vfio: get rid of vfio_device_put()/vfio_group_get_device* races
we really need to make sure that dropping the last reference happens under the group->device_lock; otherwise a loop (under device_lock) might find vfio_device instance that is being freed right now, has already dropped the last reference and waits on device_lock to exclude the sucker from the list. Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
6d2cd3ce81
commit
90b1253e41
|
@ -396,7 +396,6 @@ static void vfio_device_release(struct kref *kref)
|
|||
struct vfio_device, kref);
|
||||
struct vfio_group *group = device->group;
|
||||
|
||||
mutex_lock(&group->device_lock);
|
||||
list_del(&device->group_next);
|
||||
mutex_unlock(&group->device_lock);
|
||||
|
||||
|
@ -412,7 +411,7 @@ static void vfio_device_release(struct kref *kref)
|
|||
static void vfio_device_put(struct vfio_device *device)
|
||||
{
|
||||
struct vfio_group *group = device->group;
|
||||
kref_put(&device->kref, vfio_device_release);
|
||||
kref_put_mutex(&device->kref, vfio_device_release, &group->device_lock);
|
||||
vfio_group_put(group);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue