On Wed, Mar 18, 2020 at 06:43:24PM +0100, Greg Kurz wrote: > Recent cleanup from Sean Christopherson introduced a use-after-free > condition that crashes the kernel when shutting down the VM with > PR KVM. It went unnoticed so far because PR isn't tested/used much > these days (mostly used for nested on POWER8, not supported on POWER9 > where HV should be used for nested), and other KVM implementations for > ppc are unaffected. > > This all boils down to the fact that the path that frees the per-vCPU > MMU data goes through a complex set of indirections. This obfuscates > the code to the point that we didn't realize that the MMU data was > now being freed too early. And worse, most of the indirection isn't > needed because only PR KVM has some MMU data to free when the vCPU is > destroyed. > > Fix the issue (patch 1) and simplify the code (patch 2 and 3). I have put this series in my kvm-ppc-next branch, and I believe Michael Ellerman is putting patch 1 in his fixes branch so it gets into 5.6. Thanks, Paul.
