From: Sean Christopherson <seanjc@google.com>
To: David Matlack <dmatlack@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+744e173caec2e1627ee0@syzkaller.appspotmail.com,
Oliver Upton <oliver.upton@linux.dev>
Subject: Re: [PATCH 2/3] KVM: Unconditionally get a ref to /dev/kvm module when creating a VM
Date: Tue, 16 Aug 2022 21:43:07 +0000 [thread overview]
Message-ID: <YvwPa5GuR8gjQdpc@google.com> (raw)
In-Reply-To: <YvvNfTouc22hiLwo@google.com>
On Tue, Aug 16, 2022, David Matlack wrote:
> On Tue, Aug 16, 2022 at 05:39:36AM +0000, Sean Christopherson wrote:
> > Unconditionally get a reference to the /dev/kvm module when creating a VM
> > instead of using try_get_module(), which will fail if the module is in
> > the process of being forcefully unloaded. The error handling when
> > try_get_module() fails doesn't properly unwind all that has been done,
> > e.g. doesn't call kvm_arch_pre_destroy_vm() and doesn't remove the VM
> > from the global list. Not removing VMs from the global list tends to be
> > fatal, e.g. leads to use-after-free explosions.
> >
> > The obvious alternative would be to add proper unwinding, but the
> > justification for using try_get_module(), "rmmod --wait", is completely
> > bogus as support for "rmmod --wait", i.e. delete_module() without
> > O_NONBLOCK, was removed by commit 3f2b9c9cdf38 ("module: remove rmmod
> > --wait option.") nearly a decade ago.
>
> Ah! include/linux/module.h may also need a cleanup then. The comment
> above __module_get() explicitly mentions "rmmod --wait", which is what
> led me to use try_module_get() for commit 5f6de5cbebee ("KVM: Prevent
> module exit until all VMs are freed").
Ugh, I didn't see that one. The whole thing is a mess. try_module_get() also
has a comment (just below the "rmmod --wait" comment) saying that it's the one
true way of doing things, but that's at best misleading for cases like this where
a module is taking a reference of _itself_.
The man pages are also woefully out of date :-/
next prev parent reply other threads:[~2022-08-16 21:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-16 5:39 [PATCH 0/3] KVM: kvm_create_vm() bug fixes and cleanup Sean Christopherson
2022-08-16 5:39 ` [PATCH 1/3] KVM: Properly unwind VM creation if creating debugfs fails Sean Christopherson
2022-08-16 17:52 ` Oliver Upton
2022-08-16 5:39 ` [PATCH 2/3] KVM: Unconditionally get a ref to /dev/kvm module when creating a VM Sean Christopherson
2022-08-16 17:01 ` David Matlack
2022-08-16 21:43 ` Sean Christopherson [this message]
2022-08-16 5:39 ` [PATCH 3/3] KVM: Move coalesced MMIO initialization (back) into kvm_create_vm() Sean Christopherson
2022-08-16 18:04 ` Oliver Upton
2022-08-16 19:23 ` Sean Christopherson
2022-08-17 9:47 ` [PATCH 0/3] KVM: kvm_create_vm() bug fixes and cleanup Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YvwPa5GuR8gjQdpc@google.com \
--to=seanjc@google.com \
--cc=dmatlack@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=syzbot+744e173caec2e1627ee0@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.