KVM: arm64: vgic: Hold config_lock while tearing down a CPU interface

Tearing down a vcpu CPU interface involves freeing the private interrupt array. If we don't hold the lock, we may race against another thread trying to configure it. Yeah, fuzzers do wonderful things... Taking the lock early solves this particular problem. Fixes: 03b3d00 ("KVM: arm64: vgic: Allocate private interrupts on demand") Reported-by: Alexander Potapenko <glider@google.com> Tested-by: Alexander Potapenko <glider@google.com> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20240808091546.3262111-1-maz@kernel.org Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
andy-shev · Aug 8, 2024 · 9eb1813 · 9eb1813
1 parent ad51845
commit 9eb1813
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/arch/arm64/kvm/vgic/vgic-init.c b/arch/arm64/kvm/vgic/vgic-init.c
@@ -438,14 +438,13 @@ void kvm_vgic_destroy(struct kvm *kvm)
  unsigned long i;
 
  mutex_lock(&kvm->slots_lock);
+ mutex_lock(&kvm->arch.config_lock);
 
  vgic_debug_destroy(kvm);
 
  kvm_for_each_vcpu(i, vcpu, kvm)
  __kvm_vgic_vcpu_destroy(vcpu);
 
- mutex_lock(&kvm->arch.config_lock);
-
  kvm_vgic_dist_destroy(kvm);
 
  mutex_unlock(&kvm->arch.config_lock);