Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()

On 12/29/22 03:12, Michal Luczaj wrote:

It looks like there are more places with such bad ordering:
kvm_vm_ioctl_set_msr_filter(), kvm_vm_ioctl_set_pmu_event_filter().

These are easy to fix because the unlock can just be moved beforesynchronize_srcu() or synchronize_srcu_expedited(). Would you like tosend a patch?


Paolo

Follow-Ups:
- [PATCH 0/2] Fix deadlocks in kvm_vm_ioctl_set_msr_filter() and
  - From: Michal Luczaj

References:
- [RFC PATCH 0/2] Use-after-free in kvm_xen_eventfd_update()
  - From: Michal Luczaj
- [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Michal Luczaj
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Paolo Bonzini
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Michal Luczaj
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Paolo Bonzini
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Michal Luczaj
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Paolo Bonzini
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: David Woodhouse
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Paolo Bonzini
- Re: [RFC PATCH 1/2] KVM: x86/xen: Fix use-after-free in kvm_xen_eventfd_update()
  - From: Michal Luczaj