| Message ID | 20190211184545.GC22106@kadam |
|---|---|
| State | Accepted |
| Commit | d04071a5d6413b65f17f7bd6e2bdb22e22e4ace7 |
| Headers | show |
| Series |
|
| Related | show |
> On Feb 11, 2019, at 10:45 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote: > > We added some locking to this function but forgot to drop the lock on > these two error paths. This bug would lead to an immediate deadlock. > > Fixes: c7b3690fb152 ("vmw_balloon: stats rework") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable@vger.kernel.org Reviewed-by: Nadav Amit <namit@vmware.com> -- Yes, I screwed up. Thanks for catching it! I’ll go to check why my error injection tests didn’t catch it.
diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 6542a7711cac..ad807d5a3141 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -1330,7 +1330,7 @@ static void vmballoon_reset(struct vmballoon *b) vmballoon_pop(b); if (vmballoon_send_start(b, VMW_BALLOON_CAPABILITIES)) - return; + goto unlock; if ((b->capabilities & VMW_BALLOON_BATCHED_CMDS) != 0) { if (vmballoon_init_batching(b)) { @@ -1341,7 +1341,7 @@ static void vmballoon_reset(struct vmballoon *b) * The guest will retry in one second. */ vmballoon_send_start(b, 0); - return; + goto unlock; } } else if ((b->capabilities & VMW_BALLOON_BASIC_CMDS) != 0) { vmballoon_deinit_batching(b); @@ -1357,6 +1357,7 @@ static void vmballoon_reset(struct vmballoon *b) if (vmballoon_send_guest_id(b)) pr_err("failed to send guest ID to the host\n"); +unlock: up_write(&b->conf_sem); }
We added some locking to this function but forgot to drop the lock on these two error paths. This bug would lead to an immediate deadlock. Fixes: c7b3690fb152 ("vmw_balloon: stats rework") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/misc/vmw_balloon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)