| Message ID | 20240308223702.1350851-2-seanjc@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [GIT,PULL] KVM: Async #PF changes for 6.9 | expand |
On 3/8/24 23:36, Sean Christopherson wrote: > Fix a long-standing bug in the async #PF code where KVM code could be left > running in a workqueue even after all *external* references to KVM-the-module > have been put, and a few minor cleanups on top. > > The following changes since commit 41bccc98fb7931d63d03f326a746ac4d429c1dd3: > > Linux 6.8-rc2 (2024-01-28 17:01:12 -0800) > > are available in the Git repository at: > > https://github.com/kvm-x86/linux.git tags/kvm-x86-asyncpf-6.9 > > for you to fetch changes up to c2744ed2230a92636f04cde48f2f7d8d3486e194: > > KVM: Nullify async #PF worker's "apf" pointer as soon as it might be freed (2024-02-06 11:04:58 -0800) > > ---------------------------------------------------------------- > KVM async page fault changes for 6.9: > > - Always flush the async page fault workqueue when a work item is being > removed, especially during vCPU destruction, to ensure that there are no > workers running in KVM code when all references to KVM-the-module are gone, > i.e. to prevent a use-after-free if kvm.ko is unloaded. > > - Grab a reference to the VM's mm_struct in the async #PF worker itself instead > of gifting the worker a reference, e.g. so that there's no need to remember > to *conditionally* clean up after the worker. > > ---------------------------------------------------------------- Pulled, thanks. Paolo > Sean Christopherson (4): > KVM: Always flush async #PF workqueue when vCPU is being destroyed > KVM: Put mm immediately after async #PF worker completes remote gup() > KVM: Get reference to VM's address space in the async #PF worker > KVM: Nullify async #PF worker's "apf" pointer as soon as it might be freed > > include/linux/kvm_host.h | 1 - > virt/kvm/async_pf.c | 73 ++++++++++++++++++++++++++++++++---------------- > 2 files changed, 49 insertions(+), 25 deletions(-) >
Fix a long-standing bug in the async #PF code where KVM code could be left running in a workqueue even after all *external* references to KVM-the-module have been put, and a few minor cleanups on top. The following changes since commit 41bccc98fb7931d63d03f326a746ac4d429c1dd3: Linux 6.8-rc2 (2024-01-28 17:01:12 -0800) are available in the Git repository at: https://github.com/kvm-x86/linux.git tags/kvm-x86-asyncpf-6.9 for you to fetch changes up to c2744ed2230a92636f04cde48f2f7d8d3486e194: KVM: Nullify async #PF worker's "apf" pointer as soon as it might be freed (2024-02-06 11:04:58 -0800) ---------------------------------------------------------------- KVM async page fault changes for 6.9: - Always flush the async page fault workqueue when a work item is being removed, especially during vCPU destruction, to ensure that there are no workers running in KVM code when all references to KVM-the-module are gone, i.e. to prevent a use-after-free if kvm.ko is unloaded. - Grab a reference to the VM's mm_struct in the async #PF worker itself instead of gifting the worker a reference, e.g. so that there's no need to remember to *conditionally* clean up after the worker. ---------------------------------------------------------------- Sean Christopherson (4): KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: Put mm immediately after async #PF worker completes remote gup() KVM: Get reference to VM's address space in the async #PF worker KVM: Nullify async #PF worker's "apf" pointer as soon as it might be freed include/linux/kvm_host.h | 1 - virt/kvm/async_pf.c | 73 ++++++++++++++++++++++++++++++++---------------- 2 files changed, 49 insertions(+), 25 deletions(-)