| commit | 8459f1d6ff621bff4ee7ac9363d7917fa4df4d46 | |
| author | Marc Zyngier <marc.zyngier@arm.com> | |
| Tue, 29 Jan 2019 10:02:33 +0000 (29 10:02 +0000) | ||
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| Tue, 12 Feb 2019 18:47:24 +0000 (12 19:47 +0100) | ||
| tree | 1625bb8da9f4914f9e0386c1d0dbb33d2155b86b | treesnapshot (tar.gz zip) |
| parent | ee73954d9a21791d496befcdd004be00415bceda | commitdiff |
irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
commit 9791ec7df0e7b4d80706ccea8f24b6542f6059e9 upstream.
On systems or VMs where multiple devices share a single DevID
(because they sit behind a PCI bridge, or because the HW is
broken in funky ways), we reuse the save its_device structure
in order to reflect this.
It turns out that there is a distinct lack of locking when looking
up the its_device, and two device being probed concurrently can result
in double allocations. That's obviously not nice.
A solution for this is to have a per-ITS mutex that serializes device
allocation.
A similar issue exists on the freeing side, which can run concurrently
with the allocation. On top of now taking the appropriate lock, we
also make sure that a shared device is never freed, as we have no way
to currently track the life cycle of such object.
Reported-by: Zheng Xiang <zhengxiang9@huawei.com>
Tested-by: Zheng Xiang <zhengxiang9@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9791ec7df0e7b4d80706ccea8f24b6542f6059e9 upstream.
On systems or VMs where multiple devices share a single DevID
(because they sit behind a PCI bridge, or because the HW is
broken in funky ways), we reuse the save its_device structure
in order to reflect this.
It turns out that there is a distinct lack of locking when looking
up the its_device, and two device being probed concurrently can result
in double allocations. That's obviously not nice.
A solution for this is to have a per-ITS mutex that serializes device
allocation.
A similar issue exists on the freeing side, which can run concurrently
with the allocation. On top of now taking the appropriate lock, we
also make sure that a shared device is never freed, as we have no way
to currently track the life cycle of such object.
Reported-by: Zheng Xiang <zhengxiang9@huawei.com>
Tested-by: Zheng Xiang <zhengxiang9@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| drivers/irqchip/irq-gic-v3-its.c | diffblobblamehistory |