commit ee6ee49fd09fa17c92aadf07961d0ff406fceab8
author Keith Busch <keith.busch@intel.com> Thu Aug 04 16:09:09 2016 -0600
committer Bjorn Helgaas <bhelgaas@google.com> Mon Sep 19 13:14:05 2016 -0500
tree b159d9b1004faceb210b73be19dd66125e964d43
parent b31822277abcd7c83d1c1c0af876da9ccdf3b7d6

x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs

Fix a potential race when disabling MSI/MSI-X on a VMD domain device.  If
the VMD interrupt service is running, it may see a disabled IRQ.  We can
synchronize RCU just before freeing the MSI descriptor.  This is safe since
the irq_desc lock isn't held, and the descriptor is valid even though it is
disabled.  After vmd_msi_free(), though, the handler is reinitialized to
handle_bad_irq(), so we can't let the VMD ISR's list iteration see the
disabled IRQ after this.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by Jon Derrick: <jonathan.derrick@intel.com>

arch/x86/pci/vmd.c

diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c
index e785907..5705852 100644
--- a/arch/x86/pci/vmd.c
+++ b/arch/x86/pci/vmd.c
@@ -218,6 +218,8 @@
 	struct vmd_irq *vmdirq = irq_get_chip_data(virq);
 	unsigned long flags;
 
+	synchronize_rcu();
+
 	/* XXX: Potential optimization to rebalance */
 	raw_spin_lock_irqsave(&list_lock, flags);
 	vmdirq->irq->count--;