From: Jason Gunthorpe <jgg@nvidia.com>
To: kvm@vger.kernel.org
Cc: Alex Williamson <alex.williamson@redhat.com>,
"Raj, Ashok" <ashok.raj@intel.com>,
Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>,
Neo Jia <cjia@nvidia.com>, Cornelia Huck <cohuck@redhat.com>,
Dan Williams <dan.j.williams@intel.com>,
Christoph Hellwig <hch@lst.de>, Jike Song <jike.song@intel.com>,
Kevin Tian <kevin.tian@intel.com>,
Kirti Wankhede <kwankhede@nvidia.com>,
Leon Romanovsky <leonro@nvidia.com>,
Max Gurtovoy <mgurtovoy@nvidia.com>,
Tarun Gupta <targupta@nvidia.com>
Subject: [PATCH v2 02/18] vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
Date: Tue, 6 Apr 2021 16:40:25 -0300 [thread overview]
Message-ID: <2-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com> (raw)
In-Reply-To: <0-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com>
There is a small race where the parent is NULL even though the kobj has
already been made visible in sysfs.
For instance the attribute_group is made visible in sysfs_create_files()
and the mdev_type_attr_show() does:
ret = attr->show(kobj, type->parent->dev, buf);
Which will crash on NULL parent. Move the parent setup to before the type
pointer leaves the stack frame.
Fixes: 7b96953bc640 ("vfio: Mediated device Core driver")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
---
drivers/vfio/mdev/mdev_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c
index 917fd84c1c6f24..367ff5412a3879 100644
--- a/drivers/vfio/mdev/mdev_sysfs.c
+++ b/drivers/vfio/mdev/mdev_sysfs.c
@@ -105,6 +105,7 @@ static struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent,
return ERR_PTR(-ENOMEM);
type->kobj.kset = parent->mdev_types_kset;
+ type->parent = parent;
ret = kobject_init_and_add(&type->kobj, &mdev_type_ktype, NULL,
"%s-%s", dev_driver_string(parent->dev),
@@ -132,7 +133,6 @@ static struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent,
}
type->group = group;
- type->parent = parent;
return type;
attrs_failed:
--
2.31.1
next prev parent reply other threads:[~2021-04-06 19:40 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 19:40 [PATCH v2 00/18] Make vfio_mdev type safe Jason Gunthorpe
2021-04-06 19:40 ` [Intel-gfx] " Jason Gunthorpe
2021-04-06 19:40 ` Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 01/18] vfio/mdev: Fix missing static's on MDEV_TYPE_ATTR's Jason Gunthorpe
2021-04-07 5:09 ` Christoph Hellwig
2021-04-06 19:40 ` Jason Gunthorpe [this message]
2021-04-06 19:40 ` [PATCH v2 03/18] vfio/mdev: Add missing typesafety around mdev_device Jason Gunthorpe
2021-04-07 5:16 ` Christoph Hellwig
2021-04-06 19:40 ` [PATCH v2 04/18] vfio/mdev: Simplify driver registration Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 05/18] vfio/mdev: Use struct mdev_type in struct mdev_device Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 06/18] vfio/mdev: Expose mdev_get/put_parent to mdev_private.h Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 07/18] vfio/mdev: Add missing reference counting to mdev_type Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 08/18] vfio/mdev: Reorganize mdev_device_create() Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 09/18] vfio/mdev: Add missing error handling to dev_set_name() Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 10/18] vfio/mdev: Remove duplicate storage of parent in mdev_device Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 11/18] vfio/mdev: Add mdev/mtype_get_type_group_id() Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 12/18] vfio/mtty: Use mdev_get_type_group_id() Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 13/18] vfio/mdpy: " Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 14/18] vfio/mbochs: " Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 15/18] vfio/gvt: Make DRM_I915_GVT depend on VFIO_MDEV Jason Gunthorpe
2021-04-06 19:40 ` [Intel-gfx] " Jason Gunthorpe
2021-04-12 7:27 ` Zhenyu Wang
2021-04-12 7:27 ` Zhenyu Wang
2021-04-06 19:40 ` [PATCH v2 16/18] vfio/gvt: Use mdev_get_type_group_id() Jason Gunthorpe
2021-04-06 19:40 ` [Intel-gfx] " Jason Gunthorpe
2021-04-12 7:30 ` Zhenyu Wang
2021-04-12 7:30 ` [Intel-gfx] " Zhenyu Wang
2021-04-06 19:40 ` [PATCH v2 17/18] vfio/mdev: Remove kobj from mdev_parent_ops->create() Jason Gunthorpe
2021-04-06 19:40 ` [Intel-gfx] " Jason Gunthorpe
2021-04-06 19:40 ` Jason Gunthorpe
2021-04-06 19:40 ` [PATCH v2 18/18] vfio/mdev: Correct the function signatures for the mdev_type_attributes Jason Gunthorpe
2021-04-06 19:40 ` [Intel-gfx] " Jason Gunthorpe
2021-04-06 19:40 ` Jason Gunthorpe
2021-04-14 18:17 ` [PATCH v2 00/18] Make vfio_mdev type safe Alex Williamson
2021-04-14 18:17 ` [Intel-gfx] " Alex Williamson
2021-04-14 18:17 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=bjsdjshi@linux.vnet.ibm.com \
--cc=cjia@nvidia.com \
--cc=cohuck@redhat.com \
--cc=dan.j.williams@intel.com \
--cc=hch@lst.de \
--cc=jike.song@intel.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=leonro@nvidia.com \
--cc=mgurtovoy@nvidia.com \
--cc=targupta@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.