mirror of
https://github.com/torvalds/linux.git
synced 2024-12-26 12:52:30 +00:00
76021e96d7
Wrap the vcpu->pid dereference in the debugfs hook vcpu_get_pid() with
proper RCU read (un)lock. Unlike the code in kvm_vcpu_ioctl(),
vcpu_get_pid() is not a simple access; the pid pointer is passed to
pid_nr() and fully dereferenced if the pointer is non-NULL.
Failure to acquire RCU could result in use-after-free of the old pid if
a different task invokes KVM_RUN and puts the last reference to the old
vcpu->pid between vcpu_get_pid() reading the pointer and dereferencing it
in pid_nr().
Fixes:
|
||
---|---|---|
.. | ||
async_pf.c | ||
async_pf.h | ||
binary_stats.c | ||
coalesced_mmio.c | ||
coalesced_mmio.h | ||
dirty_ring.c | ||
eventfd.c | ||
irqchip.c | ||
Kconfig | ||
kvm_main.c | ||
kvm_mm.h | ||
Makefile.kvm | ||
pfncache.c | ||
vfio.c | ||
vfio.h |