leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cxl: Fix NULL pointer dereference on kernel contexts with no AFU interrupts

Browse Source 
If a kernel context is initialised and does not have any AFU interrupts
allocated it will cause a NULL pointer dereference when the context is
detached since the irq_names list will not have been initialised.

Move the initialisation of the irq_names list into the cxl_context_init
routine so that it will be valid for the entire lifetime of the context
and will not cause a NULL pointer dereference.

Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
This commit is contained in:
Ian Munsie 2016-06-30 04:55:17 +10:00 committed by Michael Ellerman
parent 2a4f667aad
commit f5c9df9a44
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/misc/cxl/context.c
View File

@ -67,6 +67,8 @@ int cxl_context_init(struct cxl_context *ctx, struct cxl_afu *afu, bool master,
ctx->pending_fault = false; ctx->pending_fault = false;
ctx->pending_afu_err = false; ctx->pending_afu_err = false;
INIT_LIST_HEAD(&ctx->irq_names);
/* /*
* When we have to destroy all contexts in cxl_context_detach_all() we * When we have to destroy all contexts in cxl_context_detach_all() we
* end up with afu_release_irqs() called from inside a * end up with afu_release_irqs() called from inside a

3
drivers/misc/cxl/irq.c
View File

@ -260,9 +260,6 @@ int afu_allocate_irqs(struct cxl_context *ctx, u32 count)
else else
alloc_count = count + 1; alloc_count = count + 1;
/* Initialize the list head to hold irq names */
INIT_LIST_HEAD(&ctx->irq_names);
if ((rc = cxl_ops->alloc_irq_ranges(&ctx->irqs, ctx->afu->adapter, if ((rc = cxl_ops->alloc_irq_ranges(&ctx->irqs, ctx->afu->adapter,
alloc_count))) alloc_count)))
return rc; return rc;