[PATCH v2] genirq/msi: Fix populating multiple interrupts

From: John Keeping
Date: Wed Sep 06 2017 - 05:36:09 EST


On allocating the interrupts routed via to a wire-to-MSI bridge, we
iterate over the MSI descriptors to build the hierarchy, but fail to use
the descriptor interrupt number, and instead use the base number,
generating the wrong IRQ domain mappings.

The fix is to use the MSI descriptor interrupt number when setting up
the interrupt instead of the base interrupt for the allocation range.

The only saving grace is that although the MSI descriptors are allocated
in bulk, the wired interrupts are only allocated one by one (so
desc->irq == virq) and the bug goes unnoticed.

Fixes: 2145ac9310b60 ("genirq/msi: Add msi_domain_populate_irqs")
Cc: stable@xxxxxxxxxxxxxxx #v4.5+
Signed-off-by: John Keeping <john@xxxxxxxxxxxx>
Reviewed-by: Marc Zyngier <marc.zyngier@xxxxxxx>
---

On Wed, 6 Sep 2017 09:52:43 +0100, Marc Zyngier wrote:
> On 05/09/17 18:12, John Keeping wrote:
> > Use the correct variable to set up each interrupt in turn rather than
> > configuring the first interrupt "nvec" times.
>
> Thanks for addressing this. I think this bug deserves a slightly better
> write-up. How about something like:

Much better, thanks. I've copied and pasted your suggestion for v2.

Changes in v2:
- Use Marc's text for the commit message
- Add Fixes, Cc, Reviewed-by tags

kernel/irq/msi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
index 48eadf416c24..3fa4bd59f569 100644
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -315,11 +315,12 @@ int msi_domain_populate_irqs(struct irq_domain *domain, struct device *dev,

ops->set_desc(arg, desc);
/* Assumes the domain mutex is held! */
- ret = irq_domain_alloc_irqs_hierarchy(domain, virq, 1, arg);
+ ret = irq_domain_alloc_irqs_hierarchy(domain, desc->irq, 1,
+ arg);
if (ret)
break;

- irq_set_msi_desc_off(virq, 0, desc);
+ irq_set_msi_desc_off(desc->irq, 0, desc);
}

if (ret) {
--
2.14.1