x86: IRQ fix incorrect logic in __clear_irq_vector

In the old code, tmp_mask is the cpu_and of cfg->cpu_mask and
cpu_online_map.  However, in the usual case of moving an IRQ from one
PCPU to another because the scheduler decides its a good idea,
cfg->cpu_mask and cfg->old_cpu_mask do not intersect.  This causes the
old cpu vector_irq table to keep the irq reference when it shouldn't.

This leads to a resource leak if a domain is shut down wile an irq has
a move pending, which results in Xen's create_irq() eventually failing
with -ENOSPC when all vector_irq tables are full of stale references.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index dfec057b4268ce48606c274ac979a2752cb2ca28..8d598c28cae52170517148dbe6f1bb63a3f86c8e 100644 (file)
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -216,6 +216,7 @@ static void __clear_irq_vector(int irq)
 
     if (likely(!cfg->move_in_progress))
         return;
+    cpus_and(tmp_mask, cfg->old_cpu_mask, cpu_online_map);
     for_each_cpu_mask(cpu, tmp_mask) {
         for (vector = FIRST_DYNAMIC_VECTOR; vector <= LAST_DYNAMIC_VECTOR;
                                 vector++) {