linux/include
Paolo Bonzini d56f5136b0 KVM: let kvm_destroy_vm_debugfs clean up vCPU debugfs directories
After commit 63d0434 ("KVM: x86: move kvm_create_vcpu_debugfs after
last failure point") we are creating the pre-vCPU debugfs files
after the creation of the vCPU file descriptor.  This makes it
possible for userspace to reach kvm_vcpu_release before
kvm_create_vcpu_debugfs has finished.  The vcpu->debugfs_dentry
then does not have any associated inode anymore, and this causes
a NULL-pointer dereference in debugfs_create_file.

The solution is simply to avoid removing the files; they are
cleaned up when the VM file descriptor is closed (and that must be
after KVM_CREATE_VCPU returns).  We can stop storing the dentry
in struct kvm_vcpu too, because it is not needed anywhere after
kvm_create_vcpu_debugfs returns.

Reported-by: syzbot+705f4401d5a93a59b87d@syzkaller.appspotmail.com
Fixes: 63d0434837 ("KVM: x86: move kvm_create_vcpu_debugfs after last failure point")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-04 11:00:54 -04:00
..
acpi Merge branches 'acpi-apei', 'acpi-pmic', 'acpi-video' and 'acpi-dptf' 2020-06-01 17:19:43 +02:00
asm-generic Merge branch 'akpm' (patches from Andrew) 2020-06-03 20:24:15 -07:00
clocksource
crypto crypto: lib/sha1 - fold linux/cryptohash.h into crypto/sha.h 2020-05-08 15:32:17 +10:00
drm drm pull for 5.8-rc1 2020-06-02 15:04:15 -07:00
dt-bindings
keys
kunit
kvm KVM: arm64: vgic-v3: Take cpu_if pointer directly instead of vcpu 2020-05-28 11:57:10 +01:00
linux KVM: let kvm_destroy_vm_debugfs clean up vCPU debugfs directories 2020-06-04 11:00:54 -04:00
math-emu
media media updates for v5.8-rc1 2020-06-03 20:59:38 -07:00
misc
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
pcmcia
ras
rdma RDMA/core: Fix double destruction of uobject 2020-05-27 14:22:57 -03:00
scsi
soc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-06 22:10:13 -07:00
sound ALSA: rawmidi: Fix racy buffer resize under concurrent accesses 2020-05-07 22:29:14 +02:00
target
trace Merge branch 'akpm' (patches from Andrew) 2020-06-03 20:24:15 -07:00
uapi media updates for v5.8-rc1 2020-06-03 20:59:38 -07:00
vdso
video
xen