diff options
author | Greg Kurz <gkurz@linux.vnet.ibm.com> | 2016-02-25 19:02:18 +0100 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2016-02-28 16:19:02 +1100 |
commit | ce266b75febdeee5b91ab630a7158ddff3e002fb (patch) | |
tree | fcb0bda0d987f0fa22714f474e984a7de1525ce2 /hw/ppc/spapr_pci.c | |
parent | d4a63ac8b19eb208465f27fde63f3cff7018fdfd (diff) | |
download | qemu-ce266b75febdeee5b91ab630a7158ddff3e002fb.zip qemu-ce266b75febdeee5b91ab630a7158ddff3e002fb.tar.gz qemu-ce266b75febdeee5b91ab630a7158ddff3e002fb.tar.bz2 |
spapr_pci: fix irq leak in RTAS ibm,change-msi
This RTAS call is used to request new interrupts or to free all interrupts.
If the driver has already allocated interrupts and asks again for a non-null
number of irqs, then the rtas_ibm_change_msi() function will silently leak
the previous interrupts.
It happens because xics_free() is only called when the driver releases all
interrupts (!req_num case). Note that the previously allocated spapr_pci_msi
is not leaked because the GHashTable is created with destroy functions and
g_hash_table_insert() hence frees the old value.
This patch makes sure any previously allocated MSIs are released when a
new allocation succeeds.
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'hw/ppc/spapr_pci.c')
-rw-r--r-- | hw/ppc/spapr_pci.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index 19dd6db..9b2b546 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -305,9 +305,10 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPRMachineState *spapr, return; } + msi = (spapr_pci_msi *) g_hash_table_lookup(phb->msi, &config_addr); + /* Releasing MSIs */ if (!req_num) { - msi = (spapr_pci_msi *) g_hash_table_lookup(phb->msi, &config_addr); if (!msi) { trace_spapr_pci_msi("Releasing wrong config", config_addr); rtas_st(rets, 0, RTAS_OUT_HW_ERROR); @@ -360,6 +361,12 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPRMachineState *spapr, return; } + /* Release previous MSIs */ + if (msi) { + xics_free(spapr->icp, msi->first_irq, msi->num); + g_hash_table_remove(phb->msi, &config_addr); + } + /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */ spapr_msi_setmsg(pdev, SPAPR_PCI_MSI_WINDOW, ret_intr_type == RTAS_TYPE_MSIX, irq, req_num); |