The vfio_ap_mdev_request function in drivers/s390/crypto/vfio_ap_ops.c accesses fields of an ap_matrix_mdev object without ensuring that the object is accessed by only one thread at a time. This patch adds the lock necessary to secure access to the ap_matrix_mdev object.
Fixes: 2e3d8d71e285 ("s390/vfio-ap: wire in the vfio_device_ops request callback") Signed-off-by: Anthony Krowiak akrowiak@linux.ibm.com Cc: stable@vger.kernel.org --- drivers/s390/crypto/vfio_ap_ops.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index a52c2690933f..a2784d3357d9 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -2045,6 +2045,7 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count) struct ap_matrix_mdev *matrix_mdev;
matrix_mdev = container_of(vdev, struct ap_matrix_mdev, vdev); + mutex_lock(&matrix_dev->mdevs_lock);
if (matrix_mdev->req_trigger) { if (!(count % 10)) @@ -2057,6 +2058,8 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count) dev_notice(dev, "No device request registered, blocked until released by user\n"); } + + mutex_unlock(&matrix_dev->mdevs_lock); }
static int vfio_ap_mdev_get_device_info(unsigned long arg)