On Mon, 27 Jun 2022 00:41:19 -0700 Yi Liu <yi.l.liu@xxxxxxxxx> wrote: > We do not protect the vfio_device::open_count with group_rwsem elsewhere (see > vfio_device_fops_release as a comparison, where we already drop group_rwsem > before open_count--). So move the group_rwsem unlock prior to open_count--. > > This change now also drops group_rswem before setting device->kvm = NULL, > but that's also OK (again, just like vfio_device_fops_release). The setting > of device->kvm before open_device is technically done while holding the > group_rwsem, this is done to protect the group kvm value we are copying from, > and we should not be relying on that to protect the contents of device->kvm; > instead we assume this value will not change until after the device is closed > and while under the dev_set->lock. > > Cc: Matthew Rosato <mjrosato@xxxxxxxxxxxxx> > Cc: Jason Gunthorpe <jgg@xxxxxxxxxx> > Signed-off-by: Yi Liu <yi.l.liu@xxxxxxxxx> > Reviewed-by: Matthew Rosato <mjrosato@xxxxxxxxxxxxx> > --- > drivers/vfio/vfio.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > --- Applied to vfio next branch for v5.20. Thanks, Alex > v2: > - Remove Fixes tag (Kevin) > - Add detailed description in commit message (Matthew, Jason) > - Fix patch format (Jason) > - Add r-b from Matthew > > v1: > https://lore.kernel.org/kvm/20220620085459.200015-2-yi.l.liu@xxxxxxxxx/ > --- > > diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c > index 61e71c1154be..44c3bf8023ac 100644 > --- a/drivers/vfio/vfio.c > +++ b/drivers/vfio/vfio.c > @@ -1146,10 +1146,10 @@ static struct file *vfio_device_open(struct vfio_device *device) > if (device->open_count == 1 && device->ops->close_device) > device->ops->close_device(device); > err_undo_count: > + up_read(&device->group->group_rwsem); > device->open_count--; > if (device->open_count == 0 && device->kvm) > device->kvm = NULL; > - up_read(&device->group->group_rwsem); > mutex_unlock(&device->dev_set->lock); > module_put(device->dev->driver->owner); > err_unassign_container:
