On Thu, 2007-03-22 at 21:00 -0600, Eric W. Biederman wrote: > Michael Ellerman writes: > > > On Thu, 2007-03-22 at 08:23 -0600, Eric W. Biederman wrote: > >> Michael Ellerman writes: > >> > >> > Currently we never clear the msi_desc pointer in the irq_desc. This > >> > leaves us with a pointer to free'ed memory hanging around. No one seems > >> > to have hit this, so presumably other parts of the code are protecting > >> > us from ever using the stale pointer .. or we're just lucky, we should > >> > still clear it. > >> > >> Hmm. Maybe. Currently this is done in dynamic_irq_cleanup, > >> at least for everything except sparc64. > > > > OK, I missed that. I still think we should do it here, otherwise there's > > a window, however small, where the msi_desc pointer is pointing at freed > > memory. > > After following the code through the current cleanup happens before you are > proposing, and in fact the irq is return to the set of irq's that can > be allocated before you are calling set_irq_msi(irq, NULL). We don't call dynamic_irq_cleanup(), so it never gets done. Perhaps we should be using your dynamic_irq_init/cleanup. > Therefore you are doing this too late and we need to ensure the > architecture code does this in arch_teardown_msi_irq. As long as the arch teardown routine somehow calls dynamic_irq_cleanup() it should be fine. But I guess it's probably safer to just have all archs do set_msi_irq(irq, NULL) in the teardown. cheers -- Michael Ellerman OzLabs, IBM Australia Development Lab wwweb: http://michael.ellerman.id.au phone: +61 2 6212 1183 (tie line 70 21183) We do not inherit the earth from our ancestors, we borrow it from our children. - S.M.A.R.T Person