diff options
| author | Heyi Guo <guoheyi@huawei.com> | 2019-08-27 07:26:50 -0400 |
|---|---|---|
| committer | Will Deacon <will@kernel.org> | 2019-08-27 11:19:56 -0400 |
| commit | d4a8061a7c5f7c27a2dc002ee4cb89b3e6637e44 (patch) | |
| tree | 4445c51f62bbf92da124109b3700a8020fd6dab2 /virt/kvm/arm | |
| parent | 2a1a3fa0f29270583f0e6e3100d609e09697add1 (diff) | |
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
If the ap_list is longer than 256 entries, merge_final() in list_sort()
will call the comparison callback with the same element twice, causing
a deadlock in vgic_irq_cmp().
Fix it by returning early when irqa == irqb.
Cc: stable@vger.kernel.org # 4.7+
Fixes: 8e4447457965 ("KVM: arm/arm64: vgic-new: Add IRQ sorting")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Heyi Guo <guoheyi@huawei.com>
[maz: massaged commit log and patch, added Fixes and Cc-stable]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'virt/kvm/arm')
| -rw-r--r-- | virt/kvm/arm/vgic/vgic.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c index 04786c8ec77e..ca5e6c6866a4 100644 --- a/virt/kvm/arm/vgic/vgic.c +++ b/virt/kvm/arm/vgic/vgic.c | |||
| @@ -254,6 +254,13 @@ static int vgic_irq_cmp(void *priv, struct list_head *a, struct list_head *b) | |||
| 254 | bool penda, pendb; | 254 | bool penda, pendb; |
| 255 | int ret; | 255 | int ret; |
| 256 | 256 | ||
| 257 | /* | ||
| 258 | * list_sort may call this function with the same element when | ||
| 259 | * the list is fairly long. | ||
| 260 | */ | ||
| 261 | if (unlikely(irqa == irqb)) | ||
| 262 | return 0; | ||
| 263 | |||
| 257 | raw_spin_lock(&irqa->irq_lock); | 264 | raw_spin_lock(&irqa->irq_lock); |
| 258 | raw_spin_lock_nested(&irqb->irq_lock, SINGLE_DEPTH_NESTING); | 265 | raw_spin_lock_nested(&irqb->irq_lock, SINGLE_DEPTH_NESTING); |
| 259 | 266 | ||