[PATCH] powerpc/xive: fix kmemleak caused by incorrect chip

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] powerpc/xive: fix kmemleak caused by incorrect chip_data lookup
@ 2026-03-11 13:43 Nilay Shroff
  2026-03-13  5:48 ` Nam Cao
  0 siblings, 1 reply; 3+ messages in thread
From: Nilay Shroff @ 2026-03-11 13:43 UTC (permalink / raw)
  To: linuxppc-dev
  Cc: namcao, maddy, mpe, npiggin, christophe.leroy, tglx, maz,
	ritesh.list, gautam, Nilay Shroff, stable

The kmemleak reports the following memory leak:

Unreferenced object 0xc0000002a7fbc640 (size 64):
  comm "kworker/8:1", pid 540, jiffies 4294937872
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00  ................
    00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00  ................
  backtrace (crc 177d48f6):
    __kmalloc_cache_noprof+0x520/0x730
    xive_irq_alloc_data.constprop.0+0x40/0xe0
    xive_irq_domain_alloc+0xd0/0x1b0
    irq_domain_alloc_irqs_parent+0x44/0x6c
    pseries_irq_domain_alloc+0x1cc/0x354
    irq_domain_alloc_irqs_parent+0x44/0x6c
    msi_domain_alloc+0xb0/0x220
    irq_domain_alloc_irqs_locked+0x138/0x4d0
    __irq_domain_alloc_irqs+0x8c/0xfc
    __msi_domain_alloc_irqs+0x214/0x4d8
    msi_domain_alloc_irqs_all_locked+0x70/0xf8
    pci_msi_setup_msi_irqs+0x60/0x78
    __pci_enable_msix_range+0x54c/0x98c
    pci_alloc_irq_vectors_affinity+0x16c/0x1d4
    nvme_pci_enable+0xac/0x9c0 [nvme]
    nvme_probe+0x340/0x764 [nvme]

This occurs when allocating MSI-X vectors for an NVMe device. During
allocation the XIVE code creates a struct xive_irq_data and stores it
in irq_data->chip_data.

When the MSI-X irqdomain is later freed, xive_irq_free_data() is
responsible for retrieving this structure and freeing it. However,
after commit cc0cc23babc9 ("powerpc/xive: Untangle xive from child
interrupt controller drivers"), xive_irq_free_data() retrieves the
chip_data using irq_get_chip_data(), which looks up the data through
the child domain.

This is incorrect because the XIVE-specific irq data is associated with
the XIVE (parent) domain. As a result the lookup fails and the allocated
struct xive_irq_data is never freed, leading to the kmemleak report
shown above.

Fix this by retrieving the irq_data from the correct domain using
irq_domain_get_irq_data() and then accessing the chip_data via
irq_data_get_irq_chip_data().

Cc: stable@vger.kernel.org
Fixes: cc0cc23babc9 ("powerpc/xive: Untangle xive from child interrupt controller drivers")
Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>
---
 arch/powerpc/sysdev/xive/common.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c
index e1a4f8a97393..6b1b7541ca31 100644
--- a/arch/powerpc/sysdev/xive/common.c
+++ b/arch/powerpc/sysdev/xive/common.c
@@ -1038,13 +1038,19 @@ static struct xive_irq_data *xive_irq_alloc_data(unsigned int virq, irq_hw_numbe
 	return xd;
 }
 
-static void xive_irq_free_data(unsigned int virq)
+static void xive_irq_free_data(struct irq_domain *domain, unsigned int virq)
 {
-	struct xive_irq_data *xd = irq_get_chip_data(virq);
+	struct xive_irq_data *xd;
+	struct irq_data *data = irq_domain_get_irq_data(domain, virq);
+
+	if (!data)
+		return;
 
+	xd = irq_data_get_irq_chip_data(data);
 	if (!xd)
 		return;
-	irq_set_chip_data(virq, NULL);
+
+	irq_domain_reset_irq_data(data);
 	xive_cleanup_irq_data(xd);
 	kfree(xd);
 }
@@ -1305,7 +1311,7 @@ static int xive_irq_domain_map(struct irq_domain *h, unsigned int virq,
 
 static void xive_irq_domain_unmap(struct irq_domain *d, unsigned int virq)
 {
-	xive_irq_free_data(virq);
+	xive_irq_free_data(d, virq);
 }
 
 static int xive_irq_domain_xlate(struct irq_domain *h, struct device_node *ct,
@@ -1443,7 +1449,7 @@ static void xive_irq_domain_free(struct irq_domain *domain,
 	pr_debug("%s %d #%d\n", __func__, virq, nr_irqs);
 
 	for (i = 0; i < nr_irqs; i++)
-		xive_irq_free_data(virq + i);
+		xive_irq_free_data(domain, virq + i);
 }
 #endif
 
