KVM: Protect in-kernel pio using kvm->lock
authorEddie Dong <eddie.dong@intel.com>
Sun, 22 Jul 2007 07:36:31 +0000 (10:36 +0300)
committerAvi Kivity <avi@qumranet.com>
Sat, 13 Oct 2007 08:18:25 +0000 (10:18 +0200)
pio operation and IRQ_LINE kvm_vm_ioctl is not kvm->lock
protected.  Add lock to same with IOAPIC MMIO operations.

Signed-off-by: Yaozu (Eddie) Dong <eddie.dong@intel.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
drivers/kvm/kvm_main.c

index 4384364fc0c8a221db1b5a02733b01817b55bd82..5063b3addbbf62a2a24caa355d7528ed01020db3 100644 (file)
@@ -1790,6 +1790,7 @@ static void kernel_pio(struct kvm_io_device *pio_dev,
 {
        /* TODO: String I/O for in kernel device */
 
+       mutex_lock(&vcpu->kvm->lock);
        if (vcpu->pio.in)
                kvm_iodevice_read(pio_dev, vcpu->pio.port,
                                  vcpu->pio.size,
@@ -1798,6 +1799,7 @@ static void kernel_pio(struct kvm_io_device *pio_dev,
                kvm_iodevice_write(pio_dev, vcpu->pio.port,
                                   vcpu->pio.size,
                                   pd);
+       mutex_unlock(&vcpu->kvm->lock);
 }
 
 static void pio_string_write(struct kvm_io_device *pio_dev,
@@ -1807,12 +1809,14 @@ static void pio_string_write(struct kvm_io_device *pio_dev,
        void *pd = vcpu->pio_data;
        int i;
 
+       mutex_lock(&vcpu->kvm->lock);
        for (i = 0; i < io->cur_count; i++) {
                kvm_iodevice_write(pio_dev, io->port,
                                   io->size,
                                   pd);
                pd += io->size;
        }
+       mutex_unlock(&vcpu->kvm->lock);
 }
 
 int kvm_emulate_pio (struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
@@ -2818,6 +2822,7 @@ static long kvm_vm_ioctl(struct file *filp,
                if (copy_from_user(&irq_event, argp, sizeof irq_event))
                        goto out;
                if (irqchip_in_kernel(kvm)) {
+                       mutex_lock(&kvm->lock);
                        if (irq_event.irq < 16)
                                kvm_pic_set_irq(pic_irqchip(kvm),
                                        irq_event.irq,
@@ -2825,6 +2830,7 @@ static long kvm_vm_ioctl(struct file *filp,
                        kvm_ioapic_set_irq(kvm->vioapic,
                                        irq_event.irq,
                                        irq_event.level);
+                       mutex_unlock(&kvm->lock);
                        r = 0;
                }
                break;