@@ -2045,6 +2045,7 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count)
struct ap_matrix_mdev *matrix_mdev;
matrix_mdev = container_of(vdev, struct ap_matrix_mdev, vdev);
+ mutex_lock(&matrix_dev->mdevs_lock);
if (matrix_mdev->req_trigger) {
if (!(count % 10))
@@ -2057,6 +2058,8 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count)
dev_notice(dev,
"No device request registered, blocked until released by user\n");
}
+
+ mutex_unlock(&matrix_dev->mdevs_lock);
}
static int vfio_ap_mdev_get_device_info(unsigned long arg)
The vfio_ap_mdev_request function in drivers/s390/crypto/vfio_ap_ops.c accesses fields of an ap_matrix_mdev object without ensuring that the object is accessed by only one thread at a time. This patch adds the lock necessary to secure access to the ap_matrix_mdev object. Fixes: 2e3d8d71e285 ("s390/vfio-ap: wire in the vfio_device_ops request callback") Signed-off-by: Anthony Krowiak <akrowiak@linux.ibm.com> Cc: <stable@vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 3 +++ 1 file changed, 3 insertions(+)