summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSean Christopherson <seanjc@google.com>2023-07-11 16:01:31 -0700
committerPaolo Bonzini <pbonzini@redhat.com>2023-07-29 11:05:30 -0400
commit211c0189ea18648a0cf23dea9f4ed745bc9252f6 (patch)
tree72d0ed2ac85ab7122d5d1c6ef903ac36fd3f8a40
parent65f1f57f35e5e833c879a7afb9c862c603695917 (diff)
downloadlwn-211c0189ea18648a0cf23dea9f4ed745bc9252f6.tar.gz
lwn-211c0189ea18648a0cf23dea9f4ed745bc9252f6.zip
KVM: selftests: Verify stats fd is usable after VM fd has been closed
Verify that VM and vCPU binary stats files are usable even after userspace has put its last direct reference to the VM. This is a regression test for a UAF bug where KVM didn't gift the stats files a reference to the VM. Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20230711230131.648752-8-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r--tools/testing/selftests/kvm/kvm_binary_stats_test.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/tools/testing/selftests/kvm/kvm_binary_stats_test.c b/tools/testing/selftests/kvm/kvm_binary_stats_test.c
index 5317e27b77d0..698c1cfa3111 100644
--- a/tools/testing/selftests/kvm/kvm_binary_stats_test.c
+++ b/tools/testing/selftests/kvm/kvm_binary_stats_test.c
@@ -252,6 +252,14 @@ int main(int argc, char *argv[])
stats_test(vcpu_get_stats_fd(vcpus[i * max_vcpu + j]));
}
+ /*
+ * Close the VM fd and redo the stats tests. KVM should gift a
+ * reference (to the VM) to each stats fd, i.e. stats should
+ * still be accessible even after userspace has put its last
+ * _direct_ reference to the VM.
+ */
+ kvm_vm_free(vms[i]);
+
stats_test(vm_stats_fds);
for (j = 0; j < max_vcpu; ++j)
stats_test(vcpu_stats_fds[j]);
@@ -259,8 +267,6 @@ int main(int argc, char *argv[])
ksft_test_result_pass("vm%i\n", i);
}
- for (i = 0; i < max_vm; ++i)
- kvm_vm_free(vms[i]);
free(vms);
free(vcpus);
free(vcpu_stats_fds);