From: Alex Williamson <alex.williamson@nvidia.com>
To: <alex@shazbot.org>
Cc: Alex Williamson <alex.williamson@nvidia.com>,
<yishaih@nvidia.com>, <kvm@vger.kernel.org>,
<guojinhui.liam@bytedance.com>, <linux-kernel@vger.kernel.org>,
<virtualization@lists.linux.dev>, <stable@vger.kernel.org>
Subject: [PATCH 1/4] vfio/virtio: Convert list_lock from spinlock to mutex
Date: Tue, 14 Apr 2026 14:06:19 -0600 [thread overview]
Message-ID: <20260414200625.3601509-2-alex.williamson@nvidia.com> (raw)
In-Reply-To: <20260414200625.3601509-1-alex.williamson@nvidia.com>
The list_lock spinlock with IRQ disabling was copied from the mlx5
vfio-pci variant driver, where it is justified by a hardirq async
command completion callback that accesses the protected lists. The
virtio driver has no such interrupt context usage; all list_lock
acquisitions occur in process context via file read/write operations
or state transitions under state_mutex.
Convert list_lock to a mutex to be consistent with peer vfio-pci
variant drivers (hisilicon, pds, qat, xe) which all use mutexes for
equivalent migration data protection. This also fixes a mismatched
spin_lock()/spin_unlock_irq() pair in virtiovf_read_device_context_chunk()
that could incorrectly enable interrupts.
Reported-by: Jinhui Guo <guojinhui.liam@bytedance.com>
Closes: https://lore.kernel.org/all/20260413073603.30538-1-guojinhui.liam@bytedance.com
Fixes: 0bbc82e4ec79 ("vfio/virtio: Add support for the basic live migration functionality")
Cc: stable@vger.kernel.org
Assisted-by: Claude:claude-opus-4-6
Signed-off-by: Alex Williamson <alex.williamson@nvidia.com>
---
drivers/vfio/pci/virtio/common.h | 2 +-
drivers/vfio/pci/virtio/migrate.c | 33 ++++++++++++++++---------------
2 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/drivers/vfio/pci/virtio/common.h b/drivers/vfio/pci/virtio/common.h
index cb3d5e57d3a3..3ccbd49e6abe 100644
--- a/drivers/vfio/pci/virtio/common.h
+++ b/drivers/vfio/pci/virtio/common.h
@@ -68,7 +68,7 @@ struct virtiovf_migration_file {
enum virtiovf_migf_state state;
enum virtiovf_load_state load_state;
/* synchronize access to the lists */
- spinlock_t list_lock;
+ struct mutex list_lock;
struct list_head buf_list;
struct list_head avail_list;
struct virtiovf_data_buffer *buf;
diff --git a/drivers/vfio/pci/virtio/migrate.c b/drivers/vfio/pci/virtio/migrate.c
index 35fa2d6ed611..15fcd936528b 100644
--- a/drivers/vfio/pci/virtio/migrate.c
+++ b/drivers/vfio/pci/virtio/migrate.c
@@ -142,9 +142,9 @@ virtiovf_alloc_data_buffer(struct virtiovf_migration_file *migf, size_t length)
static void virtiovf_put_data_buffer(struct virtiovf_data_buffer *buf)
{
- spin_lock_irq(&buf->migf->list_lock);
+ mutex_lock(&buf->migf->list_lock);
list_add_tail(&buf->buf_elm, &buf->migf->avail_list);
- spin_unlock_irq(&buf->migf->list_lock);
+ mutex_unlock(&buf->migf->list_lock);
}
static int
@@ -170,21 +170,21 @@ virtiovf_get_data_buffer(struct virtiovf_migration_file *migf, size_t length)
INIT_LIST_HEAD(&free_list);
- spin_lock_irq(&migf->list_lock);
+ mutex_lock(&migf->list_lock);
list_for_each_entry_safe(buf, temp_buf, &migf->avail_list, buf_elm) {
list_del_init(&buf->buf_elm);
if (buf->allocated_length >= length) {
- spin_unlock_irq(&migf->list_lock);
+ mutex_unlock(&migf->list_lock);
goto found;
}
/*
* Prevent holding redundant buffers. Put in a free
- * list and call at the end not under the spin lock
+ * list and call at the end not under the mutex
* (&migf->list_lock) to minimize its scope usage.
