From: Al Viro Date: Sat, 18 Aug 2012 01:29:06 +0000 (-0400) Subject: vfio: get rid of vfio_device_put()/vfio_group_get_device* races X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=90b1253e4139776e8257914ae9e2292d0de2fecc;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git vfio: get rid of vfio_device_put()/vfio_group_get_device* races we really need to make sure that dropping the last reference happens under the group->device_lock; otherwise a loop (under device_lock) might find vfio_device instance that is being freed right now, has already dropped the last reference and waits on device_lock to exclude the sucker from the list. Acked-by: Alex Williamson Signed-off-by: Al Viro --- diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c index 92b85676e6b..887ae43276b 100644 --- a/drivers/vfio/vfio.c +++ b/drivers/vfio/vfio.c @@ -396,7 +396,6 @@ static void vfio_device_release(struct kref *kref) struct vfio_device, kref); struct vfio_group *group = device->group; - mutex_lock(&group->device_lock); list_del(&device->group_next); mutex_unlock(&group->device_lock); @@ -412,7 +411,7 @@ static void vfio_device_release(struct kref *kref) static void vfio_device_put(struct vfio_device *device) { struct vfio_group *group = device->group; - kref_put(&device->kref, vfio_device_release); + kref_put_mutex(&device->kref, vfio_device_release, &group->device_lock); vfio_group_put(group); }