From nobody Tue Dec  2 01:06:06 2025
Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com
 [209.85.167.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC18F2248BD
	for <linux-kernel@vger.kernel.org>; Sat, 22 Nov 2025 18:22:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.167.41
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1763835754; cv=none;
 b=qEo0IgFTgQvrOC5WmpMNt/aMxW+2TPWYucisXmgpypR1O+lk8+EgrlLuO+3dma+4wSoVFQp+epG1xq1/4D/GQewApvfZjmVzKhIQEmxzxEze8rF/r2Q48nSX0d2k0CU17Mro3JzLkEiUH7nboET7ymWg88IxBBNlpRy+d1kJnTc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1763835754; c=relaxed/simple;
	bh=YGk0sInQoRwlvLm5nXGCRJ+B78kNsM6fsPdMwFmJ4IM=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=IlcIZQ9VNL4XmwVMcuac/23tfnZkez77Vouvs9Ud5bystouk13KV28ORjg3nbbJL2BAkD+iKdoCaajBXART8lIXCvvCV7FOua4UHpIIcxfWmzdZcweDqHxPj/8MunSiZNAhBXhQLQ9C1e1Kpg2wiASLNLN+Roh8vp+/ArUhp+Y0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=IZrQlGur; arc=none smtp.client-ip=209.85.167.41
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="IZrQlGur"
Received: by mail-lf1-f41.google.com with SMTP id
 2adb3069b0e04-5942a631c2dso3699607e87.2
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Nov 2025 10:22:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1763835751; x=1764440551;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=7hCN4WavPSPWiT3qNDZFjE0X57zSyZrmreovqGsZngU=;
        b=IZrQlGur61lpBWbA3rCMrPB9pTsT3nvSTVTE8wEou6b95FTJlymlGXCb6gwhYtJP+X
         wf2HVaB4At0rWYvHZb4FdjEp0foRc1BqobaYIiOd4kNTzH6OzS3Z3DG4iJot94swfW9R
         TgFz9yzFXuMBZlAfP1PCWxSShMd6aAH45YtNJbO7TixCayErio6lfy0YiuxNcejIowMs
         I9aPPeYcI7u484MJcbCgStEL+IDa020rg5qrpTg9OQ0k6NTyTGf68oKzWbZxrkgwu2UE
         f1YzT0H1H2rS13pemjIfT5eyoW2HvSYNkA1cQEvDYLu4VNcDMiptM7HxZD1WnEnYrXgm
         VwpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1763835751; x=1764440551;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=7hCN4WavPSPWiT3qNDZFjE0X57zSyZrmreovqGsZngU=;
        b=ImFYX1HWnfHbnqrh726OzEH5zq7oD/xqpDBhQPvPKNw48+1IGOQ98OybBe8L3i6j0+
         OrXhKZ/9VFPj03NjKdjWTI/KpdndZ49gWRbzzfOoCDl7cg3waNFHYACmyQtI82oLe8hc
         zBFUP4DcrCbPLS9+MuRytBfDD6KmRssCmawmjLkOJlo24xiignKRMkDKtaMx8sDWQBPo
         ymT11hti4/0HmtRvWdYrlU50aezPeiGYpo9CIkJPMs/QI8t88efkkBMhKcX+UIxSz3Vu
         ppll/4kxyHzwLiQddeOYZHJxuLn3GQY3TpEg11j+qvdfQbASVy9hxJRIGGjTJjXXl5Yk
         36nQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCWFLGy4rPaY/UNjkNJMywriuY8uWUQuUPbGdLjO5OnXSA1H6gc3iLuydUcQukH5DPdBeLIg3q5aAWz0WBo=@vger.kernel.org
X-Gm-Message-State: AOJu0Yx1CqoACR95FpDvP5q3Qno84OM9EtEr/V/Xo1q5uHy4IeiCzS/5
	4V8eEnS/+hEQHbrBmtqKSeD59t+WUI7Mcng7z46xUeA/rMQeTY2T7wm9BizgVmerhtI=
X-Gm-Gg: ASbGncvQ4XR+1zhtWnUw8H832Rd5AqgoLiXmjkMJxJsxoRObS5/1rmbIsBBpy5xjisa
	ytBRknMUOUKmCXsPWm7AdG5Qzsw024SZZDZzcW/CFVJ401opy21pfIyJpIxSFKSqYHf/BEShsLh
	+KaOhIh+z+x0FICscVCC1D7qLxD5EhEglZycr2axb4pevFNLMWAFA38WFSQyX0hg4H/78UrSy0M
	96AcFH+/WWBr+C3cnKNK1nHBymU9x2pXjTjH3pWKV3NF5LuL45WYhU8qgros6QeeZY1q+3OCYGn
	uJw8aZufvNcgWDxRMVHJAWHL2URTAh45dBDuGvX1OET7sxU81CpGql27uo22GPwkom4u85b7Wns
	oUaxgGuXLNuSPEZSwsKmqqv/tSAtWeXLrVHfSvLtrMJcK3Lf+IUicr2Ti66s8Xt0JH5NQ+LtTZb
	438FI5aEweUfmcURkkvBulFkDkN7NjOT/Gokw1uicLdPV65kA9FDz507dm5Ds=
X-Google-Smtp-Source: 
 AGHT+IFrJbaWoXiUNFVmn8U241f5iBMxYlDbnrlCD3Uvb4VBwEIITBxugdozW/AaQWG3RbFDWbJ0Nw==
X-Received: by 2002:a05:6512:3ba2:b0:592:fc21:bbfc with SMTP id
 2adb3069b0e04-596a3ee0606mr2261401e87.44.1763835750429;
        Sat, 22 Nov 2025 10:22:30 -0800 (PST)
Received: from home-server.lan (89-109-48-215.dynamic.mts-nn.ru.
 [89.109.48.215])
        by smtp.gmail.com with ESMTPSA id
 2adb3069b0e04-5969dbbeea7sm2623441e87.65.2025.11.22.10.22.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 22 Nov 2025 10:22:29 -0800 (PST)
From: Alexey Simakov <bigalex934@gmail.com>
To: Hans de Goede <hansg@kernel.org>
Cc: Alexey Simakov <bigalex934@gmail.com>,
	Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Larry Finger <Larry.Finger@lwfinger.net>,
	linux-kernel@vger.kernel.org,
	lvc-project@linuxtesting.org
Subject: [PATCH] virt: vbox: fix possible circular timer scheduling
Date: Sat, 22 Nov 2025 21:21:43 +0300
Message-Id: <20251122182142.5179-1-bigalex934@gmail.com>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

According to timer.c documentation, callers of this function should ensure
the timer is not rearmed.  Meanwhile, the heartbeat callback may itself
reschedule the heartbeat timer which could lead to theoretically
indefinite loop iterations inside __timer_delete_sync(), due to a race
when the heartbeat callback is always running when it's attempted to be
detached.

Use timer_shutdown_sync() instead to avoid this issue.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 0ba002bc4393 ("virt: Add vboxguest driver for Virtual Box Guest inte=
gration"):
Signed-off-by: Alexey Simakov <bigalex934@gmail.com>
---
 drivers/virt/vboxguest/vboxguest_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxgue=
st/vboxguest_core.c
index b177a534b6a4..508ba711669d 100644
--- a/drivers/virt/vboxguest/vboxguest_core.c
+++ b/drivers/virt/vboxguest/vboxguest_core.c
@@ -495,7 +495,7 @@ static int vbg_heartbeat_init(struct vbg_dev *gdev)
  */
 static void vbg_heartbeat_exit(struct vbg_dev *gdev)
 {
-	timer_delete_sync(&gdev->heartbeat_timer);
+	timer_shutdown_sync(&gdev->heartbeat_timer);
 	vbg_heartbeat_host_config(gdev, false);
 	vbg_req_free(gdev->guest_heartbeat_req,
 		     sizeof(*gdev->guest_heartbeat_req));
--=20
2.34.1