drm/i915/gvt/kvmgt: prevent double-release of vgpu

The release action might be triggered from either user's closing mdev or the detaching event of kvm and vfio_group, so this patch introduces an atomic to prevent double-release. Signed-off-by: Jike Song <jike.song@intel.com> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>

drm/i915/gvt/kvmgt: prevent double-release of vgpu
The release action might be triggered from either user's closing mdev or the detaching event of kvm and vfio_group, so this patch introduces an atomic to prevent double-release. Signed-off-by: Jike Song <jike.song@intel.com> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
364fb6b7 · Jike Song · Zhenyu Wang · faaaa53b · 364fb6b7 · 364fb6b7
Commit 364fb6b7 authored Dec 16, 2016 by Jike Song Committed by Zhenyu Wang Dec 26, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 3 deletions

drivers/gpu/drm/i915/gvt/gvt.h drivers/gpu/drm/i915/gvt/gvt.h +1 -0

drivers/gpu/drm/i915/gvt/kvmgt.c drivers/gpu/drm/i915/gvt/kvmgt.c +21 -3

No files found.
--- a/drivers/gpu/drm/i915/gvt/gvt.h
+++ b/drivers/gpu/drm/i915/gvt/gvt.h
@@ -175,6 +175,7 @@ struct intel_vgpu {
 		struct notifier_block group_notifier;
 		struct kvm *kvm;
 		struct work_struct release_work;
+		atomic_t released;
 	} vdev;
 #endif
 };

--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
+++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
@@ -500,7 +500,16 @@ static int intel_vgpu_open(struct mdev_device *mdev)
 		goto undo_iommu;
 	}
-	return kvmgt_guest_init(mdev);
+	ret = kvmgt_guest_init(mdev);
+	if (ret)
+		goto undo_group;
+	atomic_set(&vgpu->vdev.released, 0);
+	return ret;
+undo_group:
+	vfio_unregister_notifier(&mdev->dev, VFIO_GROUP_NOTIFY,
+					&vgpu->vdev.group_notifier);
 undo_iommu:
 	vfio_unregister_notifier(&mdev->dev, VFIO_IOMMU_NOTIFY,
@@ -512,17 +521,26 @@ static int intel_vgpu_open(struct mdev_device *mdev)
 static void __intel_vgpu_release(struct intel_vgpu *vgpu)
 {
 	struct kvmgt_guest_info *info;
+	int ret;
 	if (!handle_valid(vgpu->handle))
 		return;
-	vfio_unregister_notifier(&vgpu->vdev.mdev->dev, VFIO_IOMMU_NOTIFY,
+	if (atomic_cmpxchg(&vgpu->vdev.released, 0, 1))
+		return;
+	ret = vfio_unregister_notifier(&vgpu->vdev.mdev->dev, VFIO_IOMMU_NOTIFY,
 					&vgpu->vdev.iommu_notifier);
-	vfio_unregister_notifier(&vgpu->vdev.mdev->dev, VFIO_GROUP_NOTIFY,
+	WARN(ret, "vfio_unregister_notifier for iommu failed: %d\n", ret);
+	ret = vfio_unregister_notifier(&vgpu->vdev.mdev->dev, VFIO_GROUP_NOTIFY,
 					&vgpu->vdev.group_notifier);
+	WARN(ret, "vfio_unregister_notifier for group failed: %d\n", ret);
 	info = (struct kvmgt_guest_info *)vgpu->handle;
 	kvmgt_guest_exit(info);
+	vgpu->vdev.kvm = NULL;
 	vgpu->handle = 0;
 }