*/
list_add(&buf->buf_elm, &free_list);
}
- spin_unlock_irq(&migf->list_lock);
+ mutex_unlock(&migf->list_lock);
buf = virtiovf_alloc_data_buffer(migf, length);
found:
@@ -295,6 +295,7 @@ static int virtiovf_release_file(struct inode *inode, struct file *filp)
struct virtiovf_migration_file *migf = filp->private_data;
virtiovf_disable_fd(migf);
+ mutex_destroy(&migf->list_lock);
mutex_destroy(&migf->lock);
kfree(migf);
return 0;
@@ -308,7 +309,7 @@ virtiovf_get_data_buff_from_pos(struct virtiovf_migration_file *migf,
bool found = false;
*end_of_data = false;
- spin_lock_irq(&migf->list_lock);
+ mutex_lock(&migf->list_lock);
if (list_empty(&migf->buf_list)) {
*end_of_data = true;
goto end;
@@ -329,7 +330,7 @@ virtiovf_get_data_buff_from_pos(struct virtiovf_migration_file *migf,
migf->state = VIRTIOVF_MIGF_STATE_ERROR;
end:
- spin_unlock_irq(&migf->list_lock);
+ mutex_unlock(&migf->list_lock);
return found ? buf : NULL;
}
@@ -369,10 +370,10 @@ static ssize_t virtiovf_buf_read(struct virtiovf_data_buffer *vhca_buf,
}
if (*pos >= vhca_buf->start_pos + vhca_buf->length) {
- spin_lock_irq(&vhca_buf->migf->list_lock);
+ mutex_lock(&vhca_buf->migf->list_lock);
list_del_init(&vhca_buf->buf_elm);
list_add_tail(&vhca_buf->buf_elm, &vhca_buf->migf->avail_list);
- spin_unlock_irq(&vhca_buf->migf->list_lock);
+ mutex_unlock(&vhca_buf->migf->list_lock);
}
return done;
@@ -554,9 +555,9 @@ virtiovf_add_buf_header(struct virtiovf_data_buffer *header_buf,
header_buf->length = sizeof(header);
header_buf->start_pos = header_buf->migf->max_pos;
migf->max_pos += header_buf->length;
- spin_lock_irq(&migf->list_lock);
+ mutex_lock(&migf->list_lock);
list_add_tail(&header_buf->buf_elm, &migf->buf_list);
- spin_unlock_irq(&migf->list_lock);
+ mutex_unlock(&migf->list_lock);
return 0;
}
@@ -621,9 +622,9 @@ virtiovf_read_device_context_chunk(struct virtiovf_migration_file *migf,
buf->start_pos = buf->migf->max_pos;
migf->max_pos += buf->length;
- spin_lock(&migf->list_lock);
+ mutex_lock(&migf->list_lock);
list_add_tail(&buf->buf_elm, &migf->buf_list);
- spin_unlock_irq(&migf->list_lock);
+ mutex_unlock(&migf->list_lock);
return 0;
out_header:
@@ -692,7 +693,7 @@ virtiovf_pci_save_device_data(struct virtiovf_pci_core_device *virtvdev,
mutex_init(&migf->lock);
INIT_LIST_HEAD(&migf->buf_list);
INIT_LIST_HEAD(&migf->avail_list);
- spin_lock_init(&migf->list_lock);
+ mutex_init(&migf->list_lock);
migf->virtvdev = virtvdev;
lockdep_assert_held(&virtvdev->state_mutex);
@@ -1082,7 +1083,7 @@ virtiovf_pci_resume_device_data(struct virtiovf_pci_core_device *virtvdev)
mutex_init(&migf->lock);
INIT_LIST_HEAD(&migf->buf_list);
INIT_LIST_HEAD(&migf->avail_list);
- spin_lock_init(&migf->list_lock);
+ mutex_init(&migf->list_lock);
buf = virtiovf_alloc_data_buffer(migf, VIRTIOVF_TARGET_INITIAL_BUF_SIZE);
if (IS_ERR(buf)) {
--
2.51.0
next prev parent reply other threads:[~2026-04-14 20:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 20:06 [PATCH 0/4] vfio/virtio: Fix list_lock type and modernize locking Alex Williamson
2026-04-14 20:06 ` Alex Williamson [this message]
2026-04-14 20:06 ` [PATCH 2/4] vfio/virtio: Use guard() for list_lock where applicable Alex Williamson
2026-04-14 20:06 ` [PATCH 3/4] vfio/virtio: Use guard() for migf->lock " Alex Williamson
2026-04-14 20:06 ` [PATCH 4/4] vfio/virtio: Use guard() for bar_mutex in legacy I/O Alex Williamson
2026-04-15 15:12 ` [PATCH 0/4] vfio/virtio: Fix list_lock type and modernize locking Yishai Hadas
2026-04-15 15:39 ` Alex Williamson
2026-04-15 17:23 ` Yishai Hadas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260414200625.3601509-2-alex.williamson@nvidia.com \
--to=alex.williamson@nvidia.com \
--cc=alex@shazbot.org \
--cc=guojinhui.liam@bytedance.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux.dev \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox