x86: check if desc->action is NULL when unbinding guest pirq

Before igb PF driver is unloaded, dom0 doesn't unload igbvf driver
automatically. When igb drver is unloaded, it invokes the
PHYSDEVOP_manage_pci_remove hypercall to remove the VFs and xen frees
the msi irqs by pci_cleanup_msi() -> ... -> dynamic_irq_cleanup() and
sets the desc->action to NULL.  igbvf driver knows the VF is
disappearing via a hook ndo_stop() in dev_close() and tries to unbind
the pirq and xen would crash as the desc->action is NULL now.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 83c937bd33621b481da9854437d68963d18a2069..7542f9d93642f77f0a05904d7781f0e2c998a08b 100644 (file)
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1229,6 +1229,13 @@ static irq_guest_action_t *__pirq_guest_unbind(
 
     BUG_ON(!(desc->status & IRQ_GUEST));
 
+    if ( unlikely((desc->status | IRQ_DISABLED) && (desc->action == NULL)) )
+    {
+        dprintk(XENLOG_G_WARNING, "dom%d: pirq %d: desc->action is NULL!\n",
+            d->domain_id, pirq);
+        return NULL;
+    }
+
     action = (irq_guest_action_t *)desc->action;
     irq = desc - irq_desc;
 
@@ -1353,6 +1360,13 @@ static int pirq_guest_force_unbind(struct domain *d, int irq)
         goto out;
 
     action = (irq_guest_action_t *)desc->action;
+    if ( unlikely((desc->status | IRQ_DISABLED) && (desc->action == NULL)) )
+    {
+        dprintk(XENLOG_G_WARNING, "dom%d: pirq %d: desc->action is NULL!\n",
+            d->domain_id, irq);
+        goto out;
+    }
+
     for ( i = 0; (i < action->nr_guests) && (action->guest[i] != d); i++ )
         continue;
     if ( i == action->nr_guests )