diff options
Diffstat (limited to '0045-pirq_cleanup_check-leaks.patch')
-rw-r--r-- | 0045-pirq_cleanup_check-leaks.patch | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/0045-pirq_cleanup_check-leaks.patch b/0045-pirq_cleanup_check-leaks.patch deleted file mode 100644 index dcf96c7..0000000 --- a/0045-pirq_cleanup_check-leaks.patch +++ /dev/null @@ -1,84 +0,0 @@ -From c9f50d2c5f29b630603e2b95f29e5b6e416a6187 Mon Sep 17 00:00:00 2001 -From: Jan Beulich <jbeulich@suse.com> -Date: Thu, 4 Jul 2024 14:11:57 +0200 -Subject: [PATCH 45/56] pirq_cleanup_check() leaks -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Its original introduction had two issues: For one the "common" part of -the checks (carried out in the macro) was inverted. And then after -removal from the radix tree the structure wasn't scheduled for freeing. -(All structures still left in the radix tree would be freed upon domain -destruction, though.) - -For the freeing to be safe even if it didn't use RCU (i.e. to avoid use- -after-free), re-arrange checks/operations in evtchn_close(), such that -the pointer wouldn't be used anymore after calling pirq_cleanup_check() -(noting that unmap_domain_pirq_emuirq() itself calls the function in the -success case). - -Fixes: c24536b636f2 ("replace d->nr_pirqs sized arrays with radix tree") -Fixes: 79858fee307c ("xen: fix hvm_domain_use_pirq's behavior") -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> -master commit: daa90dfea9175c07f13d1a2d901857b2dd14d080 -master date: 2024-07-02 08:35:56 +0200 ---- - xen/arch/x86/irq.c | 1 + - xen/common/event_channel.c | 11 ++++++++--- - xen/include/xen/irq.h | 2 +- - 3 files changed, 10 insertions(+), 4 deletions(-) - -diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c -index 290f8d26e7..00be3b88e8 100644 ---- a/xen/arch/x86/irq.c -+++ b/xen/arch/x86/irq.c -@@ -1413,6 +1413,7 @@ void (pirq_cleanup_check)(struct pirq *pirq, struct domain *d) - - if ( radix_tree_delete(&d->pirq_tree, pirq->pirq) != pirq ) - BUG(); -+ free_pirq_struct(pirq); - } - - /* Flush all ready EOIs from the top of this CPU's pending-EOI stack. */ -diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c -index 66f924a7b0..b1a6215c37 100644 ---- a/xen/common/event_channel.c -+++ b/xen/common/event_channel.c -@@ -705,11 +705,16 @@ int evtchn_close(struct domain *d1, int port1, bool guest) - if ( !is_hvm_domain(d1) ) - pirq_guest_unbind(d1, pirq); - pirq->evtchn = 0; -- pirq_cleanup_check(pirq, d1); - #ifdef CONFIG_X86 -- if ( is_hvm_domain(d1) && domain_pirq_to_irq(d1, pirq->pirq) > 0 ) -- unmap_domain_pirq_emuirq(d1, pirq->pirq); -+ if ( !is_hvm_domain(d1) || -+ domain_pirq_to_irq(d1, pirq->pirq) <= 0 || -+ unmap_domain_pirq_emuirq(d1, pirq->pirq) < 0 ) -+ /* -+ * The successful path of unmap_domain_pirq_emuirq() will have -+ * called pirq_cleanup_check() already. -+ */ - #endif -+ pirq_cleanup_check(pirq, d1); - } - unlink_pirq_port(chn1, d1->vcpu[chn1->notify_vcpu_id]); - break; -diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h -index 65083135e1..5dcd2d8f0c 100644 ---- a/xen/include/xen/irq.h -+++ b/xen/include/xen/irq.h -@@ -180,7 +180,7 @@ extern struct pirq *pirq_get_info(struct domain *d, int pirq); - void pirq_cleanup_check(struct pirq *pirq, struct domain *d); - - #define pirq_cleanup_check(pirq, d) \ -- ((pirq)->evtchn ? pirq_cleanup_check(pirq, d) : (void)0) -+ (!(pirq)->evtchn ? pirq_cleanup_check(pirq, d) : (void)0) - - extern void pirq_guest_eoi(struct pirq *pirq); - extern void desc_guest_eoi(struct irq_desc *desc, struct pirq *pirq); --- -2.45.2 - |