From nobody Sun May 24 19:33:40 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7AB83563E8 for ; Fri, 22 May 2026 17:15:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470141; cv=none; b=czuXZUIuCe7qSRAJtALUkDWabV6fqoK7nveuBC2cSwzbowUG03d6dHS8eunpBeoYwuor8P3mV2MbjFZYK9Ut1bTllcjLnrlf7Bc8ecewiwdKEU1qmlzIiP2ED2LBiC1bggL1ZefPvLWuwLq+5h5uPdbIPnU+ivFnETl2aqo6iKI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470141; c=relaxed/simple; bh=+xKgZzyUK7L4enk+f686xiGu/mIaJe/sWvbZiM2YJpM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hYUaWDSJRpxzBO3batGD0wRUxA5t2iW3RzFfQmRpk51FZm/qQFkbKs471m0Xgz+0wtBrOoWWPW/vS7kl/CUs2uDHJgUiI2Vp0JYWmcAat1a9anMcTfRhYsjlzCrdLeZX1JxFEdw+j7eQDRAsJSqPsqMh/VOZH7PmNS6HHUY88Ek= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XreQpZk+; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XreQpZk+" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2b4678c6171so80671195ad.1 for ; Fri, 22 May 2026 10:15:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1779470139; x=1780074939; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=DZezRcOufIzkcomJGqxeup6LSZ1A0OirRYwLm0URqEc=; b=XreQpZk+ciKvN5K1ahgn89OYTlMJtvL3zwxpOjxoaD4gK9jueujJi7nUJEklLN+Cf4 uhiz3S6Tw0Z5FM98McAXIeLa0SWezdKgl0lXEXdJiEQI5JgV75045w/FmUD2fV7eViWU 0Ns1Bc1ebAQ/npyuO8LRVMOI6wFqxHV5R3qeZNmCP560OH+E9aQi7fsQk1mYpUwrZKXd b4e+EZ0fvkhLfXOsl0c7a72V+9I/AEBK6wYAn+5FMlAAmQPzisA+Nv4KMtxdNDpgj9AH 7UM13qDW83EO9LqojSaFfGaHQgu5qUklX/1sSCE6w3XIg20CfrTRdeu/w84K87YvEAgU hnuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779470139; x=1780074939; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DZezRcOufIzkcomJGqxeup6LSZ1A0OirRYwLm0URqEc=; b=ru9C72IlGVVvLmfsInQKEdPUf2P00OSguTo+Fde19J5LWGcpZbZR1hz+U9bIwJ6LSH huGj+E0tnRIqSoHn7Gu+WMjsLi6Zjo3JClckhj4DWg3FscsWwySfwCvXZ2/AvE67hiCw Ys2oKnQYoCssZriSFymVU8IolJYkKqJ5MkhnD2kREhLxFJUM6IwI3863dYxUSURchqi6 wEjgze4j0gLvXbqK6JW3+8hPdNWUm2JmFjj+FMS9Axz56Rxa5bpnFp+mUjBGNa+aEv/V bljtAaLIPJwPdpSZKyjWHIp9ISANwpgCdWg+wneutMafqgL/u/y4wGRyiID8IE9ZJHZn Kwww== X-Forwarded-Encrypted: i=1; AFNElJ+WRIMm1OoSCZgkKbgL96gjlmaiA+Hbb1zvrSS79TKFjgy0imSVNy/UtXoYMIMfAo2Eb1yDh9fza5iwBnQ=@vger.kernel.org X-Gm-Message-State: AOJu0YwqeZNMbp02PQWkiq9kpR0nFa+hT8YHJRS74R7SoPrzcw7zfsLI Epr4BOpJkAdhz9bWzr7eGWesNXTLarcP1DxFyPM0blliURQDIiJEAlYTlBm1RBC796AgcoTINZs 813xHYQ== X-Received: from pldw18.prod.google.com ([2002:a17:902:ca12:b0:2be:22cf:75b2]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:cf08:b0:2b7:aa20:3c61 with SMTP id d9443c01a7336-2beb083ee1fmr45532905ad.33.1779470138760; Fri, 22 May 2026 10:15:38 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 22 May 2026 10:15:34 -0700 In-Reply-To: <20260522171535.3525890-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260522171535.3525890-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.794.g4f17f83d09-goog Message-ID: <20260522171535.3525890-2-seanjc@google.com> Subject: [PATCH 1/2] KVM: selftests: Cast guest_memfd fd to a signed int when checking for >= 0 From: Sean Christopherson To: Paolo Bonzini , Shuah Khan Cc: kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Bibo Mao , Sean Christopherson , Fuad Tabba , Ackerley Tng Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When conditionally closing a memory region's guest_memfd file descriptor, cast the field to a signed it so that negative values are correctly detected. Because selftests reuse "struct kvm_userspace_memory_region2" instead of providing custom storage, they pick up the kernel uAPI's __u32 definition of the file descriptor, not the more common "int" definition, e.g. that's used for userspace_mem_region.fd. Fixes: bb2968ad6c33 ("KVM: selftests: Add support for creating private mems= lots") Reported-by: Bibo Mao Closes: https://lore.kernel.org/all/20260508015013.4108345-1-maobibo@loongs= on.cn Signed-off-by: Sean Christopherson Reviewed-by: Ackerley Tng --- tools/testing/selftests/kvm/lib/kvm_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index e08967ef7b7b..4ad015c6c44f 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -817,7 +817,7 @@ static void __vm_mem_region_delete(struct kvm_vm *vm, kvm_munmap(region->mmap_alias, region->mmap_size); close(region->fd); } - if (region->region.guest_memfd >=3D 0) + if ((int)region->region.guest_memfd >=3D 0) close(region->region.guest_memfd); =20 free(region); --=20 2.54.0.794.g4f17f83d09-goog From nobody Sun May 24 19:33:40 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9E4635E956 for ; Fri, 22 May 2026 17:15:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470142; cv=none; b=pl63LNfT9kVvzk0CjqXIqg8UKUTL085pesDCqrxz4c5/EWjfMe8jGiS0EVUNJgJfHNTZ/9jSFkBDVT/uHVc8dXRqDWv0ixq+Rl2HzFZ4TtyIeacXoAMW0VwEBX4PF/FQZsVy4ai3cpu4JserMWyOU5/2n+ij++jGeVxgAud9zpU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470142; c=relaxed/simple; bh=e5dyY8YqRqEPKI0nAbjYOFkB0DKyfX93SO1m/kNHFx8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=gcasjsQ4YtIZhWEtVVfTH6faDkeQxAy+Sad//Yo9VggN7eq9gCFhtX7OKOt+jpCFqRy3kg1J0v9BswpWp93Ye96RNrHFzt2CoFSGokyfxcdXriiOAahfNswzHgLqX+SqBN3lkNgT+E/0YrVUTUaMW1/n1JvKR4q+D6NHHxNF7KA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vp89xAib; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vp89xAib" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c8292a9605aso3706043a12.0 for ; Fri, 22 May 2026 10:15:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1779470140; x=1780074940; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=YtCRiPb6Iavp2sFC8pmBGncPk6YakRaW7R43mFkUN8o=; b=vp89xAibGhZAquJePq+ZrxS5olItGF0w8WdjHIoXuqb76QtY4p3DOZNp/WSRIJcvJl n5yYrIAXuChdRKGgncUDTiRVoVEPdCAAQHMZe73L2ExFab4+zMa8sqO5twWZ+545DqAX SciEK1/lY3aysC2pyn4LWEfm0pZVd5BrbhYVjIF1a4K0lgnIztXT3FfuHROo8xWbI+G7 eXp5i1aKycqQB8GxplMLmBkzzn7KWKUuZakQwWArOp9YX+DO23WDNnEEdWFNAhgW7CyN 0WjTUCxbVhNNL8lQfmyFEoAi21Db0zST4SQhvG6FHr+aNlDd7F5NCxCHtBRofpmOpObA Y9bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779470140; x=1780074940; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YtCRiPb6Iavp2sFC8pmBGncPk6YakRaW7R43mFkUN8o=; b=KfedXht9rVtYhd9SwjdWQq2RD3drIehVc+LAWE/reZW5pk3jMSSiYPP68uyja+GW8S 7yf0Y/Cm6xhYscWv3Un+Syqv9FUYmqgo+kpAFKHPYULhC0fQgWZqGJ7cfNZFcAOGzfWK VOAR5ROLPkQMdrCA3DoY6EAfteG4fa2FDjr1UH+8HPU6mIWOUFJR5oJ5T687nFOTy+Cr jjIgPG4JB5jJfmqG/7qhnWvl/vTWSuuXgVXeruh/QuQycjLiZSrF4j+3nzt6awFkkhr+ PoJVwG7HOwwjFQH7iV08yyUQYnsnHzaiftKDpwKX5rXthYU/G6MQhYKMDgz5QXmoNao4 WMgg== X-Forwarded-Encrypted: i=1; AFNElJ/u0JOXzaHOJ3mpK2ZUvUac3ScKU4T97t1Yq4RkbE/sHgmQqbg3Os/T8T2PGTCfwRAb8N1FvZWSkNDgGmA=@vger.kernel.org X-Gm-Message-State: AOJu0Yz0Mfq9qoYhrK+qqjiTsO19guZvbDWrkC9JkO1tdc2ZotNVnRzI fSg1JdpDB9kLq9Vdmjrb8rZ911LizLAPNWOFG9X75mXsT8bGEryELb97rzoOhdmDMksoeJ0tiRA hciCVnw== X-Received: from pfbbk23.prod.google.com ([2002:aa7:8317:0:b0:82f:4abd:a354]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:4fc1:b0:82c:9126:320c with SMTP id d2e1a72fcca58-8415f0e6355mr4747837b3a.3.1779470139880; Fri, 22 May 2026 10:15:39 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 22 May 2026 10:15:35 -0700 In-Reply-To: <20260522171535.3525890-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260522171535.3525890-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.794.g4f17f83d09-goog Message-ID: <20260522171535.3525890-3-seanjc@google.com> Subject: [PATCH 2/2] KVM: selftests: Add and use kvm_free_fd() to harden against fd goofs From: Sean Christopherson To: Paolo Bonzini , Shuah Khan Cc: kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Bibo