# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1281542462 -3600
# Node ID 786b163da49bbf18857b5484cce5e5aed33528b3
# Parent f45026ec8db5a18131acd924a5b99f3b0e480df1
msi: Avoid uninitialized msi descriptors
When __pci_enable_msix() returns early, output parameter (struct
msi_desc **desc) will not be initialized. On my machine, a Broadcom
BCM5709 nic has both MSI and MSIX capability blocks and when guest
tries to enable msix interrupts but __pci_enable_msix() returns early
for encountering a msi block, the whole system will crash for fatal
page fault immediately.
Signed-off-by: Wei Wang <wei.wang2@xxxxxxx>
---
xen/arch/x86/msi.c | 22 ++++++++++++++++------
1 files changed, 16 insertions(+), 6 deletions(-)
diff -r f45026ec8db5 -r 786b163da49b xen/arch/x86/msi.c
--- a/xen/arch/x86/msi.c Mon Aug 09 18:29:50 2010 +0100
+++ b/xen/arch/x86/msi.c Wed Aug 11 17:01:02 2010 +0100
@@ -607,30 +607,35 @@ static int msix_capability_init(struct p
* indicates the successful setup of an entry zero with the new MSI
* irq or non-zero for otherwise.
**/
+
static int __pci_enable_msi(struct msi_info *msi, struct msi_desc **desc)
{
int status;
struct pci_dev *pdev;
+ struct msi_desc *old_desc;
ASSERT(spin_is_locked(&pcidevs_lock));
pdev = pci_get_pdev(msi->bus, msi->devfn);
if ( !pdev )
return -ENODEV;
- if ( find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI) )
+ old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI);
+ if ( old_desc )
{
dprintk(XENLOG_WARNING, "irq %d has already mapped to MSI on "
"device %02x:%02x.%01x.\n", msi->irq, msi->bus,
PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
+ *desc = old_desc;
return 0;
}
- if ( find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX) )
+ old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX);
+ if ( old_desc )
{
dprintk(XENLOG_WARNING, "MSI-X is already in use on "
"device %02x:%02x.%01x\n", msi->bus,
PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
- return 0;
+ pci_disable_msi(old_desc);
}
status = msi_capability_init(pdev, msi->irq, desc);
@@ -679,6 +684,7 @@ static int __pci_enable_msix(struct msi_
u16 control;
u8 slot = PCI_SLOT(msi->devfn);
u8 func = PCI_FUNC(msi->devfn);
+ struct msi_desc *old_desc;
ASSERT(spin_is_locked(&pcidevs_lock));
pdev = pci_get_pdev(msi->bus, msi->devfn);
@@ -691,20 +697,24 @@ static int __pci_enable_msix(struct msi_
if (msi->entry_nr >= nr_entries)
return -EINVAL;
- if ( find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSIX) )
+ old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSIX);
+ if ( old_desc )
{
dprintk(XENLOG_WARNING, "irq %d has already mapped to MSIX on "
"device %02x:%02x.%01x.\n", msi->irq, msi->bus,
PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
+ *desc = old_desc;
return 0;
}
- if ( find_msi_entry(pdev, -1, PCI_CAP_ID_MSI) )
+ old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSI);
+ if ( old_desc )
{
dprintk(XENLOG_WARNING, "MSI is already in use on "
"device %02x:%02x.%01x\n", msi->bus,
PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
- return 0;
+ pci_disable_msi(old_desc);
+
}
status = msix_capability_init(pdev, msi, desc);
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home