From mboxrd@z Thu Jan 1 00:00:00 1970 From: Igor Mammedov Subject: Re: xen: Clear IRQ_GUEST bit from irq_desc status if its action is NULL Date: Tue, 13 Sep 2011 14:36:35 +0200 Message-ID: <4E6F4E53.3010100@redhat.com> References: <1315904920-12533-1-git-send-email-imammedo@redhat.com> <4E6F5E830200007800055D49@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4E6F5E830200007800055D49@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On 09/13/2011 01:45 PM, Jan Beulich wrote: >>>> On 13.09.11 at 11:08, Igor Mammedov wrote: >> On a system with Intel C600 series Patsburg SAS controller >> if following command are executed: >> >> rmmod isci >> modprobe isci >> >> the host will crash in pirq_guest_bind in attempt to dereference >> NULL action pointer. >> >> This is caused by isci driver which does not cleanup irq properly, >> removing device first and then os tries to unbind its irqs afterwards. >> >> c/s 20093 and 20844 fixed host crashes when removing isci module. >> >> However in dynamic_irq_cleanup 'action' field of irq_desc is set to >> NULL but IRQ_GUEST flag in 'status' field is not cleared. So on next > > So why don't you clear the bit there? then we may hit BUG_ON(!(desc->status & IRQ_GUEST)); in pirq_guest_unbind -> __pirq_guest_unbind It seams safer for me to clear bit in __pirq_guest_unbind