From mboxrd@z Thu Jan  1 00:00:00 1970
From: Rusty Russell <rusty@rustcorp.com.au>
Subject: Re: [PATCH 2/2] virtio: fix double free_irq
Date: Thu, 23 Jul 2009 14:10:31 +0930
Message-ID: <200907231410.32287.rusty@rustcorp.com.au>
References: <cover.1248181714.git.mst@redhat.com> <20090721155925.GC3306@redhat.com>
Mime-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Christian Borntraeger <borntraeger@de.ibm.com>,
	virtualization@lists.linux-foundation.org,
	Anthony Liguori <anthony@codemonkey.ws>, kvm@vger.kernel.org,
	avi@redhat.com, Carsten Otte <cotte@de.ibm.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from ozlabs.org ([203.10.76.45]:55372 "EHLO ozlabs.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750712AbZGWEkh (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 23 Jul 2009 00:40:37 -0400
In-Reply-To: <20090721155925.GC3306@redhat.com>
Content-Disposition: inline
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Wed, 22 Jul 2009 01:29:25 am Michael S. Tsirkin wrote:
> -	if (info->vector != VIRTIO_MSI_NO_VECTOR)
> +	if (info->vector != VIRTIO_MSI_NO_VECTOR) {
>  		free_irq(vp_dev->msix_entries[info->vector].vector, vq);
> +		--vp_dev->msix_used_vectors;
> +	}
>

This only works because the only current caller of vp_del_vq is vp_del_vqs, so 
msix_used_vectors will be 0 after all the queues have been freed.

Make up your mind.  Either find_vq allocates and del_vq frees, or it's find_vqs 
and del_vqs.  I suggest the former, and setting the value VIRTIO_MSI_NO_VECTOR  
to indicate it's already freed.  I think with some cleanups, that loop in 
vp_free_vectors might go away, too.

Rusty.