David Hildenbrand 42462d23e6 KVM: kvm_io_bus_unregister_dev() should never fail ... commit 90db10434b163e46da413d34db8d0e77404cc645 upstream. No caller currently checks the return value of kvm_io_bus_unregister_dev(). This is evil, as all callers silently go on freeing their device. A stale reference will remain in the io_bus, getting at least used again, when the iobus gets teared down on kvm_destroy_vm() - leading to use after free errors. There is nothing the callers could do, except retrying over and over again. So let's simply remove the bus altogether, print an error and make sure no one can access this broken bus again (returning -ENOMEM on any attempt to access it). Fixes: e93f8a0f82 ("KVM: convert io_bus to SRCU") Reported-by: Dmitry Vyukov <dvyukov@google.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: David Hildenbrand <david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2017-04-08 09:53:32 +02:00
..
arm	KVM: arm/arm64: Handle forward time correction gracefully	2016-05-04 14:48:40 -07:00
async_pf.c	KVM: async_pf: do not warn on page allocation failures	2016-03-03 15:07:29 -08:00
async_pf.h	KVM: fix checkpatch.pl errors in kvm/async_pf.h	2015-06-19 17:16:25 +02:00
coalesced_mmio.c	KVM: move iodev.h from virt/kvm/ to include/kvm	2015-03-26 21:43:12 +00:00
coalesced_mmio.h	KVM: make the declaration of functions within 80 characters	2015-09-14 18:43:19 +02:00
eventfd.c	KVM: kvm_io_bus_unregister_dev() should never fail	2017-04-08 09:53:32 +02:00
irqchip.c	KVM: irqfd: fix NULL pointer dereference in kvm_irq_map_gsi	2016-06-24 10:18:18 -07:00
Kconfig	KVM: don't pointlessly leave KVM_COMPAT=y in non-KVM configs	2015-11-04 16:24:30 +01:00
kvm_main.c	KVM: kvm_io_bus_unregister_dev() should never fail	2017-04-08 09:53:32 +02:00
vfio.c	KVM: count number of assigned devices	2015-07-10 13:25:26 +02:00
vfio.h	kvm: vfio: fix unregister kvm_device_ops of vfio	2014-10-24 13:30:47 +02:00