Re: [PATCH] xen/pirq: fix error path cleanup when binding MSIs
From: Shah, Amit
Date: Wed Feb 28 2018 - 04:23:02 EST
On Mi, 2018-02-28 at 09:19 +0000, Roger Pau Monne wrote:
> Current cleanup in the error path of xen_bind_pirq_msi_to_irq is
> wrong. First of all there's an off-by-one in the cleanup loop, which
> can lead to unbinding wrong IRQs.
>
> Secondly IRQs not bound won't be freed, thus leaking IRQ numbers.
>
> Note that there's no need to differentiate between bound and unbound
> IRQs when freeing them, __unbind_from_irq will deal with both of them
> correctly.
>
> Fixes: 4892c9b4ada9f9 ("xen: add support for MSI message groups")
> Reported-by: Hooman Mirhadi <mirhadih@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monnà <roger.pau@xxxxxxxxxx>
> ---
> Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
> Cc: Juergen Gross <jgross@xxxxxxxx>
> Cc: Amit Shah <aams@xxxxxxxxxx>
> CC: stable@xxxxxxxxxxxxxxx
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
> ---
> Âdrivers/xen/events/events_base.c | 4 ++--
> Â1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/xen/events/events_base.c
> b/drivers/xen/events/events_base.c
> index b241bfa529ce..159faf1269fb 100644
> --- a/drivers/xen/events/events_base.c
> +++ b/drivers/xen/events/events_base.c
> @@ -763,8 +763,8 @@ int xen_bind_pirq_msi_to_irq(struct pci_dev *dev,
> struct msi_desc *msidesc,
> Â mutex_unlock(&irq_mapping_update_lock);
> Â return irq;
> Âerror_irq:
> - for (; i >= 0; i--)
> - __unbind_from_irq(irq + i);
> + while (nvec--)
> + __unbind_from_irq(irq + nvec);
> Â mutex_unlock(&irq_mapping_update_lock);
> Â return ret;
> Â}
Reviewed-by: Amit Shah <aams@xxxxxxxxxx>
Amit
Amazon Development Center Germany GmbH
Berlin - Dresden - Aachen
main office: Krausenstr. 38, 10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B