| Message ID | 20230323135636.25318-3-michal.orzel@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | xen/arm: fixes around domain_vpl011_init | expand |
> On 23 Mar 2023, at 13:56, Michal Orzel <michal.orzel@amd.com> wrote: > > When vgic_reserve_virq() fails and backend is in domain, we should also > free the allocated event channel. > > When backend is in Xen and call to xzalloc() returns NULL, there is no > need to call xfree(). This should be done instead on an error path > from vgic_reserve_virq(). Moreover, we should be calling XFREE() to > prevent an extra free in domain_vpl011_deinit(). > > In order not to repeat the same steps twice, call domain_vpl011_deinit() > on an error path whenever there is more work to do than returning rc. > Since this function can now be called from different places and more > than once, add proper guards, use XFREE() instead of xfree() and move > vgic_free_virq() to it. > > Take the opportunity to return -ENOMEM instead of -EINVAL when memory > allocation fails. > > Fixes: 1ee1e4b0d1ff ("xen/arm: Allow vpl011 to be used by DomU") > Signed-off-by: Michal Orzel <michal.orzel@amd.com> Reviewed-by: Luca Fancellu <luca.fancellu@arm.com>
Hi, On 24/03/2023 09:35, Luca Fancellu wrote: > > >> On 23 Mar 2023, at 13:56, Michal Orzel <michal.orzel@amd.com> wrote: >> >> When vgic_reserve_virq() fails and backend is in domain, we should also >> free the allocated event channel. >> >> When backend is in Xen and call to xzalloc() returns NULL, there is no >> need to call xfree(). This should be done instead on an error path >> from vgic_reserve_virq(). Moreover, we should be calling XFREE() to >> prevent an extra free in domain_vpl011_deinit(). >> >> In order not to repeat the same steps twice, call domain_vpl011_deinit() >> on an error path whenever there is more work to do than returning rc. >> Since this function can now be called from different places and more >> than once, add proper guards, use XFREE() instead of xfree() and move >> vgic_free_virq() to it. >> >> Take the opportunity to return -ENOMEM instead of -EINVAL when memory >> allocation fails. >> >> Fixes: 1ee1e4b0d1ff ("xen/arm: Allow vpl011 to be used by DomU") >> Signed-off-by: Michal Orzel <michal.orzel@amd.com> > > > Reviewed-by: Luca Fancellu <luca.fancellu@arm.com> Reviewed-by: Julien Grall <jgrall@amazon.com> And committed the series. Cheers,
diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c index 541ec962f189..2fa80bc15ac4 100644 --- a/xen/arch/arm/vpl011.c +++ b/xen/arch/arm/vpl011.c @@ -696,8 +696,8 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) vpl011->backend.xen = xzalloc(struct vpl011_xen_backend); if ( vpl011->backend.xen == NULL ) { - rc = -EINVAL; - goto out1; + rc = -ENOMEM; + goto out; } } @@ -705,7 +705,7 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) if ( !rc ) { rc = -EINVAL; - goto out2; + goto out1; } vpl011->uartfr = TXFE | RXFE; @@ -717,15 +717,8 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) return 0; -out2: - vgic_free_virq(d, vpl011->virq); - out1: - if ( vpl011->backend_in_domain ) - destroy_ring_for_helper(&vpl011->backend.dom.ring_buf, - vpl011->backend.dom.ring_page); - else - xfree(vpl011->backend.xen); + domain_vpl011_deinit(d); out: return rc; @@ -735,17 +728,37 @@ void domain_vpl011_deinit(struct domain *d) { struct vpl011 *vpl011 = &d->arch.vpl011; + if ( vpl011->virq ) + { + vgic_free_virq(d, vpl011->virq); + + /* + * Set to invalid irq (we use SPI) to prevent extra free and to avoid + * freeing irq that could have already been reserved by someone else. + */ + vpl011->virq = 0; + } + if ( vpl011->backend_in_domain ) { - if ( !vpl011->backend.dom.ring_buf ) - return; + if ( vpl011->backend.dom.ring_buf ) + destroy_ring_for_helper(&vpl011->backend.dom.ring_buf, + vpl011->backend.dom.ring_page); + + if ( vpl011->evtchn ) + { + free_xen_event_channel(d, vpl011->evtchn); - free_xen_event_channel(d, vpl011->evtchn); - destroy_ring_for_helper(&vpl011->backend.dom.ring_buf, - vpl011->backend.dom.ring_page); + /* + * Set to invalid event channel port to prevent extra free and to + * avoid freeing port that could have already been allocated for + * other purposes. + */ + vpl011->evtchn = 0; + } } else - xfree(vpl011->backend.xen); + XFREE(vpl011->backend.xen); } /*
When vgic_reserve_virq() fails and backend is in domain, we should also free the allocated event channel. When backend is in Xen and call to xzalloc() returns NULL, there is no need to call xfree(). This should be done instead on an error path from vgic_reserve_virq(). Moreover, we should be calling XFREE() to prevent an extra free in domain_vpl011_deinit(). In order not to repeat the same steps twice, call domain_vpl011_deinit() on an error path whenever there is more work to do than returning rc. Since this function can now be called from different places and more than once, add proper guards, use XFREE() instead of xfree() and move vgic_free_virq() to it. Take the opportunity to return -ENOMEM instead of -EINVAL when memory allocation fails. Fixes: 1ee1e4b0d1ff ("xen/arm: Allow vpl011 to be used by DomU") Signed-off-by: Michal Orzel <michal.orzel@amd.com> --- Changes in v2: - make use of domain_vpl011_deinit() to prevent code duplication - use XFREE() instead of xfree() --- xen/arch/arm/vpl011.c | 47 +++++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 17 deletions(-)