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] powerpc/xive: fix kmemleak caused by incorrect chip_data lookup
  2026-03-11 13:43 [PATCH] powerpc/xive: fix kmemleak caused by incorrect chip_data lookup Nilay Shroff
@ 2026-03-13  5:48 ` Nam Cao
  2026-03-13  7:23   ` Venkat
  0 siblings, 1 reply; 3+ messages in thread
From: Nam Cao @ 2026-03-13  5:48 UTC (permalink / raw)
  To: Nilay Shroff, linuxppc-dev
  Cc: maddy, mpe, npiggin, christophe.leroy, tglx, maz, ritesh.list,
	gautam, Nilay Shroff, stable

Nilay Shroff <nilay@linux.ibm.com> writes:
> The kmemleak reports the following memory leak:
...
> Fix this by retrieving the irq_data from the correct domain using
> irq_domain_get_irq_data() and then accessing the chip_data via
> irq_data_get_irq_chip_data().
>
> Cc: stable@vger.kernel.org
> Fixes: cc0cc23babc9 ("powerpc/xive: Untangle xive from child interrupt controller drivers")
> Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>

Reviewed-by: Nam Cao <namcao@linutronix.de>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] powerpc/xive: fix kmemleak caused by incorrect chip_data lookup
  2026-03-13  5:48 ` Nam Cao
@ 2026-03-13  7:23   ` Venkat
  0 siblings, 0 replies; 3+ messages in thread
From: Venkat @ 2026-03-13  7:23 UTC (permalink / raw)
  To: Nam Cao, Nilay Shroff
  Cc: Nilay Shroff, linuxppc-dev, maddy, mpe, npiggin, christophe.leroy,
	tglx, maz, ritesh.list, gautam, stable



> On 13 Mar 2026, at 11:18 AM, Nam Cao <namcao@linutronix.de> wrote:
> 
> Nilay Shroff <nilay@linux.ibm.com> writes:
>> The kmemleak reports the following memory leak:
> ...
>> Fix this by retrieving the irq_data from the correct domain using
>> irq_domain_get_irq_data() and then accessing the chip_data via
>> irq_data_get_irq_chip_data().
>> 
>> Cc: stable@vger.kernel.org
>> Fixes: cc0cc23babc9 ("powerpc/xive: Untangle xive from child interrupt controller drivers")
>> Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>

Hi,


I have tested this patch, and it fixes the reported kmemleak issue.

Tested-by: Venkat Rao Bagalkote <venkat88@linux.ibm.com>


Below is the kmemleak output without this patch applied:

cat /sys/kernel/debug/kmemleak
unreferenced object 0xc00000000606fc80 (size 64):
  comm "kworker/0:1", pid 11, jiffies 4294937450
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 ab 0d 00 04 00 00  ................
    00 00 a1 80 00 00 0a c0 00 00 aa 0d 00 04 00 00  ................
  backtrace (crc 642b8a1d):
    __kmalloc_cache_noprof+0x350/0x7a4
    xive_irq_alloc_data.constprop.0+0x40/0xe0
    xive_irq_domain_alloc+0xd4/0x1ac
    irq_domain_alloc_irqs_parent+0x44/0x6c
    pseries_irq_domain_alloc+0x1c4/0x34c
    irq_domain_alloc_irqs_parent+0x44/0x6c
    msi_domain_alloc+0xb0/0x214
    irq_domain_alloc_irqs_locked+0x138/0x4d0
    __irq_domain_alloc_irqs+0x8c/0xfc
    __msi_domain_alloc_irqs+0x214/0x4c8
    msi_domain_alloc_irqs_all_locked+0x70/0xf8
    pci_msi_setup_msi_irqs+0x60/0x78
    msix_setup_interrupts+0x17c/0x318
    __pci_enable_msix_range+0x41c/0x770
    pci_alloc_irq_vectors_affinity+0x170/0x1d8
    nvme_pci_enable+0xa0/0x3b0 [nvme]

unreferenced object 0xc00000000606f900 (size 64):
  comm "kworker/0:1", pid 11, jiffies 4294937451

With the patch applied, no kmemleak reports are observed after repeated MSI‑X enable/disable cycles on the NVMe controller.

Regards,
Venkat
> Reviewed-by: Nam Cao <namcao@linutronix.de>
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-03-13  7:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-11 13:43 [PATCH] powerpc/xive: fix kmemleak caused by incorrect chip_data lookup Nilay Shroff
2026-03-13  5:48 ` Nam Cao
2026-03-13  7:23   ` Venkat

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox