > Now, it is *possible* that the kvm use is correct too, because kvm > > does register a mmu_notifier chain, and in theory you can avoid the > > proper refcounting by just making sure the mmu "release" notifier > > kills any existing uses, but I don't really see kvm doing that. Kvm > > does register a release notifier, but that just flushes the shadow > > page tables, it doesn't kill any use_mm() use by some i915 use case. > > Yes, KVM is correct but the i915 bits are at least fishy. It's probably > as simple as adding a mmget/mmput pair respectively in kvmgt_guest_init > and kvmgt_guest_exit, or maybe mmget_not_zero. > yeah, that's the clear way to fix this imo. We only depend on guest life cycle to access guest memory properly. Here's proposed fix, will verify and integrate it later. Thanks!
