On Wed, Jul 16, 2025 at 10:12:16PM +0200, Nam Cao wrote:
> On Wed, Jul 16, 2025 at 09:52:05PM +0200, Antonio Quartulli wrote:
> > Hi Nam,
> Hi Antonio,
>
> > On 26/06/2025 16:48, Nam Cao wrote:
> > [...]
> > > -static void vmd_msi_free(struct irq_domain *domain,
> > > - struct msi_domain_info *info, unsigned int virq)
> > > +static void vmd_msi_free(struct irq_domain *domain, unsigned int virq, unsigned int nr_irqs)
> > > {
> > > struct vmd_irq *vmdirq = irq_get_chip_data(virq);
> > > - synchronize_srcu(&vmdirq->irq->srcu);
> > > + for (int i = 0; i < nr_irqs; ++i) {
> > > + synchronize_srcu(&vmdirq->irq->srcu);
> > > - /* XXX: Potential optimization to rebalance */
> > > - scoped_guard(raw_spinlock_irq, &list_lock)
> > > - vmdirq->irq->count--;
> > > + /* XXX: Potential optimization to rebalance */
> > > + scoped_guard(raw_spinlock_irq, &list_lock)
> > > + vmdirq->irq->count--;
> > > - kfree(vmdirq);
> > > + kfree(vmdirq);
> > > + }
> >
> > By introducing a for loop in this function, you are re-using vmdirq after
> > free'ing it.
> >
> > I can't send a patch because I am not faimliar with this API and I don't
> > know how to fix it.
> >
> > However, the issue was reported today by Coverity.
> >
> > Any idea? :-)
>
> Thanks for the report. That was indeed a mistake from my side.
>
> I hope PCI maintainers don't mind squashing the below diff.
Squashed, thanks! Updated commit:
https://git.kernel.org/pub/scm/linux/kernel/git/pci/pci.git/commit/?id=4246b7fccf26
> diff --git a/drivers/pci/controller/vmd.c b/drivers/pci/controller/vmd.c
> index 48a6096cbbc0..50f0c91d561c 100644
> --- a/drivers/pci/controller/vmd.c
> +++ b/drivers/pci/controller/vmd.c
> @@ -280,9 +280,11 @@ static int vmd_msi_alloc(struct irq_domain *domain, unsigned int virq,
> static void vmd_msi_free(struct irq_domain *domain, unsigned int virq,
> unsigned int nr_irqs)
> {
> - struct vmd_irq *vmdirq = irq_get_chip_data(virq);
> + struct vmd_irq *vmdirq;
>
> for (int i = 0; i < nr_irqs; ++i) {
> + vmdirq = irq_get_chip_data(virq + i);
> +
> synchronize_srcu(&vmdirq->irq->srcu);
>
> /* XXX: Potential optimization to rebalance */
>
