diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2010-08-13 08:52:56 +0100 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2010-08-13 08:52:56 +0100 |
| commit | 7427d79dafda4b33d52216ab7332062f4be495c8 (patch) | |
| tree | 5d6f61fa2a0a521f5fb624d572e86ff2ae9ddde4 | |
| parent | 0bd549240b0f6fed6ede3a349c11fa7adb14acc1 (diff) | |
| download | xen-7427d79dafda4b33d52216ab7332062f4be495c8.tar.gz xen-7427d79dafda4b33d52216ab7332062f4be495c8.tar.bz2 xen-7427d79dafda4b33d52216ab7332062f4be495c8.zip | |
msi: Avoid uninitialized msi descriptors
When __pci_enable_msix() returns early, output parameter (struct
msi_desc **desc) will not be initialized. On my machine, a Broadcom
BCM5709 nic has both MSI and MSIX capability blocks and when guest
tries to enable msix interrupts but __pci_enable_msix() returns early
for encountering a msi block, the whole system will crash for fatal
page fault immediately.
Signed-off-by: Wei Wang <wei.wang2@amd.com>
xen-unstable changeset: 786b163da49b
xen-unstable date: Wed Aug 11 17:01:02 2010 +0100
| -rw-r--r-- | xen/arch/x86/msi.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index ec7e5c9c06..89adbeb3f6 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -607,30 +607,35 @@ static int msix_capability_init(struct pci_dev *dev, * indicates the successful setup of an entry zero with the new MSI * irq or non-zero for otherwise. **/ + static int __pci_enable_msi(struct msi_info *msi, struct msi_desc **desc) { int status; struct pci_dev *pdev; + struct msi_desc *old_desc; ASSERT(spin_is_locked(&pcidevs_lock)); pdev = pci_get_pdev(msi->bus, msi->devfn); if ( !pdev ) return -ENODEV; - if ( find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI) ) + old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI); + if ( old_desc ) { dprintk(XENLOG_WARNING, "irq %d has already mapped to MSI on " "device %02x:%02x.%01x.\n", msi->irq, msi->bus, PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn)); + *desc = old_desc; return 0; } - if ( find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX) ) + old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX); + if ( old_desc ) { dprintk(XENLOG_WARNING, "MSI-X is already in use on " "device %02x:%02x.%01x\n", msi->bus, PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn)); - return 0; + pci_disable_msi(old_desc); } status = msi_capability_init(pdev, msi->irq, desc); @@ -679,6 +684,7 @@ static int __pci_enable_msix(struct msi_info *msi, struct msi_desc **desc) u16 control; u8 slot = PCI_SLOT(msi->devfn); u8 func = PCI_FUNC(msi->devfn); + struct msi_desc *old_desc; ASSERT(spin_is_locked(&pcidevs_lock)); pdev = pci_get_pdev(msi->bus, msi->devfn); @@ -691,20 +697,24 @@ static int __pci_enable_msix(struct msi_info *msi, struct msi_desc **desc) if (msi->entry_nr >= nr_entries) return -EINVAL; - if ( find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSIX) ) + old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSIX); + if ( old_desc ) { dprintk(XENLOG_WARNING, "irq %d has already mapped to MSIX on " "device %02x:%02x.%01x.\n", msi->irq, msi->bus, PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn)); + *desc = old_desc; return 0; } - if ( find_msi_entry(pdev, -1, PCI_CAP_ID_MSI) ) + old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSI); + if ( old_desc ) { dprintk(XENLOG_WARNING, "MSI is already in use on " "device %02x:%02x.%01x\n", msi->bus, PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn)); - return 0; + pci_disable_msi(old_desc); + } status = msix_capability_init(pdev, msi, desc); |