vmw_balloon: release lock on error in vmballoon_reset()
diff mbox series

Message ID 20190211184545.GC22106@kadam
State Accepted
Commit d04071a5d6413b65f17f7bd6e2bdb22e22e4ace7
Headers show
Series
  • vmw_balloon: release lock on error in vmballoon_reset()
Related show

Commit Message

Dan Carpenter Feb. 11, 2019, 6:45 p.m. UTC
We added some locking to this function but forgot to drop the lock on
these two error paths.  This bug would lead to an immediate deadlock.

Fixes: c7b3690fb152 ("vmw_balloon: stats rework")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/misc/vmw_balloon.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Nadav Amit Feb. 11, 2019, 7:12 p.m. UTC | #1
> On Feb 11, 2019, at 10:45 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> 
> We added some locking to this function but forgot to drop the lock on
> these two error paths.  This bug would lead to an immediate deadlock.
> 
> Fixes: c7b3690fb152 ("vmw_balloon: stats rework")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Cc: stable@vger.kernel.org
Reviewed-by: Nadav Amit <namit@vmware.com>

--

Yes, I screwed up. Thanks for catching it!

I’ll go to check why my error injection tests didn’t catch it.

Patch
diff mbox series

diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c
index 6542a7711cac..ad807d5a3141 100644
--- a/drivers/misc/vmw_balloon.c
+++ b/drivers/misc/vmw_balloon.c
@@ -1330,7 +1330,7 @@  static void vmballoon_reset(struct vmballoon *b)
 	vmballoon_pop(b);
 
 	if (vmballoon_send_start(b, VMW_BALLOON_CAPABILITIES))
-		return;
+		goto unlock;
 
 	if ((b->capabilities & VMW_BALLOON_BATCHED_CMDS) != 0) {
 		if (vmballoon_init_batching(b)) {
@@ -1341,7 +1341,7 @@  static void vmballoon_reset(struct vmballoon *b)
 			 * The guest will retry in one second.
 			 */
 			vmballoon_send_start(b, 0);
-			return;
+			goto unlock;
 		}
 	} else if ((b->capabilities & VMW_BALLOON_BASIC_CMDS) != 0) {
 		vmballoon_deinit_batching(b);
@@ -1357,6 +1357,7 @@  static void vmballoon_reset(struct vmballoon *b)
 	if (vmballoon_send_guest_id(b))
 		pr_err("failed to send guest ID to the host\n");
 
+unlock:
 	up_write(&b->conf_sem);
 }