diff options
author | Avi Kivity <avi@qumranet.com> | 2007-11-21 16:41:05 +0200 |
---|---|---|
committer | Avi Kivity <avi@qumranet.com> | 2008-01-30 17:53:13 +0200 |
commit | 6d4e4c4fca5be806b888d606894d914847e82d78 (patch) | |
tree | dc383e27d812f617d791f48ba1527d70c86b65ba | |
parent | 76c35c6e99cb46b936b88cc795c9c886e7fe7bd4 (diff) | |
download | lwn-6d4e4c4fca5be806b888d606894d914847e82d78.tar.gz lwn-6d4e4c4fca5be806b888d606894d914847e82d78.zip |
KVM: Disallow fork() and similar games when using a VM
We don't want the meaning of guest userspace changing under our feet.
Signed-off-by: Avi Kivity <avi@qumranet.com>
-rw-r--r-- | drivers/kvm/kvm.h | 1 | ||||
-rw-r--r-- | drivers/kvm/kvm_main.c | 9 | ||||
-rw-r--r-- | kernel/fork.c | 1 |
3 files changed, 11 insertions, 0 deletions
diff --git a/drivers/kvm/kvm.h b/drivers/kvm/kvm.h index 1fd8158ced89..be18620bd656 100644 --- a/drivers/kvm/kvm.h +++ b/drivers/kvm/kvm.h @@ -305,6 +305,7 @@ struct kvm_vm_stat { struct kvm { struct mutex lock; /* protects everything except vcpus */ + struct mm_struct *mm; /* userspace tied to this vm */ int naliases; struct kvm_mem_alias aliases[KVM_ALIAS_SLOTS]; int nmemslots; diff --git a/drivers/kvm/kvm_main.c b/drivers/kvm/kvm_main.c index aec6b67cfebb..0efd759e585f 100644 --- a/drivers/kvm/kvm_main.c +++ b/drivers/kvm/kvm_main.c @@ -165,6 +165,8 @@ static struct kvm *kvm_create_vm(void) if (IS_ERR(kvm)) goto out; + kvm->mm = current->mm; + atomic_inc(&kvm->mm->mm_count); kvm_io_bus_init(&kvm->pio_bus); mutex_init(&kvm->lock); kvm_io_bus_init(&kvm->mmio_bus); @@ -202,12 +204,15 @@ void kvm_free_physmem(struct kvm *kvm) static void kvm_destroy_vm(struct kvm *kvm) { + struct mm_struct *mm = kvm->mm; + spin_lock(&kvm_lock); list_del(&kvm->vm_list); spin_unlock(&kvm_lock); kvm_io_bus_destroy(&kvm->pio_bus); kvm_io_bus_destroy(&kvm->mmio_bus); kvm_arch_destroy_vm(kvm); + mmdrop(mm); } static int kvm_vm_release(struct inode *inode, struct file *filp) @@ -818,6 +823,8 @@ static long kvm_vcpu_ioctl(struct file *filp, void __user *argp = (void __user *)arg; int r; + if (vcpu->kvm->mm != current->mm) + return -EIO; switch (ioctl) { case KVM_RUN: r = -EINVAL; @@ -976,6 +983,8 @@ static long kvm_vm_ioctl(struct file *filp, void __user *argp = (void __user *)arg; int r; + if (kvm->mm != current->mm) + return -EIO; switch (ioctl) { case KVM_CREATE_VCPU: r = kvm_vm_ioctl_create_vcpu(kvm, arg); diff --git a/kernel/fork.c b/kernel/fork.c index 314f5101d2b0..05e0b6f4365b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -393,6 +393,7 @@ void fastcall __mmdrop(struct mm_struct *mm) destroy_context(mm); free_mm(mm); } +EXPORT_SYMBOL_GPL(__mmdrop); /* * Decrement the use count and release all resources for an mm. |