RE: [PATCH really v2] KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24.08.2017 11:14, Paul Mackerras wrote:
> Nixiaoming pointed out that there is a memory leak in
> kvm_vm_ioctl_create_spapr_tce() if the call to anon_inode_getfd() 
> fails; the memory allocated for the kvmppc_spapr_tce_table struct is 
> not freed, and nor are the pages allocated for the iommu tables.  In 
> addition, we have already incremented the process's count of locked 
> memory pages, and this doesn't get restored on error.
> 
> David Hildenbrand pointed out that there is a race in that the 
> function checks early on that there is not already an entry in the
> stt->iommu_tables list with the same LIOBN, but an entry with the
> same LIOBN could get added between then and when the new entry is 
> added to the list.
> 
> This fixes all three problems.  To simplify things, we now call
> anon_inode_getfd() before placing the new entry in the list.  The 
> check for an existing entry is done while holding the kvm->lock mutex, 
> immediately before adding the new entry to the list.
> Finally, on failure we now call kvmppc_account_memlimit to decrement 
> the process's count of locked memory pages.
> 
> Reported-by: Nixiaoming <nixiaoming@xxxxxxxxxx>
> Reported-by: David Hildenbrand <david@xxxxxxxxxx>
> Signed-off-by: Paul Mackerras <paulus@xxxxxxxxxx>
> ---
> v2: Don't overwrite stt in loop over spapr_tce_tables
> 

Reviewed-by: nixiaoming  <nixiaoming@xxxxxxxxxx>



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux