From patchwork Sat Apr 2 17:40:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12799389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B6749C433F5 for ; Sat, 2 Apr 2022 17:42:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=l94r8WpzvtxQPIEAizx/WHMNSK9ElvWV37JHLkNfSfg=; b=Vj/dllvUBPpWhZRBGoFnmwJqsU KFqbVpwE/585PlZvX6lbvoPMPKzX1X8uY47LWOo4YDZu8zl8PEYr+loSCGoaN0cbQF2oScHlbSn0K hPCELhv8nhGz4qiZhip8ptbJXevJsdg/2E7Q78mu/3TewpebzVrYEpWCLeZNp3YUdZpmNC/v8ULM6 wJApYPWVcXJNNZ3vcJU0nFm75Qb7v0MPJB+qvFBl6b9hgizJ60VNQu2iYXVoElsmLAmKJaqn3CCEX gePKVBibyZaD0oZhWThIWk1g9Nv32jNk55kWaD/HoHRY+jhxlcEGr+eHG55/TAeM+TwuHWc8weIhu 0MQfN0/A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nahkE-009jf0-TR; Sat, 02 Apr 2022 17:41:03 +0000 Received: from mail-il1-x14a.google.com ([2607:f8b0:4864:20::14a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nahk3-009jZC-Ms for linux-arm-kernel@lists.infradead.org; Sat, 02 Apr 2022 17:40:52 +0000 Received: by mail-il1-x14a.google.com with SMTP id t16-20020a056e02061000b002c7ddaa0006so3739657ils.7 for ; Sat, 02 Apr 2022 10:40:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=gTC6wbFjulJGpnpdlR2cK65pyxNM9FH8zxgBPKIedMA=; b=IWfMP6PPwTJ7suUb8PtMClWLhu9Q7lmuLZmLxHUiZhB7qG4ONiUnCn55RSteRI6Lj5 WnEriAXO/P4p+M1csdNAB/x8uJiummx6Y0/TAZvBpSRquz7KG9vvI9Z6+/yhFBG80bUu 39n7syXyAT1fsyP29qR+jYISRWRnLync2LwfFqLxLJaprc1qfO6clU6/t+z5WaogkP/5 pF2RgGe/XeZ5vptUf4kb+iPKSZrA25QUiVI1NECCavK79JLnaNP1nDRCJ8PGXkQUIXcp 9MIuPc1dQkdbiiC/Rw1s3I6v/S07jCmPozzTf7mjzKbEIjMM3oXDFA7NbxxInFHCcbGP OarA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=gTC6wbFjulJGpnpdlR2cK65pyxNM9FH8zxgBPKIedMA=; b=awLixpBKdnov1u+IwU1wLecwhkqJSYy8+MLJIIuwS+lo3PixvliwT/zN+vzsq45T/i xKGNKCbeLund5EH8xnRkDSslUc94EaywUTfOzE84KO7tSG3u2dz3i3JrFby5Q5XtCctG VplWucNd3cfWtygmxKWk9zLGJZE8ocLhDVMwKZ38aSb28F6mlVBTtMOR+4w4rp0zwYpF EkmQyCYq8KD2Hmk0K+PceLFkKrzf+fmOtKPS23yvOV8LLt3LEK2D/0t/ywQH1s/V5KRC 3V8/zM6/5UIt8puy0PyX8ik+A5c4dymPja3Ewx3wAL+Fy9VjQfexGLw3mutN6UzrlSoK AZ/g== X-Gm-Message-State: AOAM530oTy2gr5bauZ4yO7DGH5/tNPfnSeHPQSY3G7J575TNKSMQhVGH pqj7QhgIE/pprlDzKIA5dxXlFUpRwJo= X-Google-Smtp-Source: ABdhPJxh22igukLOyB7xjQIkB7xrRakZ5rtTFEJOHvXCH6QTQaKRf4Vev65C2RCw3Khe1CzIiG7PGVWShMA= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a92:6810:0:b0:2ca:1ff:e32e with SMTP id d16-20020a926810000000b002ca01ffe32emr2313380ilc.212.1648921249504; Sat, 02 Apr 2022 10:40:49 -0700 (PDT) Date: Sat, 2 Apr 2022 17:40:41 +0000 In-Reply-To: <20220402174044.2263418-1-oupton@google.com> Message-Id: <20220402174044.2263418-2-oupton@google.com> Mime-Version: 1.0 References: <20220402174044.2263418-1-oupton@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH 1/4] KVM: arm64: vgic: Don't assume the VM debugfs directory exists From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , linux-arm-kernel@lists.infradead.org, Peter Shier , Ricardo Koller , Reiji Watanabe , Paolo Bonzini , Sean Christopherson , Oliver Upton , stable@kernel.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220402_104051_781070_C78C7CD7 X-CRM114-Status: GOOD ( 12.97 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Unfortunately, there is no guarantee that KVM was able to instantiate a debugfs directory for a particular VM. To that end, KVM shouldn't even attempt to create new debugfs files in this case. If the specified parent dentry is NULL, debugfs_create_file() will instantiate files at the root of debugfs. Since it is possible to create the vgic-state file outside of a VM directory, the file is not cleaned up when a VM is destroyed. Nonetheless, the corresponding struct kvm is freed when the VM is destroyed. Plug the use-after-free by plainly refusing to create vgic-state when KVM fails to create a VM debugfs dir. Cc: stable@kernel.org Fixes: 929f45e32499 ("kvm: no need to check return value of debugfs_create functions") Signed-off-by: Oliver Upton --- arch/arm64/kvm/vgic/vgic-debug.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/kvm/vgic/vgic-debug.c b/arch/arm64/kvm/vgic/vgic-debug.c index f38c40a76251..cf1364a6fabc 100644 --- a/arch/arm64/kvm/vgic/vgic-debug.c +++ b/arch/arm64/kvm/vgic/vgic-debug.c @@ -271,6 +271,9 @@ DEFINE_SEQ_ATTRIBUTE(vgic_debug); void vgic_debug_init(struct kvm *kvm) { + if (!kvm->debugfs_dentry) + return; + debugfs_create_file("vgic-state", 0444, kvm->debugfs_dentry, kvm, &vgic_debug_fops); }