drm/i915/gvt/kvmgt: dereference the pointer within lock
authorJike Song <jike.song@intel.com>
Fri, 16 Dec 2016 02:51:04 +0000 (10:51 +0800)
committerZhenyu Wang <zhenyuw@linux.intel.com>
Mon, 26 Dec 2016 01:45:29 +0000 (09:45 +0800)
Though there is no issue exposed yet, it's possible that another
thread releases the entry while our trying to deref it out of the
lock. Fit it by moving the dereference within lock.

Signed-off-by: Jike Song <jike.song@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
drivers/gpu/drm/i915/gvt/kvmgt.c

index 4dd6722a733933224c269825d6f12f53525bf9c7..4ba196796846d0b7ba990ac5364ad9e5bca3ed48 100644 (file)
@@ -114,12 +114,15 @@ out:
 static kvm_pfn_t gvt_cache_find(struct intel_vgpu *vgpu, gfn_t gfn)
 {
        struct gvt_dma *entry;
+       kvm_pfn_t pfn;
 
        mutex_lock(&vgpu->vdev.cache_lock);
+
        entry = __gvt_cache_find(vgpu, gfn);
-       mutex_unlock(&vgpu->vdev.cache_lock);
+       pfn = (entry == NULL) ? 0 : entry->pfn;
 
-       return entry == NULL ? 0 : entry->pfn;
+       mutex_unlock(&vgpu->vdev.cache_lock);
+       return pfn;
 }
 
 static void gvt_cache_add(struct intel_vgpu *vgpu, gfn_t gfn, kvm_pfn_t pfn)