Received: by 10.223.164.202 with SMTP id h10csp194795wrb;
        Wed, 29 Nov 2017 20:04:39 -0800 (PST)
X-Google-Smtp-Source: AGs4zMZMX5sH64uJe3gwOKHzZjzQKNsSUhh9DY01f2GMAyVtOnWEsHCUIW/QKK8Un3BqQpEc4fBv
X-Received: by 10.98.242.9 with SMTP id m9mr5222940pfh.168.1512014679791;
        Wed, 29 Nov 2017 20:04:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1512014679; cv=none;
        d=google.com; s=arc-20160816;
        b=vStxkSmboFkYjlHHWVqBmcs1oreNyD8FuiT9oLSgdTHeEa25fbrdudsymNrotiqRQg
         oZ5OEQmkBrYuT9l/A064X7HAfk4T5xn/KgZagb3reuwg6H1fYmnpgMAYS//kUqpZ3NOY
         8/KJph+xliCPh8ro+wQ/zfDCEmM7Belh6nfcvT25hdmKSxWkiJZNepxmMN2Y7AoOCnrp
         6s9D2la1Z00hZIiTgOArS9SwUuUy+yrmBKnULU6Bpe25oRCTfitC0gUKAQbEOCV7p7Vf
         CiTnGLrYa60dIiLWpFJlldw7AbOZ+Sm2T1mr/YjIQHPSfqiCvEmI/A7s8qHPRH7tvVcD
         yjWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=9YJTaHITuUUAwLHfRZN0ISTyKi685LSqoNswGzp0zJc=;
        b=AcgRrx6wJrMXZoPq3gNhqeORSx/VMf7Kfuf5vpSInuzuT4PMtZW2Cpqv8jPtySNU6n
         e2G3oF1JP3nz40QcuWcQ3v93ZrSsZf4eB76UQTzgq7bNy9XQ3wEWqKKMdjfRKdlVJGdL
         IUcFAwzhXf2jVX45noMgqWWKS86hv4HSdBRSYw/l5n0qS2i2h09zPBsyPMZrw2IPTRuW
         Ad2/wrSVx0EeCremKxHOtIJe84PVSlqAiNM6ugD0gs0VMr2YQCLI6o9hz6Ilm2CUrcVy
         z51tyxRJtth9MiShzF4aUyTqVe5p9KYn8GW6810jqun/+goOFdrUi/PL6vy+sCDmbpE2
         J3+Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gibson.dropbear.id.au header.s=201602 header.b=SDjlsa/T;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h71si2326885pgc.321.2017.11.29.20.04.26;
        Wed, 29 Nov 2017 20:04:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gibson.dropbear.id.au header.s=201602 header.b=SDjlsa/T;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753835AbdK3EDF (ORCPT <rfc822;alexandre.munsch.linux@gmail.com>
        + 99 others); Wed, 29 Nov 2017 23:03:05 -0500
Received: from ozlabs.org ([103.22.144.67]:37997 "EHLO ozlabs.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753525AbdK3EDD (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Nov 2017 23:03:03 -0500
Received: by ozlabs.org (Postfix, from userid 1007)
        id 3ynNzV0QQ2z9sxR; Thu, 30 Nov 2017 15:03:01 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
        d=gibson.dropbear.id.au; s=201602; t=1512014582;
        bh=mekAV2aeWv2NTabty4GOcTwCBwfYUgZj9MZ7YJC1+D4=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=SDjlsa/Tg05JaC6WdZgRO2Qx2ca0UzSHmylx2ArXoJ6iF6ykNUOsdQyni4+z6EhPH
         YzJPfYv9H4qo3jDqp1Syuv46y8iRgbkFe3D0auz0bhActyvGotYOgRoEPmJMl9cjId
         7zcBAFxrZPk53rjdB/2NvePcSRGkd8p7PEI1OwV0=
Date:   Thu, 30 Nov 2017 14:54:46 +1100
From:   David Gibson <david@gibson.dropbear.id.au>
To:     Serhii Popovych <spopovyc@redhat.com>
Cc:     linux-kernel@vger.kernel.org, michael@ellerman.id.au,
        paulus@samba.org, linuxppc-dev@lists.ozlabs.org,
        kvm-ppc@vger.kernel.org
Subject: Re: [PATCH 0/4] Fix use after free in HPT resizing code and related
 minor improvements
Message-ID: <20171130035446.GS3023@umbus.fritz.box>
References: <1511973506-65683-1-git-send-email-spopovyc@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
        protocol="application/pgp-signature"; boundary="z4IKABJTiQIqPwmW"
Content-Disposition: inline
In-Reply-To: <1511973506-65683-1-git-send-email-spopovyc@redhat.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--z4IKABJTiQIqPwmW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 29, 2017 at 11:38:22AM -0500, Serhii Popovych wrote:
> It is possible to trigger use after free during HPT resize
> causing host kernel to crash. More details and analysis of
> the problem can be found in change with corresponding subject
> (KVM: PPC: Book3S HV: Fix use after free in case of multiple
> resize requests).
>=20
> We need some changes to prepare for the fix, especially
> make ->error in HPT resize instance single point for
> tracking allocation state, improve kvmppc_allocate_hpt()
> and kvmppc_free_hpt() so they can be used more safely.
>=20
> See individual commit description message to get more
> information on changes presented.
>=20
> Serhii Popovych (4):
>   KVM: PPC: Book3S HV: Drop prepare_done from struct kvm_resize_hpt and
>     cleanups
>   KVM: PPC: Book3S HV: Improve kvmppc_allocate_hpt()/kvmppc_free_hpt()
>   KVM: PPC: Book3S HV: Fix use after free in case of multiple resize
>     requests
>   KVM: PPC: Book3S HV: Remove redundant parameter from
>     resize_hpt_release()
>=20
>  arch/powerpc/kvm/book3s_64_mmu_hv.c | 139 +++++++++++++++++++++---------=
------
>  1 file changed, 82 insertions(+), 57 deletions(-)

