[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen-unstable] qemu-traditional/passthrough: adjust MSI-X device cleanup (bug 1809)

commit 29996060f617f9a363559fb8ae6bce590c45180e
Author: Jan Beulich <JBeulich@xxxxxxxx>
Date:   Mon Apr 2 17:35:36 2012 +0100

    qemu-traditional/passthrough: adjust MSI-X device cleanup (bug 1809)
    
    To address http://bugzilla.xen.org/bugzilla/show_bug.cgi?id=1809,
    pt_unregister_regions() also needs to use the newly introduced
    _pt_iomem_helper() instead of calling xc_domain_memory_mapping()
    directly, to take into consideration the hole created for the MSI-X
    table.
    
    For this to work, two calls in unregister_real_device() need to be
    swapped, since otherwise we'd have
    
    unregister_real_device()
      -> pt_config_delete()
        -> pt_msix_delete() (frees [and fails to clear] ->msix)
      -> pt_unregister_regions()
        -> _pt_iomem_helper() (with the patch below)
          -> has_msix_mapping() (uses ->msix)
    
    And to be certain to prevent (catch) further/future use-after-free
    instances, let's also clear dev->msix in pt_msix_delete().
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Tested-by: Yongjie Ren <yongjie.ren@xxxxxxxxx>
    Acked-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
---
 hw/pass-through.c |   14 ++++++--------
 hw/pt-msi.c       |    1 +
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/hw/pass-through.c b/hw/pass-through.c
index dbe8804..f832c5a 100644
--- a/hw/pass-through.c
+++ b/hw/pass-through.c
@@ -1969,11 +1969,9 @@ static void pt_unregister_regions(struct pt_dev 
*assigned_device)
         if ( type == PCI_ADDRESS_SPACE_MEM ||
              type == PCI_ADDRESS_SPACE_MEM_PREFETCH )
         {
-            ret = xc_domain_memory_mapping(xc_handle, domid,
-                    assigned_device->bases[i].e_physbase >> XC_PAGE_SHIFT,
-                    assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT,
-                    (e_size+XC_PAGE_SIZE-1) >> XC_PAGE_SHIFT,
-                    DPCI_REMOVE_MAPPING);
+            ret = _pt_iomem_helper(assigned_device, i,
+                                   assigned_device->bases[i].e_physbase,
+                                   e_size, DPCI_REMOVE_MAPPING);
             if ( ret != 0 )
             {
                 PT_LOG("Error: remove old mem mapping failed!\n");
@@ -4393,12 +4391,12 @@ static int unregister_real_device(int devfn)
         }
     }
 
-    /* delete all emulated config registers */
-    pt_config_delete(assigned_device);
-
     /* unregister real device's MMIO/PIO BARs */
     pt_unregister_regions(assigned_device);
 
+    /* delete all emulated config registers */
+    pt_config_delete(assigned_device);
+
     pt_iomul_free(assigned_device);
 
     /* mark this devfn as free */
diff --git a/hw/pt-msi.c b/hw/pt-msi.c
index f95f6c0..70c4023 100644
--- a/hw/pt-msi.c
+++ b/hw/pt-msi.c
@@ -627,4 +627,5 @@ void pt_msix_delete(struct pt_dev *dev)
 
 
     free(dev->msix);
+    dev->msix = NULL;
 }
--
generated by git-patchbot for /home/xen/git/qemu-xen-unstable.git

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.