debuggers.hg

changeset 20890:ca0759a08057

x86: check if desc->action is NULL when unbinding guest pirq

Before igb PF driver is unloaded, dom0 doesn't unload igbvf driver
automatically. When igb drver is unloaded, it invokes the
PHYSDEVOP_manage_pci_remove hypercall to remove the VFs and xen frees
the msi irqs by pci_cleanup_msi() -> ... -> dynamic_irq_cleanup() and
sets the desc->action to NULL. igbvf driver knows the VF is
disappearing via a hook ndo_stop() in dev_close() and tries to unbind
the pirq and xen would crash as the desc->action is NULL now.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
author Keir Fraser <keir.fraser@citrix.com>
date Fri Jan 22 11:01:18 2010 +0000 (2010-01-22)
parents e1d61c5a008d
children 4978b4a4bbb6
files xen/arch/x86/irq.c
line diff
     1.1 --- a/xen/arch/x86/irq.c	Fri Jan 22 11:00:45 2010 +0000
     1.2 +++ b/xen/arch/x86/irq.c	Fri Jan 22 11:01:18 2010 +0000
     1.3 @@ -1229,6 +1229,13 @@ static irq_guest_action_t *__pirq_guest_
     1.4  
     1.5      BUG_ON(!(desc->status & IRQ_GUEST));
     1.6  
     1.7 +    if ( unlikely((desc->status | IRQ_DISABLED) && (desc->action == NULL)) )
     1.8 +    {
     1.9 +        dprintk(XENLOG_G_WARNING, "dom%d: pirq %d: desc->action is NULL!\n",
    1.10 +            d->domain_id, pirq);
    1.11 +        return NULL;
    1.12 +    }
    1.13 +
    1.14      action = (irq_guest_action_t *)desc->action;
    1.15      irq = desc - irq_desc;
    1.16  
    1.17 @@ -1353,6 +1360,13 @@ static int pirq_guest_force_unbind(struc
    1.18          goto out;
    1.19  
    1.20      action = (irq_guest_action_t *)desc->action;
    1.21 +    if ( unlikely((desc->status | IRQ_DISABLED) && (desc->action == NULL)) )
    1.22 +    {
    1.23 +        dprintk(XENLOG_G_WARNING, "dom%d: pirq %d: desc->action is NULL!\n",
    1.24 +            d->domain_id, irq);
    1.25 +        goto out;
    1.26 +    }
    1.27 +
    1.28      for ( i = 0; (i < action->nr_guests) && (action->guest[i] != d); i++ )
    1.29          continue;
    1.30      if ( i == action->nr_guests )