msi: Avoid uninitialized msi descriptors

When __pci_enable_msix() returns early, output parameter (struct
msi_desc **desc) will not be initialized.  On my machine, a Broadcom
BCM5709 nic has both MSI and MSIX capability blocks and when guest
tries to enable msix interrupts but __pci_enable_msix() returns early
for encountering a msi block, the whole system will crash for fatal
page fault immediately.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
xen-unstable changeset:   786b163da49b
xen-unstable date:        Wed Aug 11 17:01:02 2010 +0100

diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index ec7e5c9c0637cc5af13e67562b6d530b14e0b4c8..89adbeb3f6e1a4738044a039b3b567b7700606a9 100644 (file)
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -607,30 +607,35 @@ static int msix_capability_init(struct pci_dev *dev,
  * indicates the successful setup of an entry zero with the new MSI
  * irq or non-zero for otherwise.
  **/
+
 static int __pci_enable_msi(struct msi_info *msi, struct msi_desc **desc)
 {
     int status;
     struct pci_dev *pdev;
+    struct msi_desc *old_desc;
 
     ASSERT(spin_is_locked(&pcidevs_lock));
     pdev = pci_get_pdev(msi->bus, msi->devfn);
     if ( !pdev )
         return -ENODEV;
 
-    if ( find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI) )
+    old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI);
+    if ( old_desc )
     {
         dprintk(XENLOG_WARNING, "irq %d has already mapped to MSI on "
                 "device %02x:%02x.%01x.\n", msi->irq, msi->bus,
                 PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
+        *desc = old_desc;
         return 0;
     }
 
-    if ( find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX) )
+    old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX);
+    if ( old_desc )
     {
         dprintk(XENLOG_WARNING, "MSI-X is already in use on "
                 "device %02x:%02x.%01x\n", msi->bus,
                 PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
-        return 0;
+        pci_disable_msi(old_desc);
     }
 
     status = msi_capability_init(pdev, msi->irq, desc);
@@ -679,6 +684,7 @@ static int __pci_enable_msix(struct msi_info *msi, struct msi_desc **desc)
     u16 control;
     u8 slot = PCI_SLOT(msi->devfn);
     u8 func = PCI_FUNC(msi->devfn);
+    struct msi_desc *old_desc;
 
     ASSERT(spin_is_locked(&pcidevs_lock));
     pdev = pci_get_pdev(msi->bus, msi->devfn);
@@ -691,20 +697,24 @@ static int __pci_enable_msix(struct msi_info *msi, struct msi_desc **desc)
     if (msi->entry_nr >= nr_entries)
         return -EINVAL;
 
-    if ( find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSIX) )
+    old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSIX);
+    if ( old_desc )
     {
         dprintk(XENLOG_WARNING, "irq %d has already mapped to MSIX on "
                 "device %02x:%02x.%01x.\n", msi->irq, msi->bus,
                 PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
+        *desc = old_desc;
         return 0;
     }
 
-    if ( find_msi_entry(pdev, -1, PCI_CAP_ID_MSI) )
+    old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSI);
+    if ( old_desc )
     {
         dprintk(XENLOG_WARNING, "MSI is already in use on "
                 "device %02x:%02x.%01x\n", msi->bus,
                 PCI_SLOT(msi->devfn), PCI_FUNC(msi->devfn));
-        return 0;
+        pci_disable_msi(old_desc);
+
     }
 
     status = msix_capability_init(pdev, msi, desc);