On Thu, 01 Dec 2011 15:15:03 +0200 Avi Kivity <avi@xxxxxxxxxx> wrote: > > + > > + if (kvm->arch.gmap) > > + gmap_free(kvm->arch.gmap); > > + > > + kvm->arch.gmap = NULL; > > Locking? > > What happens if a vcpu is created afterwards? > > I guess you don't mind too much since this is a privileged interface for > a single purpose. That is indeed a race. A malicious user space could create a new cpu with KVM_CREATE_VCPU on another thread after the for loop checked that there are no VCPUs. The new VCPU could then pick up the kvm->arch.gmap and use it while the caller of KVM_S390_ENABLE_UCONTROL frees the structure. The kvm_s390_enable_ucontrol function needs to lock with the kvm->lock mutex. -- blue skies, Martin. "Reality continues to ruin my life." - Calvin. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
