[PATCH AUTOSEL 6.14 21/28] platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()

Linux kernel -stable discussions
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Frank Li <Frank.Li@nxp.com>, Thomas Gleixner <tglx@linutronix.de>,
	Marc Zyngier <maz@kernel.org>, Sasha Levin <sashal@kernel.org>,
	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org
Subject: [PATCH AUTOSEL 6.14 21/28] platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()
Date: Fri, 30 May 2025 08:39:27 -0400	[thread overview]
Message-ID: <20250530123934.2574748-21-sashal@kernel.org> (raw)
In-Reply-To: <20250530123934.2574748-1-sashal@kernel.org>

From: Frank Li <Frank.Li@nxp.com>

[ Upstream commit 9a958e1fd40d6fae8c66385687a00ebd9575a7d2 ]

platform_device_msi_init_and_alloc_irqs() performs two tasks: allocating
the MSI domain for a platform device, and allocate a number of MSIs in that
domain.

platform_device_msi_free_irqs_all() only frees the MSIs, and leaves the MSI
domain alive.

Given that platform_device_msi_init_and_alloc_irqs() is the sole tool a
platform device has to allocate platform MSIs, it makes sense for
platform_device_msi_free_irqs_all() to teardown the MSI domain at the same
time as the MSIs.

This avoids warnings and unexpected behaviours when a driver repeatedly
allocates and frees MSIs.

Signed-off-by: Frank Li <Frank.Li@nxp.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/all/20250414-ep-msi-v18-1-f69b49917464@nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

**YES** This commit should be backported to stable kernel trees. ##
Analysis: ### Bug Being Fixed: The commit addresses a resource
management asymmetry in the platform-MSI subsystem. The issue is that
`platform_device_msi_init_and_alloc_irqs()` performs two operations: 1.
Creates an MSI domain via `msi_create_device_irq_domain()` 2. Allocates
MSIs in that domain via `msi_domain_alloc_irqs_range()` However,
`platform_device_msi_free_irqs_all()` only performed one cleanup
operation: 1. Freed the MSIs via `msi_domain_free_irqs_all()` 2.
**Missing**: Domain cleanup via `msi_remove_device_irq_domain()` ###
Code Change Analysis: The fix is minimal and surgical - adding just one
line: ```c void platform_device_msi_free_irqs_all(struct device *dev) {
msi_domain_free_irqs_all(dev, MSI_DEFAULT_DOMAIN); +
msi_remove_device_irq_domain(dev, MSI_DEFAULT_DOMAIN); } ``` This
creates the missing symmetry between allocation and deallocation
operations. ### Supporting Evidence from Kernel Repository: 1. **Related
NULL pointer crash**: The UFS driver commit `64506b3d23a3` shows that
missing MSI domain cleanup can lead to NULL pointer dereferences when
drivers repeatedly allocate/free MSIs, requiring a `Cc:
stable@vger.kernel.org # 6.3` tag. 2. **Recent platform-MSI evolution**:
The git blame shows the current implementation was added in commit
`c88f9110bfbc` (Jan 2024) by Thomas Gleixner, indicating this is
relatively new code that needs stabilization. 3. **Consistent pattern**:
The PCI MSI code (`drivers/pci/msi/irqdomain.c`) already follows this
pattern, calling `msi_remove_device_irq_domain()` in cleanup paths. ###
Stable Tree Criteria Assessment: ✅ **Fixes important bug**: Resource
leaks and "warnings and unexpected behaviours" when drivers repeatedly
allocate/free MSIs ✅ **Small and contained**: Single line addition with
clear purpose ✅ **Minimal side effects**: Only adds missing cleanup, no
behavioral changes ✅ **No architectural changes**: Simple resource
management fix ✅ **Confined to subsystem**: Only affects platform-MSI
infrastructure ✅ **Minimal regression risk**: Adding proper cleanup is
very low risk ### Comparison to Historical Examples: This is most
similar to "Similar Commit #1" (platform-msi resource leak fix) which
was marked "Backport Status: YES" and had explicit `Cc:
stable@vger.kernel.org`. Both commits: - Fix resource management bugs in
platform-MSI - Have minimal, surgical changes - Address issues that
affect driver stability - Follow existing patterns in the codebase The
asymmetry between allocation and deallocation is a classic bug pattern
that stable trees should address to prevent resource leaks and crashes
in drivers using platform MSI.

 drivers/base/platform-msi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/base/platform-msi.c b/drivers/base/platform-msi.c
index 0e60dd650b5e0..70db08f3ac6fa 100644
--- a/drivers/base/platform-msi.c
+++ b/drivers/base/platform-msi.c
@@ -95,5 +95,6 @@ EXPORT_SYMBOL_GPL(platform_device_msi_init_and_alloc_irqs);
 void platform_device_msi_free_irqs_all(struct device *dev)
 {
 	msi_domain_free_irqs_all(dev, MSI_DEFAULT_DOMAIN);
+	msi_remove_device_irq_domain(dev, MSI_DEFAULT_DOMAIN);
 }
 EXPORT_SYMBOL_GPL(platform_device_msi_free_irqs_all);
-- 
2.39.5

next prev parent reply	other threads:[~2025-05-30 12:40 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-30 12:39 [PATCH AUTOSEL 6.14 01/28] ACPICA: fix acpi operand cache leak in dswstate.c Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 02/28] ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 03/28] clocksource: Fix the CPUs' choice in the watchdog per CPU verification Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 04/28] power: supply: gpio-charger: Fix wakeup source leaks on device unbind Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 05/28] tools/nolibc: use intmax definitions from compiler Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 06/28] power: supply: collie: Fix wakeup source leaks on device unbind Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 07/28] mmc: Add quirk to disable DDR50 tuning Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 08/28] ACPICA: Avoid sequence overread in call to strncmp() Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 09/28] mmc: sdhci-esdhc-imx: Save tuning value when card stays powered in suspend Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 10/28] EDAC/igen6: Skip absent memory controllers Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 11/28] ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 12/28] ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 13/28] ACPI: bus: Bail out if acpi_kobj registration fails Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 14/28] ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 15/28] ACPICA: fix acpi parse and parseext cache leaks Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 16/28] ACPICA: Apply pack(1) to union aml_resource Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 17/28] ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 18/28] power: supply: bq27xxx: Retrieve again when busy Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 19/28] pmdomain: core: Reset genpd->states to avoid freeing invalid data Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 20/28] ACPICA: utilities: Fix overflow check in vsnprintf() Sasha Levin
2025-05-30 12:39 ` Sasha Levin [this message]
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 22/28] ASoC: tegra210_ahub: Add check to of_device_get_match_data() Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 23/28] Make 'cc-option' work correctly for the -Wno-xyzzy pattern Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 24/28] gpiolib: of: Add polarity quirk for s5m8767 Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 25/28] PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 26/28] tools/nolibc: use pselect6_time64 if available Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 27/28] power: supply: max17040: adjust thermal channel scaling Sasha Levin
2025-05-30 12:39 ` [PATCH AUTOSEL 6.14 28/28] ACPI: battery: negate current when discharging Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0e60dd650b5e dfblob:70db08f3ac6f )
 OR (
bs:"[PATCH AUTOSEL 6.14 21/28] platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250530123934.2574748-21-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=Frank.Li@nxp.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=patches@lists.linux.dev \
    --cc=stable@vger.kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox