mirror of https://github.com/torvalds/linux.git
30471982cd
struct vfio_cdx_device carries three fields that track whether MSI has been configured: vdev->cdx_irqs (the allocated vector array), vdev-> msi_count (the array length), and vdev->config_msi (a boolean flag). The three are set together when vfio_cdx_msi_enable() succeeds and cleared together by vfio_cdx_msi_disable(). However, the error paths in vfio_cdx_msi_enable() free the cdx_irqs allocation on failure without resetting the pointer, leaving it stale and skewed from the other two fields until the next enable call overwrites it. Clear vdev->cdx_irqs to NULL alongside the kfree() in both error paths so the pointer consistently reflects the configured state. With that invariant restored and access to the MSI state serialized by cdx_irqs_lock, vdev->config_msi is fully redundant with (vdev->cdx_irqs != NULL). Drop the config_msi field and switch all readers to test cdx_irqs directly. Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Alex Williamson <alex.williamson@nvidia.com> Acked-by: Nikhil Agarwal <nikhil.agarwal@amd.com> Link: https://lore.kernel.org/r/20260417202800.88287-4-alex.williamson@nvidia.com Signed-off-by: Alex Williamson <alex@shazbot.org> |
||
|---|---|---|
| .. | ||
| cdx | ||
| fsl-mc | ||
| mdev | ||
| pci | ||
| platform | ||
| Kconfig | ||
| Makefile | ||
| container.c | ||
| debugfs.c | ||
| device_cdev.c | ||
| group.c | ||
| iommufd.c | ||
| vfio.h | ||
| vfio_iommu_spapr_tce.c | ||
| vfio_iommu_type1.c | ||
| vfio_main.c | ||
| virqfd.c | ||