Paul, these (at least 1-3) fix (another :() host crash bug which can
be triggered by guest and/or userspace actions.  Please merge ASAP.

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--z4IKABJTiQIqPwmW
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlofgQYACgkQbDjKyiDZ
s5JM9A/+MgJQALlYbgxZOkf5cgI34EpyZjerm1fKBUfx6ldByDXcPcpph8Z9Xeaz
p/B+gq7jF5Tt4C0TK+JP8kurg8Pd5I7a7NUCXqARwNxfWlaqQlPRWa+9GKrYpQPE
TEI61Xba3htQJFA27ZcMp++gXdmHO5C8quE+rz2PCZf/tvf3WFlb+H21ClpSnANG
ZqHYgM/PrsT5QgM/hlBxwTvAV4HUffn4myUFDndpQQpfNRDEWBdUPVdSc011ASfz
WaDG1cGTT6OXwdYHRM8h0v38uBKf6PFrVk/ACQlpCeLdsOrG/b4BIzsSvZfLEWW7
m13Zj0WQCgtOH4CD4uzZV4oRDprADOp0xa9vq4NjFpzXzBcP0BvQfa2zySawcV5Z
7l9HpMDTp8zxZ0JFWh+Nx31lMpqxRGs5irrWZ/iPZP7SMVpNbEbGJuMfmfqjExtN
cEoE3uiSBylwrPeOF9jxb/MKrRfk6f5QE4KuwD1YTCelis49XE/xMC7Lj7tRKa05
JcNhL6OwJ7ZMYBjnlQlt+58CbUVlVzmY/LiptHIPyYWLhkpx+oEWl+0779QTBKDT
qrqNNllgAN+kj7olVlUfxhRB7DAreEQ+tCV3faQUV4fJqeqSGlggbQdlX5nneVVF
KAbxwQBnd64JN3inxctRBUUBjH6Bx/SOGWu22YpGmfkdShklqwE=
=0aV8
-----END PGP SIGNATURE-----

--z4IKABJTiQIqPwmW--

From 1585419207293912726@xxx Wed Nov 29 16:39:38 +0000 2017
X-GM-THRID: 1585419207293912726
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread