On 6/20/22 4:54 AM, Yi Liu wrote:
No need to protect open_count with group_rwsem
Fixes: 421cfe6596f6 ("vfio: remove VFIO_GROUP_NOTIFY_SET_KVM")
cc: Matthew Rosato <mjrosato@xxxxxxxxxxxxx>
cc: Jason Gunthorpe <jgg@xxxxxxxxxx>
Signed-off-by: Yi Liu <yi.l.liu@xxxxxxxxx>
Seems pretty harmless as-is, but you are correct group_rwsem can be
dropped earlier; we do not protect the count with group_rwsem elsewhere
(see vfio_device_fops_release as a comparison, where we already drop
group_rwsem before open_count--)
FWIW, this change now also drops group_rswem before setting device->kvm
= NULL, but that's also OK (again, just like vfio_device_fops_release)
-- While the setting of device->kvm before open_device is technically
done while holding the group_rwsem, this is done to protect the group
kvm value we are copying from, and we should not be relying on that to
protect the contents of device->kvm; instead we assume this value will
not change until after the device is closed and while under the
dev_set->lock.
Reviewed-by: Matthew Rosato <mjrosato@xxxxxxxxxxxxx>
---
drivers/vfio/vfio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 61e71c1154be..44c3bf8023ac 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1146,10 +1146,10 @@ static struct file *vfio_device_open(struct vfio_device *device)
if (device->open_count == 1 && device->ops->close_device)
device->ops->close_device(device);
err_undo_count:
+ up_read(&device->group->group_rwsem);
device->open_count--;
if (device->open_count == 0 && device->kvm)
device->kvm = NULL;
- up_read(&device->group->group_rwsem);
mutex_unlock(&device->dev_set->lock);
module_put(device->dev->driver->owner);
err_unassign_container:
