Skip to content

Commit 211c018

Browse files
sean-jcbonzini
authored andcommitted
KVM: selftests: Verify stats fd is usable after VM fd has been closed
Verify that VM and vCPU binary stats files are usable even after userspace has put its last direct reference to the VM. This is a regression test for a UAF bug where KVM didn't gift the stats files a reference to the VM. Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20230711230131.648752-8-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 65f1f57 commit 211c018

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

tools/testing/selftests/kvm/kvm_binary_stats_test.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -252,15 +252,21 @@ int main(int argc, char *argv[])
252252
stats_test(vcpu_get_stats_fd(vcpus[i * max_vcpu + j]));
253253
}
254254

255+
/*
256+
* Close the VM fd and redo the stats tests. KVM should gift a
257+
* reference (to the VM) to each stats fd, i.e. stats should
258+
* still be accessible even after userspace has put its last
259+
* _direct_ reference to the VM.
260+
*/
261+
kvm_vm_free(vms[i]);
262+
255263
stats_test(vm_stats_fds);
256264
for (j = 0; j < max_vcpu; ++j)
257265
stats_test(vcpu_stats_fds[j]);
258266

259267
ksft_test_result_pass("vm%i\n", i);
260268
}
261269

262-
for (i = 0; i < max_vm; ++i)
263-
kvm_vm_free(vms[i]);
264270
free(vms);
265271
free(vcpus);
266272
free(vcpu_stats_fds);

0 commit comments

Comments
 (0)