plic__irq_trig() may call mutex_unlock(&s->irq_lock) without having acquired the lock first. In some condition, the function jumps to the done label and s->irq_lock is unlocked without lock first. Signed-off-by: jk.hong --- riscv/plic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/riscv/plic.c b/riscv/plic.c index 6bd13ac..a622005 100644 --- a/riscv/plic.c +++ b/riscv/plic.c @@ -217,7 +217,7 @@ static void plic__irq_trig(struct kvm *kvm, int irq, int level, bool edge) return; if (irq <= 0 || s->num_irq <= (u32)irq) - goto done; + return; mutex_lock(&s->irq_lock); @@ -261,7 +261,6 @@ static void plic__irq_trig(struct kvm *kvm, int irq, int level, bool edge) break; } -done: mutex_unlock(&s->irq_lock); } -- 2.48.1