PCI: vmd: repeated kfree of vmdirq
From: Colin King (gmail)
Date: Thu Jul 17 2025 - 07:48:49 EST
Hi,
Static analysis found an issue in the following commit in linux-next:
commit 2b96beffa42760513567919aa27eb72035f2db58
Author: Nam Cao <namcao@xxxxxxxxxxxxx>
Date: Thu Jun 26 16:48:06 2025 +0200
PCI: vmd: Switch to msi_create_parent_irq_domain()
The issue is as follows:
static void vmd_msi_free(struct irq_domain *domain, unsigned int virq,
unsigned int nr_irqs)
{
struct vmd_irq *vmdirq = irq_get_chip_data(virq);
for (int i = 0; i < nr_irqs; ++i) {
synchronize_srcu(&vmdirq->irq->srcu);
/* XXX: Potential optimization to rebalance */
scoped_guard(raw_spinlock_irq, &list_lock)
vmdirq->irq->count--;
kfree(vmdirq);
}
}
The for-loop is repeatedly kfree'ing vmdirq which seems incorrect.
Colin
Attachment:
OpenPGP_0x68C287DFC6A80226.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature