diff options
author | Avi Kivity <avi@qumranet.com> | 2007-11-21 09:41:05 -0500 |
---|---|---|
committer | Avi Kivity <avi@qumranet.com> | 2008-01-30 10:53:13 -0500 |
commit | 6d4e4c4fca5be806b888d606894d914847e82d78 (patch) | |
tree | dc383e27d812f617d791f48ba1527d70c86b65ba | |
parent | 76c35c6e99cb46b936b88cc795c9c886e7fe7bd4 (diff) |
KVM: Disallow fork() and similar games when using a VM
We don't want the meaning of guest userspace changing under our feet.
Signed-off-by: Avi Kivity <avi@qumranet.com>
-rw-r--r-- | drivers/kvm/kvm.h | 1 | ||||
-rw-r--r-- | drivers/kvm/kvm_main.c | 9 | ||||
-rw-r--r-- | kernel/fork.c | 1 |
3 files changed, 11 insertions, 0 deletions
diff --git a/drivers/kvm/kvm.h b/drivers/kvm/kvm.h index 1fd8158ced89..be18620bd656 100644 --- a/drivers/kvm/kvm.h +++ b/drivers/kvm/kvm.h | |||
@@ -305,6 +305,7 @@ struct kvm_vm_stat { | |||
305 | 305 | ||
306 | struct kvm { | 306 | struct kvm { |
307 | struct mutex lock; /* protects everything except vcpus */ | 307 | struct mutex lock; /* protects everything except vcpus */ |
308 | struct mm_struct *mm; /* userspace tied to this vm */ | ||
308 | int naliases; | 309 | int naliases; |
309 | struct kvm_mem_alias aliases[KVM_ALIAS_SLOTS]; | 310 | struct kvm_mem_alias aliases[KVM_ALIAS_SLOTS]; |
310 | int nmemslots; | 311 | int nmemslots; |
diff --git a/drivers/kvm/kvm_main.c b/drivers/kvm/kvm_main.c index aec6b67cfebb..0efd759e585f 100644 --- a/drivers/kvm/kvm_main.c +++ b/drivers/kvm/kvm_main.c | |||
@@ -165,6 +165,8 @@ static struct kvm *kvm_create_vm(void) | |||
165 | if (IS_ERR(kvm)) | 165 | if (IS_ERR(kvm)) |
166 | goto out; | 166 | goto out; |
167 | 167 | ||
168 | kvm->mm = current->mm; | ||
169 | atomic_inc(&kvm->mm->mm_count); | ||
168 | kvm_io_bus_init(&kvm->pio_bus); | 170 | kvm_io_bus_init(&kvm->pio_bus); |
169 | mutex_init(&kvm->lock); | 171 | mutex_init(&kvm->lock); |
170 | kvm_io_bus_init(&kvm->mmio_bus); | 172 | kvm_io_bus_init(&kvm->mmio_bus); |
@@ -202,12 +204,15 @@ void kvm_free_physmem(struct kvm *kvm) | |||
202 | 204 | ||
203 | static void kvm_destroy_vm(struct kvm *kvm) | 205 | static void kvm_destroy_vm(struct kvm *kvm) |
204 | { | 206 | { |
207 | struct mm_struct *mm = kvm->mm; | ||
208 | |||
205 | spin_lock(&kvm_lock); | 209 | spin_lock(&kvm_lock); |
206 | list_del(&kvm->vm_list); | 210 | list_del(&kvm->vm_list); |
207 | spin_unlock(&kvm_lock); | 211 | spin_unlock(&kvm_lock); |
208 | kvm_io_bus_destroy(&kvm->pio_bus); | 212 | kvm_io_bus_destroy(&kvm->pio_bus); |
209 | kvm_io_bus_destroy(&kvm->mmio_bus); | 213 | kvm_io_bus_destroy(&kvm->mmio_bus); |
210 | kvm_arch_destroy_vm(kvm); | 214 | kvm_arch_destroy_vm(kvm); |
215 | mmdrop(mm); | ||
211 | } | 216 | } |
212 | 217 | ||
213 | static int kvm_vm_release(struct inode *inode, struct file *filp) | 218 | static int kvm_vm_release(struct inode *inode, struct file *filp) |
@@ -818,6 +823,8 @@ static long kvm_vcpu_ioctl(struct file *filp, | |||
818 | void __user *argp = (void __user *)arg; | 823 | void __user *argp = (void __user *)arg; |
819 | int r; | 824 | int r; |
820 | 825 | ||
826 | if (vcpu->kvm->mm != current->mm) | ||
827 | return -EIO; | ||
821 | switch (ioctl) { | 828 | switch (ioctl) { |
822 | case KVM_RUN: | 829 | case KVM_RUN: |
823 | r = -EINVAL; | 830 | r = -EINVAL; |
@@ -976,6 +983,8 @@ static long kvm_vm_ioctl(struct file *filp, | |||
976 | void __user *argp = (void __user *)arg; | 983 | void __user *argp = (void __user *)arg; |
977 | int r; | 984 | int r; |
978 | 985 | ||
986 | if (kvm->mm != current->mm) | ||
987 | return -EIO; | ||
979 | switch (ioctl) { | 988 | switch (ioctl) { |
980 | case KVM_CREATE_VCPU: | 989 | case KVM_CREATE_VCPU: |
981 | r = kvm_vm_ioctl_create_vcpu(kvm, arg); | 990 | r = kvm_vm_ioctl_create_vcpu(kvm, arg); |
diff --git a/kernel/fork.c b/kernel/fork.c index 314f5101d2b0..05e0b6f4365b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -393,6 +393,7 @@ void fastcall __mmdrop(struct mm_struct *mm) | |||
393 | destroy_context(mm); | 393 | destroy_context(mm); |
394 | free_mm(mm); | 394 | free_mm(mm); |
395 | } | 395 | } |
396 | EXPORT_SYMBOL_GPL(__mmdrop); | ||
396 | 397 | ||
397 | /* | 398 | /* |
398 | * Decrement the use count and release all resources for an mm. | 399 | * Decrement the use count and release all resources for an mm. |