KVM: Take missing slots_lock for kvm_io_bus_unregister_dev()
In KVM_CREATE_IRQCHIP, kvm_io_bus_unregister_dev() is called without taking slots_lock in the error handling path. Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp> Signed-off-by: Avi Kivity <avi@redhat.com>
This commit is contained in:
parent
a355c85c5f
commit
175504cdbf
2 changed files with 6 additions and 0 deletions
|
@ -951,7 +951,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
|
|||
goto out;
|
||||
r = kvm_setup_default_irq_routing(kvm);
|
||||
if (r) {
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
kvm_ioapic_destroy(kvm);
|
||||
mutex_unlock(&kvm->slots_lock);
|
||||
goto out;
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -3309,8 +3309,10 @@ long kvm_arch_vm_ioctl(struct file *filp,
|
|||
if (vpic) {
|
||||
r = kvm_ioapic_init(kvm);
|
||||
if (r) {
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
|
||||
&vpic->dev);
|
||||
mutex_unlock(&kvm->slots_lock);
|
||||
kfree(vpic);
|
||||
goto create_irqchip_unlock;
|
||||
}
|
||||
|
@ -3321,10 +3323,12 @@ long kvm_arch_vm_ioctl(struct file *filp,
|
|||
smp_wmb();
|
||||
r = kvm_setup_default_irq_routing(kvm);
|
||||
if (r) {
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
mutex_lock(&kvm->irq_lock);
|
||||
kvm_ioapic_destroy(kvm);
|
||||
kvm_destroy_pic(kvm);
|
||||
mutex_unlock(&kvm->irq_lock);
|
||||
mutex_unlock(&kvm->slots_lock);
|
||||
}
|
||||
create_irqchip_unlock:
|
||||
mutex_unlock(&kvm->lock);
|
||||
|
|
Loading…
Reference in a new issue