1. Patchew
  2. linux
  3. View series

[PATCH rc] genirq/msi: Free the fwnode created by msi_create_device_irq_domain()

Jason Gunthorpe posted 1 patch 2 years, 8 months ago
There is a newer version of this series
kernel/irq/msi.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
[PATCH rc] genirq/msi: Free the fwnode created by msi_create_device_irq_domain()
Posted by Jason Gunthorpe 2 years, 8 months ago 
msi_create_device_irq_domain creates a fwnode for the new domain, but it
is never freed. kmemleak reports:

unreferenced object 0xffff888120ba9a00 (size 96):
  comm "systemd-modules", pid 221, jiffies 4294893411 (age 635.732s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 e0 19 8b 83 ff ff ff ff  ................
    00 00 00 00 00 00 00 00 18 9a ba 20 81 88 ff ff  ........... ....
  backtrace:
    [<00000000bcb7f3b1>] kmalloc_trace+0x27/0x110
    [<000000008cdbc98d>] __irq_domain_alloc_fwnode+0x51/0x2b0
    [<00000000c57acf9d>] msi_create_device_irq_domain+0x283/0x670
    [<000000009b567982>] __pci_enable_msix_range+0x49e/0xdb0
    [<0000000077cc1445>] pci_alloc_irq_vectors_affinity+0x11f/0x1c0
    [<00000000532e9ef5>] mlx5_irq_table_create+0x24c/0x940 [mlx5_core]
    [<00000000fabd2b80>] mlx5_load+0x1fa/0x680 [mlx5_core]
    [<000000006bb22ae4>] mlx5_init_one+0x485/0x670 [mlx5_core]
    [<00000000eaa5e1ad>] probe_one+0x4c2/0x720 [mlx5_core]
    [<00000000df8efb43>] local_pci_probe+0xd6/0x170
    [<0000000085cb9924>] pci_device_probe+0x231/0x6e0
    [<000000002671d86e>] really_probe+0x1cf/0xaa0
    [<000000002aeba218>] __driver_probe_device+0x18f/0x470
    [<000000002aec9527>] driver_probe_device+0x49/0x120
    [<000000005f45a989>] __driver_attach+0x1ff/0x4a0
    [<0000000000dcaab2>] bus_for_each_dev+0x11e/0x1a0

Use the proper free operation for the fwnode so the name is freed during
error unwind of msi_create_device_irq_domain() and free the fwnode in
msi_remove_device_irq_domain() if it was automatically allocated.

Fixes: 27a6dea3ebaa ("genirq/msi: Provide msi_create/free_device_irq_domain()")
Reported-by: Omri Barazi <obarazi@nvidia.com>
Tested-by: Kalle Valo <kvalo@kernel.org>
Tested-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
---
 kernel/irq/msi.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
index 955267bbc2be63..783a3e6a0b1075 100644
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -1000,7 +1000,7 @@ bool msi_create_device_irq_domain(struct device *dev, unsigned int domid,
 fail:
 	msi_unlock_descs(dev);
 free_fwnode:
-	kfree(fwnode);
+	irq_domain_free_fwnode(fwnode);
 free_bundle:
 	kfree(bundle);
 	return false;
@@ -1013,6 +1013,7 @@ bool msi_create_device_irq_domain(struct device *dev, unsigned int domid,
  */
 void msi_remove_device_irq_domain(struct device *dev, unsigned int domid)
 {
+	struct fwnode_handle *fwnode = NULL;
 	struct msi_domain_info *info;
 	struct irq_domain *domain;
 
@@ -1025,7 +1026,10 @@ void msi_remove_device_irq_domain(struct device *dev, unsigned int domid)
 
 	dev->msi.data->__domains[domid].domain = NULL;
 	info = domain->host_data;
+	if (irq_domain_is_msi_device(domain))
+		fwnode = domain->fwnode;
 	irq_domain_remove(domain);
+	irq_domain_free_fwnode(fwnode);
 	kfree(container_of(info, struct msi_domain_template, info));
 
 unlock:

base-commit: 5dc4c995db9eb45f6373a956eb1f69460e69e6d4
-- 
2.39.0
Re: [PATCH rc] genirq/msi: Free the fwnode created by msi_create_device_irq_domain()
Posted by Thomas Gleixner 2 years, 8 months ago 
Jason!

On Tue, Jan 17 2023 at 11:27, Jason Gunthorpe wrote:
>  void msi_remove_device_irq_domain(struct device *dev, unsigned int domid)
>  {
> +	struct fwnode_handle *fwnode = NULL;
>  	struct msi_domain_info *info;
>  	struct irq_domain *domain;
>  
> @@ -1025,7 +1026,10 @@ void msi_remove_device_irq_domain(struct device *dev, unsigned int domid)
>  
>  	dev->msi.data->__domains[domid].domain = NULL;
>  	info = domain->host_data;
> +	if (irq_domain_is_msi_device(domain))
> +		fwnode = domain->fwnode;
>  	irq_domain_remove(domain);
> +	irq_domain_free_fwnode(fwnode);

This can't work with !device domains because then fwnode is NULL and
irq_domain_free_fwnode() will trip over its feet.

Instead of checking the NULL pointer here, we can just make
irq_domain_free_fwnode() NULL pointer tolerant. See below.

Thanks,

        tglx
---

--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -114,7 +114,7 @@ void irq_domain_free_fwnode(struct fwnod
 {
 	struct irqchip_fwid *fwid;
 
-	if (WARN_ON(!is_fwnode_irqchip(fwnode)))
+	if (!fwnode || WARN_ON(!is_fwnode_irqchip(fwnode)))
 		return;
 
 	fwid = container_of(fwnode, struct irqchip_fwid, fwnode);
Re: [PATCH rc] genirq/msi: Free the fwnode created by msi_create_device_irq_domain()
Posted by Jason Gunthorpe 2 years, 8 months ago 
On Tue, Jan 17, 2023 at 07:42:39PM +0100, Thomas Gleixner wrote:
> Jason!
> 
> On Tue, Jan 17 2023 at 11:27, Jason Gunthorpe wrote:
> >  void msi_remove_device_irq_domain(struct device *dev, unsigned int domid)
> >  {
> > +	struct fwnode_handle *fwnode = NULL;
> >  	struct msi_domain_info *info;
> >  	struct irq_domain *domain;
> >  
> > @@ -1025,7 +1026,10 @@ void msi_remove_device_irq_domain(struct device *dev, unsigned int domid)
> >  
> >  	dev->msi.data->__domains[domid].domain = NULL;
> >  	info = domain->host_data;
> > +	if (irq_domain_is_msi_device(domain))
> > +		fwnode = domain->fwnode;
> >  	irq_domain_remove(domain);
> > +	irq_domain_free_fwnode(fwnode);
> 
> This can't work with !device domains because then fwnode is NULL and
> irq_domain_free_fwnode() will trip over its feet.

Uhh for some reason I thought I checked that. I'll send a v2

Thanks,
Jason

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.