From e591bdb0182434f2886498a876f89ea7fdcff509 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Fri, 22 Jan 2010 11:01:18 +0000 Subject: [PATCH] x86: check if desc->action is NULL when unbinding guest pirq Before igb PF driver is unloaded, dom0 doesn't unload igbvf driver automatically. When igb drver is unloaded, it invokes the PHYSDEVOP_manage_pci_remove hypercall to remove the VFs and xen frees the msi irqs by pci_cleanup_msi() -> ... -> dynamic_irq_cleanup() and sets the desc->action to NULL. igbvf driver knows the VF is disappearing via a hook ndo_stop() in dev_close() and tries to unbind the pirq and xen would crash as the desc->action is NULL now. Signed-off-by: Dexuan Cui --- xen/arch/x86/irq.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 83c937bd33..7542f9d936 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1229,6 +1229,13 @@ static irq_guest_action_t *__pirq_guest_unbind( BUG_ON(!(desc->status & IRQ_GUEST)); + if ( unlikely((desc->status | IRQ_DISABLED) && (desc->action == NULL)) ) + { + dprintk(XENLOG_G_WARNING, "dom%d: pirq %d: desc->action is NULL!\n", + d->domain_id, pirq); + return NULL; + } + action = (irq_guest_action_t *)desc->action; irq = desc - irq_desc; @@ -1353,6 +1360,13 @@ static int pirq_guest_force_unbind(struct domain *d, int irq) goto out; action = (irq_guest_action_t *)desc->action; + if ( unlikely((desc->status | IRQ_DISABLED) && (desc->action == NULL)) ) + { + dprintk(XENLOG_G_WARNING, "dom%d: pirq %d: desc->action is NULL!\n", + d->domain_id, irq); + goto out; + } + for ( i = 0; (i < action->nr_guests) && (action->guest[i] != d); i++ ) continue; if ( i == action->nr_guests ) -- 2.30.2