diff options
| author | Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp> | 2010-12-15 11:41:37 -0500 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2011-01-12 04:30:55 -0500 |
| commit | 175504cdbfef6a0fde3bafb6c38b4929049ac8ea (patch) | |
| tree | f5d56514b496e2d186d429c0cd5570026cffd5be /arch/x86/kvm/x86.c | |
| parent | a355c85c5f137d93c4e9274c50e26c20f1ebc1c9 (diff) | |
KVM: Take missing slots_lock for kvm_io_bus_unregister_dev()
In KVM_CREATE_IRQCHIP, kvm_io_bus_unregister_dev() is called without taking
slots_lock in the error handling path.
Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'arch/x86/kvm/x86.c')
| -rw-r--r-- | arch/x86/kvm/x86.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index cbaea7dd5963..f569da8ff839 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c | |||
| @@ -3309,8 +3309,10 @@ long kvm_arch_vm_ioctl(struct file *filp, | |||
| 3309 | if (vpic) { | 3309 | if (vpic) { |
| 3310 | r = kvm_ioapic_init(kvm); | 3310 | r = kvm_ioapic_init(kvm); |
| 3311 | if (r) { | 3311 | if (r) { |
| 3312 | mutex_lock(&kvm->slots_lock); | ||
| 3312 | kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS, | 3313 | kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS, |
| 3313 | &vpic->dev); | 3314 | &vpic->dev); |
| 3315 | mutex_unlock(&kvm->slots_lock); | ||
| 3314 | kfree(vpic); | 3316 | kfree(vpic); |
| 3315 | goto create_irqchip_unlock; | 3317 | goto create_irqchip_unlock; |
| 3316 | } | 3318 | } |
| @@ -3321,10 +3323,12 @@ long kvm_arch_vm_ioctl(struct file *filp, | |||
| 3321 | smp_wmb(); | 3323 | smp_wmb(); |
| 3322 | r = kvm_setup_default_irq_routing(kvm); | 3324 | r = kvm_setup_default_irq_routing(kvm); |
| 3323 | if (r) { | 3325 | if (r) { |
| 3326 | mutex_lock(&kvm->slots_lock); | ||
| 3324 | mutex_lock(&kvm->irq_lock); | 3327 | mutex_lock(&kvm->irq_lock); |
| 3325 | kvm_ioapic_destroy(kvm); | 3328 | kvm_ioapic_destroy(kvm); |
| 3326 | kvm_destroy_pic(kvm); | 3329 | kvm_destroy_pic(kvm); |
| 3327 | mutex_unlock(&kvm->irq_lock); | 3330 | mutex_unlock(&kvm->irq_lock); |
| 3331 | mutex_unlock(&kvm->slots_lock); | ||
| 3328 | } | 3332 | } |
| 3329 | create_irqchip_unlock: | 3333 | create_irqchip_unlock: |
| 3330 | mutex_unlock(&kvm->lock); | 3334 | mutex_unlock(&kvm->lock); |