Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2253900imm;
        Thu, 7 Jun 2018 07:45:48 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLHvsW4MBd8QclxyjQDLDOuz8b8Db+ZGAuqxyUjpVDkFNcHqQ3AyR7kPYbmtVXAv27u4+G2
X-Received: by 2002:a62:5788:: with SMTP id i8-v6mr2035543pfj.175.1528382748435;
        Thu, 07 Jun 2018 07:45:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528382748; cv=none;
        d=google.com; s=arc-20160816;
        b=kZj837NowOHyQfE0XvW4J62Hcg5XQ0JeUzBayxvfpGvBw99HY3jy3K7AvH4yEdA6IT
         KdoZ25EAawdZDNIiP8EdOH6wg0UxHvWNG204dOdppHKMUouRmQHze8ttyUQDt86Dts/6
         6BjmOyWFqBz8ZzbI0eDUQkYbgpT0bdMdbemx8b5PrMIAleW2GfyI2lNaGe1W1CxCH/05
         FMm+eAvmVm9SHdR4S7LiQFdhGHE6M+GunU0xRFEXbzKMhJyOJHaNYRjY/jHgYcpQ1NW2
         +E+75TAh6/tEtLjMK0PMGBveDdsigHPwy42m0W/NocWi+4/6fteXNxosx4ro/fuma/hX
         nZ8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to
         :from:mime-version:content-transfer-encoding:content-disposition
         :arc-authentication-results;
        bh=/aU5iqMHqgODY74diAE1DnraDUMlGqpyJEv3U4+AmDM=;
        b=J4XXbUvvsl91b5xqU3eOt0mxCwy+ZIKsxy9lbMgUvYp98gEBZRzhXpNt4nrbZrtL+1
         w25/y59Z4ccyZMx7WSKztEvXMA5kFG/WbY14ye1/ZygDzRpFQmZweFAeb20uusH9t9XY
         OrV5eG6ATMhI3YLNdQJRVzbBVm41oMaYGfp7ptG8n+wusU0ehA9DDmCAeH/4FnqjFazT
         oVs8SRm0BwFG9KnPttrhlUZOYpJWWGIE87T50h+x8N6jCdVb+zVMW6GUcsH23v54c6Ic
         WCKXRQhB+bJ3sySvy72ySLqDZBM3FI0CKpxqBzC1hth7PH4g1a/fdA+fMbMqEA+fdi0t
         vLMg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p4-v6si879184pgu.472.2018.06.07.07.45.34;
        Thu, 07 Jun 2018 07:45:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934853AbeFGOnY (ORCPT <rfc822;chenhe.dev@gmail.com> + 99 others);
        Thu, 7 Jun 2018 10:43:24 -0400
Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:40673 "EHLO
        shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S934069AbeFGOnV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Jun 2018 10:43:21 -0400
Received: from [148.252.241.226] (helo=deadeye)
        by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.84_2)
        (envelope-from <ben@decadent.org.uk>)
        id 1fQvbV-0005Zs-T0; Thu, 07 Jun 2018 15:09:30 +0100
Received: from ben by deadeye with local (Exim 4.91)
        (envelope-from <ben@decadent.org.uk>)
        id 1fQvbA-0003Ae-Vt; Thu, 07 Jun 2018 15:09:08 +0100
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
From:   Ben Hutchings <ben@decadent.org.uk>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
CC:     akpm@linux-foundation.org, "Hooman Mirhadi" <mirhadih@amazon.com>,
        "Juergen Gross" <jgross@suse.com>,
        "Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
        "Amit Shah" <aams@amazon.com>,
        "Roger Pau Monne" <roger.pau@citrix.com>
Date:   Thu, 07 Jun 2018 15:05:21 +0100
Message-ID: <lsq.1528380321.731340500@decadent.org.uk>
X-Mailer: LinuxStableQueue (scripts by bwh)
Subject: [PATCH 3.16 312/410] xen/pirq: fix error path cleanup when
 binding MSIs
In-Reply-To: <lsq.1528380320.647747352@decadent.org.uk>
X-SA-Exim-Connect-IP: 148.252.241.226
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.16.57-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Roger Pau Monne <roger.pau@citrix.com>

commit 910f8befdf5bccf25287d9f1743e3e546bcb7ce0 upstream.

Current cleanup in the error path of xen_bind_pirq_msi_to_irq is
wrong. First of all there's an off-by-one in the cleanup loop, which
can lead to unbinding wrong IRQs.

Secondly IRQs not bound won't be freed, thus leaking IRQ numbers.

Note that there's no need to differentiate between bound and unbound
IRQs when freeing them, __unbind_from_irq will deal with both of them
correctly.

Fixes: 4892c9b4ada9f9 ("xen: add support for MSI message groups")
Reported-by: Hooman Mirhadi <mirhadih@amazon.com>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Amit Shah <aams@amazon.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/xen/events/events_base.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -763,8 +763,8 @@ out:
 	mutex_unlock(&irq_mapping_update_lock);
 	return irq;
 error_irq:
-	for (; i >= 0; i--)
-		__unbind_from_irq(irq + i);
+	while (nvec--)
+		__unbind_from_irq(irq + nvec);
 	mutex_unlock(&irq_mapping_update_lock);
 	return ret;
 }