On Wed, Jul 16, 2025 at 09:52:05PM +0200, Antonio Quartulli wrote:
> Hi Nam,
Hi Antonio,
> On 26/06/2025 16:48, Nam Cao wrote:
> [...]
> > -static void vmd_msi_free(struct irq_domain *domain,
> > - struct msi_domain_info *info, unsigned int virq)
> > +static void vmd_msi_free(struct irq_domain *domain, unsigned int virq, unsigned int nr_irqs)
> > {
> > struct vmd_irq *vmdirq = irq_get_chip_data(virq);
> > - synchronize_srcu(&vmdirq->irq->srcu);
> > + for (int i = 0; i < nr_irqs; ++i) {
> > + synchronize_srcu(&vmdirq->irq->srcu);
> > - /* XXX: Potential optimization to rebalance */
> > - scoped_guard(raw_spinlock_irq, &list_lock)
> > - vmdirq->irq->count--;
> > + /* XXX: Potential optimization to rebalance */
> > + scoped_guard(raw_spinlock_irq, &list_lock)
> > + vmdirq->irq->count--;
> > - kfree(vmdirq);
> > + kfree(vmdirq);
> > + }
>
> By introducing a for loop in this function, you are re-using vmdirq after
> free'ing it.
>
> I can't send a patch because I am not faimliar with this API and I don't
> know how to fix it.
>
> However, the issue was reported today by Coverity.
>
> Any idea? :-)
Thanks for the report. That was indeed a mistake from my side.
I hope PCI maintainers don't mind squashing the below diff.
Sorry for the troubles so far,
Nam
diff --git a/drivers/pci/controller/vmd.c b/drivers/pci/controller/vmd.c
index 48a6096cbbc0..50f0c91d561c 100644
--- a/drivers/pci/controller/vmd.c
+++ b/drivers/pci/controller/vmd.c
@@ -280,9 +280,11 @@ static int vmd_msi_alloc(struct irq_domain *domain, unsigned int virq,
static void vmd_msi_free(struct irq_domain *domain, unsigned int virq,
unsigned int nr_irqs)
{
- struct vmd_irq *vmdirq = irq_get_chip_data(virq);
+ struct vmd_irq *vmdirq;
for (int i = 0; i < nr_irqs; ++i) {
+ vmdirq = irq_get_chip_data(virq + i);
+
synchronize_srcu(&vmdirq->irq->srcu);
/* XXX: Potential optimization to rebalance */
