x86/apic/vector: Fix off by one in error path
authorThomas Gleixner <tglx@linutronix.de>
Tue, 16 Jan 2018 11:20:18 +0000 (12:20 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 23 Jan 2018 18:58:15 +0000 (19:58 +0100)
commit 45d55e7bac4028af93f5fa324e69958a0b868e96 upstream.

Keith reported the following warning:

WARNING: CPU: 28 PID: 1420 at kernel/irq/matrix.c:222 irq_matrix_remove_managed+0x10f/0x120
  x86_vector_free_irqs+0xa1/0x180
  x86_vector_alloc_irqs+0x1e4/0x3a0
  msi_domain_alloc+0x62/0x130

The reason for this is that if the vector allocation fails the error
handling code tries to free the failed vector as well, which causes the
above imbalance warning to trigger.

Adjust the error path to handle this correctly.

Fixes: b5dc8e6c21e7 ("x86/irq: Use hierarchical irqdomain to manage CPU interrupt vectors")
Reported-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Keith Busch <keith.busch@intel.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801161217300.1823@nanos
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/kernel/apic/vector.c

index 88c214e75a6be0bd26a126e2f57ad67d46a444fe..2ce1c708b8ee399db1f856ef8ce8d50cdec66bfb 100644 (file)
@@ -369,8 +369,11 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq,
                irq_data->hwirq = virq + i;
                err = assign_irq_vector_policy(virq + i, node, data, info,
                                               irq_data);
-               if (err)
+               if (err) {
+                       irq_data->chip_data = NULL;
+                       free_apic_chip_data(data);
                        goto error;
+               }
                /*
                 * If the apic destination mode is physical, then the
                 * effective affinity is restricted to a single target
@@ -383,7 +386,7 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq,
        return 0;
 
 error:
-       x86_vector_free_irqs(domain, virq, i + 1);
+       x86_vector_free_irqs(domain, virq, i);
        return err;
 }