Mailing List Archive

commit 08bbc1c02d6b382cf52fa02bb34097eb0b003461
Author: Michal Orzel <michal.orzel@amd.com>
AuthorDate: Thu Mar 23 14:56:36 2023 +0100
Commit: Julien Grall <jgrall@amazon.com>
CommitDate: Wed Mar 29 22:20:20 2023 +0100

xen/arm: vpl011: Fix domain_vpl011_init error path

When vgic_reserve_virq() fails and backend is in domain, we should also
free the allocated event channel.

When backend is in Xen and call to xzalloc() returns NULL, there is no
need to call xfree(). This should be done instead on an error path
from vgic_reserve_virq(). Moreover, we should be calling XFREE() to
prevent an extra free in domain_vpl011_deinit().

In order not to repeat the same steps twice, call domain_vpl011_deinit()
on an error path whenever there is more work to do than returning rc.
Since this function can now be called from different places and more
than once, add proper guards, use XFREE() instead of xfree() and move
vgic_free_virq() to it.

Take the opportunity to return -ENOMEM instead of -EINVAL when memory
allocation fails.

Fixes: 1ee1e4b0d1ff ("xen/arm: Allow vpl011 to be used by DomU")
Signed-off-by: Michal Orzel <michal.orzel@amd.com>
Reviewed-by: Luca Fancellu <luca.fancellu@arm.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
---
xen/arch/arm/vpl011.c | 47 ++++++++++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 17 deletions(-)

diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c
index 541ec962f1..2fa80bc15a 100644
--- a/xen/arch/arm/vpl011.c
+++ b/xen/arch/arm/vpl011.c
@@ -696,8 +696,8 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info)
vpl011->backend.xen = xzalloc(struct vpl011_xen_backend);
if ( vpl011->backend.xen == NULL )
{
- rc = -EINVAL;
- goto out1;
+ rc = -ENOMEM;
+ goto out;
}
}

@@ -705,7 +705,7 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info)
if ( !rc )
{
rc = -EINVAL;
- goto out2;
+ goto out1;
}

vpl011->uartfr = TXFE | RXFE;
@@ -717,15 +717,8 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info)

return 0;

-out2:
- vgic_free_virq(d, vpl011->virq);
-
out1:
- if ( vpl011->backend_in_domain )
- destroy_ring_for_helper(&vpl011->backend.dom.ring_buf,
- vpl011->backend.dom.ring_page);
- else
- xfree(vpl011->backend.xen);
+ domain_vpl011_deinit(d);

out:
return rc;
@@ -735,17 +728,37 @@ void domain_vpl011_deinit(struct domain *d)
{
struct vpl011 *vpl011 = &d->arch.vpl011;

+ if ( vpl011->virq )
+ {
+ vgic_free_virq(d, vpl011->virq);
+
+ /*
+ * Set to invalid irq (we use SPI) to prevent extra free and to avoid
+ * freeing irq that could have already been reserved by someone else.
+ */
+ vpl011->virq = 0;
+ }
+
if ( vpl011->backend_in_domain )
{
- if ( !vpl011->backend.dom.ring_buf )
- return;
+ if ( vpl011->backend.dom.ring_buf )
+ destroy_ring_for_helper(&vpl011->backend.dom.ring_buf,
+ vpl011->backend.dom.ring_page);
+
+ if ( vpl011->evtchn )
+ {
+ free_xen_event_channel(d, vpl011->evtchn);

- free_xen_event_channel(d, vpl011->evtchn);
- destroy_ring_for_helper(&vpl011->backend.dom.ring_buf,
- vpl011->backend.dom.ring_page);
+ /*
+ * Set to invalid event channel port to prevent extra free and to
+ * avoid freeing port that could have already been allocated for
+ * other purposes.
+ */
+ vpl011->evtchn = 0;
+ }
}
else
- xfree(vpl011->backend.xen);
+ XFREE(vpl011->backend.xen);
}

/*
--
generated by git-patchbot for /home/xen/git/xen.git#master