Commit 7fdba001 authored by Anthony DeRossi's avatar Anthony DeRossi Committed by Alex Williamson

vfio: Fix container device registration life cycle

In vfio_device_open(), vfio_device_container_register() is always called
when open_count == 1. On error, vfio_device_container_unregister() is
only called when open_count == 1 and close_device is set. This leaks a
registration for devices without a close_device implementation.

In vfio_device_fops_release(), vfio_device_container_unregister() is
called unconditionally. This can cause a device to be unregistered
multiple times.

Treating container device registration/unregistration uniformly (always
when open_count == 1) fixes both issues.

Fixes: ce4b4657 ("vfio: Replace the DMA unmapping notifier with a callback")
Signed-off-by: default avatarAnthony DeRossi <ajderossi@gmail.com>
Reviewed-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Reviewed-by: default avatarKevin Tian <kevin.tian@intel.com>
Reviewed-by: default avatarYi Liu <yi.l.liu@intel.com>
Link: https://lore.kernel.org/r/20221110014027.28780-2-ajderossi@gmail.comSigned-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent f0c4d9fc
...@@ -801,8 +801,9 @@ static struct file *vfio_device_open(struct vfio_device *device) ...@@ -801,8 +801,9 @@ static struct file *vfio_device_open(struct vfio_device *device)
err_close_device: err_close_device:
mutex_lock(&device->dev_set->lock); mutex_lock(&device->dev_set->lock);
mutex_lock(&device->group->group_lock); mutex_lock(&device->group->group_lock);
if (device->open_count == 1 && device->ops->close_device) { if (device->open_count == 1) {
device->ops->close_device(device); if (device->ops->close_device)
device->ops->close_device(device);
vfio_device_container_unregister(device); vfio_device_container_unregister(device);
} }
...@@ -1017,10 +1018,12 @@ static int vfio_device_fops_release(struct inode *inode, struct file *filep) ...@@ -1017,10 +1018,12 @@ static int vfio_device_fops_release(struct inode *inode, struct file *filep)
mutex_lock(&device->dev_set->lock); mutex_lock(&device->dev_set->lock);
vfio_assert_device_open(device); vfio_assert_device_open(device);
mutex_lock(&device->group->group_lock); mutex_lock(&device->group->group_lock);
if (device->open_count == 1 && device->ops->close_device) if (device->open_count == 1) {
device->ops->close_device(device); if (device->ops->close_device)
device->ops->close_device(device);
vfio_device_container_unregister(device); vfio_device_container_unregister(device);
}
mutex_unlock(&device->group->group_lock); mutex_unlock(&device->group->group_lock);
device->open_count--; device->open_count--;
if (device->open_count == 0) if (device->open_count == 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment