On Mon, Aug 28, 2017 at 06:28:08AM +0100, Al Viro wrote: > On Mon, Aug 28, 2017 at 02:38:37PM +1000, Paul Mackerras wrote: > > On Sun, Aug 27, 2017 at 10:02:20PM +0100, Al Viro wrote: > > > On Wed, Aug 23, 2017 at 04:06:24PM +1000, Paul Mackerras wrote: > > > > > > > It seems to me that it would be better to do the anon_inode_getfd() > > > > call before the kvm_get_kvm() call, and go to the fail label if it > > > > fails. > > > > > > And what happens if another thread does close() on the (guessed) fd? > > > > Chaos ensues, but mostly because we don't have proper mutual exclusion > > on the modifications to the list. I'll add a mutex_lock/unlock to > > kvm_spapr_tce_release() and move the anon_inode_getfd() call inside > > the mutex. > > > > It looks like the other possible uses of the fd (mmap, and passing it > > as a parameter to the KVM_DEV_VFIO_GROUP_SET_SPAPR_TCE ioctl on a KVM > > device fd) are safe. > > Frankly, it's a lot saner to have "no failure points past anon_inode_getfd()" > policy... Right. In my latest patch, there are no failure points past anon_inode_getfd(). Paul.
