From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: [patch 3/3] KVM: only clear irq_source_id if irqchip is present
Date: Tue, 27 Oct 2009 13:10:45 -0200
Message-ID: <20091027151125.405187270@redhat.com>
References: <20091027151042.118902183@redhat.com>
Cc: kvm <kvm@vger.kernel.org>, stable@kernel.org,
	Marcelo Tosatti <mtosatti@redhat.com>
To: avi@redhat.com
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:1027 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753757AbZJ0POf (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 27 Oct 2009 11:14:35 -0400
Content-Disposition: inline; filename=free-irqsource-id
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Otherwise kvm might attempt to dereference a NULL pointer.

CC: stable@kernel.org
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Index: kvm/virt/kvm/irq_comm.c
===================================================================
--- kvm.orig/virt/kvm/irq_comm.c
+++ kvm/virt/kvm/irq_comm.c
@@ -243,6 +243,10 @@ void kvm_free_irq_source_id(struct kvm *
 		printk(KERN_ERR "kvm: IRQ source ID out of range!\n");
 		goto unlock;
 	}
+	clear_bit(irq_source_id, &kvm->arch.irq_sources_bitmap);
+	if (!irqchip_in_kernel(kvm))
+		goto unlock;
+
 	for (i = 0; i < KVM_IOAPIC_NUM_PINS; i++) {
 		clear_bit(irq_source_id, &kvm->arch.vioapic->irq_states[i]);
 		if (i >= 16)
@@ -251,7 +255,6 @@ void kvm_free_irq_source_id(struct kvm *
 		clear_bit(irq_source_id, &pic_irqchip(kvm)->irq_states[i]);
 #endif
 	}
-	clear_bit(irq_source_id, &kvm->arch.irq_sources_bitmap);
 unlock:
 	mutex_unlock(&kvm->irq_lock);
 }