Re: [PATCH] i386/kvm: fix a use-after-free when vcpu plug/unplug

On 5/12/2020 3:54 PM, Philippe Mathieu-Daudé wrote: > On 5/12/20 3:39 PM, Pan Nengyuan wrote: >> When we hotplug vcpus, cpu_update_state is added to vm_change_state_head >> in kvm_arch_init_vcpu(). But it forgot to delete in kvm_arch_destroy_vcpu() >> after >> unplug. Then it will cause a use-a

Re: [PATCH] i386/kvm: fix a use-after-free when vcpu plug/unplug

On 5/12/20 3:39 PM, Pan Nengyuan wrote: When we hotplug vcpus, cpu_update_state is added to vm_change_state_head in kvm_arch_init_vcpu(). But it forgot to delete in kvm_arch_destroy_vcpu() after unplug. Then it will cause a use-after-free access. This patch delete it in kvm_arch_destroy_vcpu() t

[PATCH] i386/kvm: fix a use-after-free when vcpu plug/unplug

When we hotplug vcpus, cpu_update_state is added to vm_change_state_head in kvm_arch_init_vcpu(). But it forgot to delete in kvm_arch_destroy_vcpu() after unplug. Then it will cause a use-after-free access. This patch delete it in kvm_arch_destroy_vcpu() to fix that. Reproducer: virsh setvcpu