summaryrefslogtreecommitdiffstats
path: root/hw/ppc
diff options
context:
space:
mode:
authorGreg Kurz2016-02-25 19:02:18 +0100
committerDavid Gibson2016-02-28 06:19:02 +0100
commitce266b75febdeee5b91ab630a7158ddff3e002fb (patch)
treefcb0bda0d987f0fa22714f474e984a7de1525ce2 /hw/ppc
parentspapr_pci: kill useless variable in rtas_ibm_change_msi() (diff)
downloadqemu-ce266b75febdeee5b91ab630a7158ddff3e002fb.tar.gz
qemu-ce266b75febdeee5b91ab630a7158ddff3e002fb.tar.xz
qemu-ce266b75febdeee5b91ab630a7158ddff3e002fb.zip
spapr_pci: fix irq leak in RTAS ibm,change-msi
This RTAS call is used to request new interrupts or to free all interrupts. If the driver has already allocated interrupts and asks again for a non-null number of irqs, then the rtas_ibm_change_msi() function will silently leak the previous interrupts. It happens because xics_free() is only called when the driver releases all interrupts (!req_num case). Note that the previously allocated spapr_pci_msi is not leaked because the GHashTable is created with destroy functions and g_hash_table_insert() hence frees the old value. This patch makes sure any previously allocated MSIs are released when a new allocation succeeds. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'hw/ppc')
-rw-r--r--hw/ppc/spapr_pci.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 19dd6dbeb9..9b2b546b54 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -305,9 +305,10 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPRMachineState *spapr,
return;
}
+ msi = (spapr_pci_msi *) g_hash_table_lookup(phb->msi, &config_addr);
+
/* Releasing MSIs */
if (!req_num) {
- msi = (spapr_pci_msi *) g_hash_table_lookup(phb->msi, &config_addr);
if (!msi) {
trace_spapr_pci_msi("Releasing wrong config", config_addr);
rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
@@ -360,6 +361,12 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPRMachineState *spapr,
return;
}
+ /* Release previous MSIs */
+ if (msi) {
+ xics_free(spapr->icp, msi->first_irq, msi->num);
+ g_hash_table_remove(phb->msi, &config_addr);
+ }
+
/* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */
spapr_msi_setmsg(pdev, SPAPR_PCI_MSI_WINDOW, ret_intr_type == RTAS_TYPE_MSIX,
irq, req_num);