irqchip/gic-v3-its: Lock VLPI map array before translating it

Obtaining the mapping ivformation for a VLPI should always be
done with the vlpi_lock for this device held. Otherwise, we
expose ourselves to races against a concurrent unmap.

Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20191108165805.3071-11-maz@kernel.org

diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index 61b8851..9c4f35e 100644 (file)
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -1492,12 +1492,14 @@ out:
 static int its_vlpi_get(struct irq_data *d, struct its_cmd_info *info)
 {
        struct its_device *its_dev = irq_data_get_irq_chip_data(d);
-       struct its_vlpi_map *map = get_vlpi_map(d);
+       struct its_vlpi_map *map;
        int ret = 0;
 
        mutex_lock(&its_dev->event_map.vlpi_lock);
 
-       if (!its_dev->event_map.vm || !map->vm) {
+       map = get_vlpi_map(d);
+
+       if (!its_dev->event_map.vm || !map) {
                ret = -EINVAL;
                goto out;
        }