This is a note to let you know that I've just added the patch titled
genirq/msi: Take the per-device MSI lock before validating the control structure
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
genirq-msi-take-the-per-device-msi-lock-before-validating-the-control-structure.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 0af2795f936f1ea1f9f1497447145dfcc7ed2823 Mon Sep 17 00:00:00 2001
From: Marc Zyngier <maz@xxxxxxxxxx>
Date: Mon, 20 Feb 2023 19:01:01 +0000
Subject: genirq/msi: Take the per-device MSI lock before validating the control structure
From: Marc Zyngier <maz@xxxxxxxxxx>
commit 0af2795f936f1ea1f9f1497447145dfcc7ed2823 upstream.
Calling msi_ctrl_valid() ultimately results in calling
msi_get_device_domain(), which requires holding the device MSI lock.
However, in msi_domain_populate_irqs() the lock is taken right after having
called msi_ctrl_valid(), which is just a tad too late.
Take the lock before invoking msi_ctrl_valid().
Fixes: 40742716f294 ("genirq/msi: Make msi_add_simple_msi_descs() device domain aware")
Reported-by: "Russell King (Oracle)" <linux@xxxxxxxxxxxxxxx>
Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Tested-by: Russell King (Oracle) <rmk+kernel@xxxxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lore.kernel.org/r/Y/Opu6ETe3ZzZ/8E@xxxxxxxxxxxxxxxxxxxxx
Link: https://lore.kernel.org/r/20230220190101.314446-1-maz@xxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/irq/msi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
index 783a3e6a0b10..13d96495e6d0 100644
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -1084,10 +1084,13 @@ int msi_domain_populate_irqs(struct irq_domain *domain, struct device *dev,
struct xarray *xa;
int ret, virq;
- if (!msi_ctrl_valid(dev, &ctrl))
- return -EINVAL;
-
msi_lock_descs(dev);
+
+ if (!msi_ctrl_valid(dev, &ctrl)) {
+ ret = -EINVAL;
+ goto unlock;
+ }
+
ret = msi_domain_add_simple_msi_descs(dev, &ctrl);
if (ret)
goto unlock;
--
2.39.2
Patches currently in stable-queue which might be from maz@xxxxxxxxxx are
queue-6.2/irqchip-irq-bcm7120-l2-set-irq_level-for-level-trigg.patch
queue-6.2/irqchip-irq-mvebu-gicp-fix-refcount-leak-in-mvebu_gi.patch
queue-6.2/irqdomain-fix-association-race.patch
queue-6.2/irqdomain-fix-domain-registration-race.patch
queue-6.2/irqdomain-drop-bogus-fwspec-mapping-error-handling.patch
queue-6.2/irqdomain-fix-mapping-creation-race.patch
queue-6.2/irqchip-irq-brcmstb-l2-set-irq_level-for-level-trigg.patch
queue-6.2/irqchip-fix-refcount-leak-in-platform_irqchip_probe.patch
queue-6.2/irqdomain-refactor-__irq_domain_alloc_irqs.patch
queue-6.2/irqdomain-fix-disassociation-race.patch
queue-6.2/irqdomain-look-for-existing-mapping-only-once.patch
queue-6.2/irqchip-ti-sci-fix-refcount-leak-in-ti_sci_intr_irq_.patch
queue-6.2/genirq-msi-take-the-per-device-msi-lock-before-validating-the-control-structure.patch
queue-6.2/irqchip-alpine-msi-fix-refcount-leak-in-alpine_msix_.patch