Mao , Sean Christopherson , Fuad Tabba , Ackerley Tng Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a kvm_free_fd() macro to close and invalidate a file descriptor, and use it through the core infrastructure to harden against goofs where a selftest attempts to reuse a closed file descriptor. Cc: Bibo Mao Cc: Fuad Tabba Cc: Ackerley Tng Signed-off-by: Sean Christopherson Reviewed-by: Ackerley Tng --- .../selftests/kvm/include/kvm_syscalls.h | 6 +++++ tools/testing/selftests/kvm/lib/kvm_util.c | 23 +++++++++---------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_syscalls.h b/tools/tes= ting/selftests/kvm/include/kvm_syscalls.h index 067a4c9cf452..6cb3bed29b81 100644 --- a/tools/testing/selftests/kvm/include/kvm_syscalls.h +++ b/tools/testing/selftests/kvm/include/kvm_syscalls.h @@ -89,4 +89,10 @@ __KVM_SYSCALL_DEFINE(fallocate, 4, int, fd, int, mode, l= off_t, offset, loff_t, l __KVM_SYSCALL_DEFINE(ftruncate, 2, unsigned int, fd, off_t, length); __KVM_SYSCALL_DEFINE(madvise, 3, void *, addr, size_t, length, int, advice= ); =20 +#define kvm_free_fd(fd) \ +do { \ + kvm_close(fd); \ + (fd) =3D -1; \ +} while (0) + #endif /* SELFTEST_KVM_SYSCALLS_H */ diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 4ad015c6c44f..195f3fdae1e3 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -77,7 +77,8 @@ static ssize_t get_module_param(const char *module_name, = const char *param, int fd, r; =20 /* Verify KVM is loaded, to provide a more helpful SKIP message. */ - close(open_kvm_dev_path_or_exit()); + fd =3D open_kvm_dev_path_or_exit(); + kvm_free_fd(fd); =20 r =3D snprintf(path, path_size, "/sys/module/%s/parameters/%s", module_name, param); @@ -90,8 +91,7 @@ static ssize_t get_module_param(const char *module_name, = const char *param, TEST_ASSERT(bytes_read > 0, "read(%s) returned %ld, wanted %ld bytes", path, bytes_read, buffer_size); =20 - r =3D close(fd); - TEST_ASSERT(!r, "close(%s) failed", path); + kvm_free_fd(fd); return bytes_read; } =20 @@ -160,7 +160,7 @@ unsigned int kvm_check_cap(long cap) ret =3D __kvm_ioctl(kvm_fd, KVM_CHECK_EXTENSION, (void *)cap); TEST_ASSERT(ret >=3D 0, KVM_IOCTL_ERROR(KVM_CHECK_EXTENSION, ret)); =20 - close(kvm_fd); + kvm_free_fd(kvm_fd); =20 return (unsigned int)ret; } @@ -747,8 +747,7 @@ static void kvm_stats_release(struct kvm_binary_stats *= stats) stats->desc =3D NULL; } =20 - kvm_close(stats->fd); - stats->fd =3D -1; + kvm_free_fd(stats->fd); } =20 __weak void vcpu_arch_free(struct kvm_vcpu *vcpu) @@ -777,7 +776,7 @@ static void vm_vcpu_rm(struct kvm_vm *vm, struct kvm_vc= pu *vcpu) =20 kvm_munmap(vcpu->run, vcpu_mmap_sz()); =20 - kvm_close(vcpu->fd); + kvm_free_fd(vcpu->fd); kvm_stats_release(&vcpu->stats); =20 list_del(&vcpu->list); @@ -793,8 +792,8 @@ void kvm_vm_release(struct kvm_vm *vmp) list_for_each_entry_safe(vcpu, tmp, &vmp->vcpus, list) vm_vcpu_rm(vmp, vcpu); =20 - kvm_close(vmp->fd); - kvm_close(vmp->kvm_fd); + kvm_free_fd(vmp->fd); + kvm_free_fd(vmp->kvm_fd); =20 /* Free cached stats metadata and close FD */ kvm_stats_release(&vmp->stats); @@ -815,10 +814,10 @@ static void __vm_mem_region_delete(struct kvm_vm *vm, if (region->fd >=3D 0) { /* There's an extra map when using shared memory. */ kvm_munmap(region->mmap_alias, region->mmap_size); - close(region->fd); + kvm_free_fd(region->fd); } if ((int)region->region.guest_memfd >=3D 0) - close(region->region.guest_memfd); + kvm_free_fd(region->region.guest_memfd); =20 free(region); } @@ -1311,7 +1310,7 @@ static size_t vcpu_mmap_sz(void) TEST_ASSERT(ret >=3D 0 && ret >=3D sizeof(struct kvm_run), KVM_IOCTL_ERROR(KVM_GET_VCPU_MMAP_SIZE, ret)); =20 - close(dev_fd); + kvm_free_fd(dev_fd); =20 return ret; } --=20 2.54.0.794.g4f17f83d09-goog