Commit f5c9df9a authored Jun 30, 2016 by Ian Munsie Committed by Michael Ellerman Jul 08, 2016

cxl: Fix NULL pointer dereference on kernel contexts with no AFU interrupts

If a kernel context is initialised and does not have any AFU interrupts
allocated it will cause a NULL pointer dereference when the context is
detached since the irq_names list will not have been initialised.

Move the initialisation of the irq_names list into the cxl_context_init
routine so that it will be valid for the entire lifetime of the context
and will not cause a NULL pointer dereference.

Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

parent 2a4f667a

drivers/misc/cxl/context.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -67,6 +67,8 @@ int cxl_context_init(struct cxl_context ctx, struct cxl_afu afu, bool master,
		ctx->pending_fault = false;
		ctx->pending_afu_err = false;

		INIT_LIST_HEAD(&ctx->irq_names);

		/*
		* When we have to destroy all contexts in cxl_context_detach_all() we
		* end up with afu_release_irqs() called from inside a

drivers/misc/cxl/irq.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -260,9 +260,6 @@ int afu_allocate_irqs(struct cxl_context *ctx, u32 count)
		else
		alloc_count = count + 1;

		/* Initialize the list head to hold irq names */
		INIT_LIST_HEAD(&ctx->irq_names);

		if ((rc = cxl_ops->alloc_irq_ranges(&ctx->irqs, ctx->afu->adapter,
		alloc_count)))
		return rc;