aboutsummaryrefslogtreecommitdiffstats
path: root/virt
diff options
context:
space:
mode:
authorAlex Williamson <alex.williamson@redhat.com>2012-04-17 23:46:44 -0400
committerMarcelo Tosatti <mtosatti@redhat.com>2012-04-18 23:04:18 -0400
commit21a1416a1c945c5aeaeaf791b63c64926018eb77 (patch)
tree4a6ac6aae66648bba9de57902ec98dfa5ae9b98d /virt
parent2225fd56049643c1a7d645c0ce9d499d43c7974e (diff)
KVM: lock slots_lock around device assignment
As pointed out by Jason Baron, when assigning a device to a guest we first set the iommu domain pointer, which enables mapping and unmapping of memory slots to the iommu. This leaves a window where this path is enabled, but we haven't synchronized the iommu mappings to the existing memory slots. Thus a slot being removed at that point could send us down unexpected code paths removing non-existent pinnings and iommu mappings. Take the slots_lock around creating the iommu domain and initial mappings as well as around iommu teardown to avoid this race. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Diffstat (limited to 'virt')
-rw-r--r--virt/kvm/iommu.c23
1 files changed, 15 insertions, 8 deletions
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index fec1723de9b4..e9fff9830bf0 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -240,9 +240,13 @@ int kvm_iommu_map_guest(struct kvm *kvm)
240 return -ENODEV; 240 return -ENODEV;
241 } 241 }
242 242
243 mutex_lock(&kvm->slots_lock);
244
243 kvm->arch.iommu_domain = iommu_domain_alloc(&pci_bus_type); 245 kvm->arch.iommu_domain = iommu_domain_alloc(&pci_bus_type);
244 if (!kvm->arch.iommu_domain) 246 if (!kvm->arch.iommu_domain) {
245 return -ENOMEM; 247 r = -ENOMEM;
248 goto out_unlock;
249 }
246 250
247 if (!allow_unsafe_assigned_interrupts && 251 if (!allow_unsafe_assigned_interrupts &&
248 !iommu_domain_has_cap(kvm->arch.iommu_domain, 252 !iommu_domain_has_cap(kvm->arch.iommu_domain,
@@ -253,17 +257,16 @@ int kvm_iommu_map_guest(struct kvm *kvm)
253 " module option.\n", __func__); 257 " module option.\n", __func__);
254 iommu_domain_free(kvm->arch.iommu_domain); 258 iommu_domain_free(kvm->arch.iommu_domain);
255 kvm->arch.iommu_domain = NULL; 259 kvm->arch.iommu_domain = NULL;
256 return -EPERM; 260 r = -EPERM;
261 goto out_unlock;
257 } 262 }
258 263
259 r = kvm_iommu_map_memslots(kvm); 264 r = kvm_iommu_map_memslots(kvm);
260 if (r) 265 if (r)
261 goto out_unmap; 266 kvm_iommu_unmap_memslots(kvm);
262
263 return 0;
264 267
265out_unmap: 268out_unlock:
266 kvm_iommu_unmap_memslots(kvm); 269 mutex_unlock(&kvm->slots_lock);
267 return r; 270 return r;
268} 271}
269 272
@@ -340,7 +343,11 @@ int kvm_iommu_unmap_guest(struct kvm *kvm)
340 if (!domain) 343 if (!domain)
341 return 0; 344 return 0;
342 345
346 mutex_lock(&kvm->slots_lock);
343 kvm_iommu_unmap_memslots(kvm); 347 kvm_iommu_unmap_memslots(kvm);
348 kvm->arch.iommu_domain = NULL;
349 mutex_unlock(&kvm->slots_lock);
350
344 iommu_domain_free(domain); 351 iommu_domain_free(domain);
345 return 0; 352 return 0;
346} 353}