Xen project Mailing List

[PATCH v2] x86/apic: Avoid infinite loop in io_apic_level_ack_pending()

From: Jason Andryuk <jason.andryuk@xxxxxxx>

Date: Mon, 13 Oct 2025 17:11:06 -0400

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yLGIot/OlkrKS6JOahSgpBaWPVm4lw5lz6qlsstWm5E=; b=XoMGlUkzhs8iNYdNkuifI+2ctNimQNT82GAI35WTt8J/ZdR9TifTV47buqL5PAwlc4IKjr8CUg+HRurbfNxIGnjpi+Qb7G4DhrVK3UYMY1an7Hn9dX6heZXMQOgpLETQ8pe4srfDc0QokgupqxvslWXi83XvU2/uvgQsId6RTBBj/p5ZPgDAMbB8ReRtq8IZoq7rlO/AD1VYf1TFLKreYtSoo8cpKKhzFzB1u5ijcrA1dLDTtggiAE+nDWlQbCQQwZg+R2BD26b2UqnzTyHiZC2DLRlr5lCXBi7zfnn0+b3edi13zzftEjC+zlD7rTMa6RgQMBf0nOVJcWLGDWMoLw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dpxf+6R4GobOEYe+5pAQG13JIbxEQh2+BiPQckslP9A0SP9FRy/cGSYIa8o5fGz0W1pV6KTTaDCYEcFxoHNgTPeQ3NfYh/bwe2g9fBm2RBUkCgyhz2WiZkjXLLdcSPu+jts56fjEXVXdqNUu0Hd7wscr8K0u7j1T51GP90eBm5IoWizR3ykq8cVTcBzRFb/W6blnEy4T7aqV62UFWLpbkldX2j3zGa1lJRHYSmh5knmse4wgcsZElWHwBuJ5550KJvXo+Ar9C3xgOPxzrrag4aS67YSRX3K4fw58ak3LewNuxwjkaNPt9rO2q1TA504ty/drBuIhpYWI7gEWfiIsAA==

Cc: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Mon, 13 Oct 2025 21:11:42 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

io_apic_level_ack_pending() will end up in an infinite loop if entry->pin == -1. entry does not change, so it will keep reading -1. Convert to a proper for loop so that continue works. Add a new helper, next_entry(), to handle advancing to the next irq_pin_list entry. Fixes: f821102450a1 ("x86: IRQ Migration logic enhancement.") Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx> --- v2: continue (not break) for pin == -1. I added the next_entry() helper since putting the expression in the for loop is a little cluttered. The helper can also be re-used for other instances within the file. --- xen/arch/x86/io_apic.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index c384f10c1b..7b58345c96 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -1586,14 +1586,21 @@ static int __init cf_check setup_ioapic_ack(const char *s) } custom_param("ioapic_ack", setup_ioapic_ack); +static struct irq_pin_list *next_entry(struct irq_pin_list *entry) +{ + if ( !entry->next ) + return NULL; + + return irq_2_pin + entry->next; +} + static bool io_apic_level_ack_pending(unsigned int irq) { struct irq_pin_list *entry; unsigned long flags; spin_lock_irqsave(&ioapic_lock, flags); - entry = &irq_2_pin[irq]; - for (;;) { + for ( entry = &irq_2_pin[irq]; entry ; entry = next_entry(entry) ) { unsigned int reg; int pin; @@ -1609,9 +1616,6 @@ static bool io_apic_level_ack_pending(unsigned int irq) spin_unlock_irqrestore(&ioapic_lock, flags); return 1; } - if (!entry->next) - break; - entry = irq_2_pin + entry->next; } spin_unlock_irqrestore(&ioapic_lock, flags); -- 2.51.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.