[kvm-commits] [PATCH] KVM: kill file->f_count abuse in kvm

Thu, 24 Apr 2008 10:27:35 -0700 

From: Al Viro <[EMAIL PROTECTED]>

Use kvm own refcounting instead of playing with ->filp->f_count.
That will allow to get rid of a lot of crap in anon_inode_getfd() and
kill a race in kvm_dev_ioctl_create_vm() (file might have been closed
immediately by another thread, so ->filp might point to already freed
struct file when we get around to setting it).

Signed-off-by: Al Viro <[EMAIL PROTECTED]>
Signed-off-by: Avi Kivity <[EMAIL PROTECTED]>

diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 4e16682..3989789 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -110,7 +110,6 @@ struct kvm {
                                        KVM_PRIVATE_MEM_SLOTS];
        struct kvm_vcpu *vcpus[KVM_MAX_VCPUS];
        struct list_head vm_list;
-       struct file *filp;
        struct kvm_io_bus mmio_bus;
        struct kvm_io_bus pio_bus;
        struct kvm_vm_stat stat;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index f095b73..5e7802e 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -818,7 +818,7 @@ static int kvm_vcpu_release(struct inode *inode, struct 
file *filp)
 {
        struct kvm_vcpu *vcpu = filp->private_data;
 
-       fput(vcpu->kvm->filp);
+       kvm_put_kvm(vcpu->kvm);
        return 0;
 }
 
@@ -840,9 +840,10 @@ static int create_vcpu_fd(struct kvm_vcpu *vcpu)
 
        r = anon_inode_getfd(&fd, &inode, &file,
                             "kvm-vcpu", &kvm_vcpu_fops, vcpu);
-       if (r)
+       if (r) {
+               kvm_put_kvm(vcpu->kvm);
                return r;
-       atomic_inc(&vcpu->kvm->filp->f_count);
+       }
        return fd;
 }
 
@@ -877,6 +878,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n)
        mutex_unlock(&kvm->lock);
 
        /* Now it's all set up, let userspace reach it */
+       kvm_get_kvm(kvm);
        r = create_vcpu_fd(vcpu);
        if (r < 0)
                goto unlink;
@@ -1176,12 +1178,10 @@ static int kvm_dev_ioctl_create_vm(void)
                return PTR_ERR(kvm);
        r = anon_inode_getfd(&fd, &inode, &file, "kvm-vm", &kvm_vm_fops, kvm);
        if (r) {
-               kvm_destroy_vm(kvm);
+               kvm_put_kvm(kvm);
                return r;
        }
 
-       kvm->filp = file;
-
        return fd;
 }
 

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
kvm-commits mailing list
kvm-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kvm-commits

Reply via email to