Re: [PATCH 17/21] MSI: Clear the irq_desc's msi pointer on free

[Eric W. Biederman]

Michael Ellerman <michael@xxxxxxxxxxxxxx> writes:

> On Thu, 2007-03-22 at 08:23 -0600, Eric W. Biederman wrote:
>> Michael Ellerman <michael@xxxxxxxxxxxxxx> writes:
>> 
>> > Currently we never clear the msi_desc pointer in the irq_desc. This
>> > leaves us with a pointer to free'ed memory hanging around. No one seems
>> > to have hit this, so presumably other parts of the code are protecting
>> > us from ever using the stale pointer .. or we're just lucky, we should
>> > still clear it.
>> 
>> Hmm.  Maybe.  Currently this is done in dynamic_irq_cleanup,
>> at least for everything except sparc64.
>
> OK, I missed that. I still think we should do it here, otherwise there's
> a window, however small, where the msi_desc pointer is pointing at freed
> memory.

After following the code through the current cleanup happens before you are
proposing, and in fact the irq is return to the set of irq's that can
be allocated before you are calling set_irq_msi(irq, NULL).

Therefore you are doing this too late and we need to ensure the
architecture code does this in arch_teardown_msi_irq.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/