From: Greg Kurz Date: Thu, 25 Feb 2016 18:02:18 +0000 (+0100) Subject: spapr_pci: fix irq leak in RTAS ibm,change-msi X-Git-Tag: TizenStudio_2.0_p2.4~27^2~6^2~8^2~147^2~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ce266b75febdeee5b91ab630a7158ddff3e002fb;p=sdk%2Femulator%2Fqemu.git spapr_pci: fix irq leak in RTAS ibm,change-msi This RTAS call is used to request new interrupts or to free all interrupts. If the driver has already allocated interrupts and asks again for a non-null number of irqs, then the rtas_ibm_change_msi() function will silently leak the previous interrupts. It happens because xics_free() is only called when the driver releases all interrupts (!req_num case). Note that the previously allocated spapr_pci_msi is not leaked because the GHashTable is created with destroy functions and g_hash_table_insert() hence frees the old value. This patch makes sure any previously allocated MSIs are released when a new allocation succeeds. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index 19dd6db..9b2b546 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -305,9 +305,10 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPRMachineState *spapr, return; } + msi = (spapr_pci_msi *) g_hash_table_lookup(phb->msi, &config_addr); + /* Releasing MSIs */ if (!req_num) { - msi = (spapr_pci_msi *) g_hash_table_lookup(phb->msi, &config_addr); if (!msi) { trace_spapr_pci_msi("Releasing wrong config", config_addr); rtas_st(rets, 0, RTAS_OUT_HW_ERROR); @@ -360,6 +361,12 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPRMachineState *spapr, return; } + /* Release previous MSIs */ + if (msi) { + xics_free(spapr->icp, msi->first_irq, msi->num); + g_hash_table_remove(phb->msi, &config_addr); + } + /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */ spapr_msi_setmsg(pdev, SPAPR_PCI_MSI_WINDOW, ret_intr_type == RTAS_TYPE_MSIX, irq, req_num);