summaryrefslogtreecommitdiff
path: root/drivers/misc
diff options
context:
space:
mode:
authorAndrew Donnellan <andrew.donnellan@au1.ibm.com>2015-09-30 04:58:07 +0300
committerMichael Ellerman <mpe@ellerman.id.au>2015-10-01 04:50:12 +0300
commit5f81b95fe2a2de4ec51d46ffd04fa40dfc0cb26a (patch)
tree5fad6fc50ae3519e92738c5a37736ed76617f14c /drivers/misc
parent52adee580d3c71a0dfabc3168597421981d68b86 (diff)
downloadlinux-5f81b95fe2a2de4ec51d46ffd04fa40dfc0cb26a.tar.xz
cxl: fix leak of ctx->mapping when releasing kernel API contexts
When a context is created via the kernel API, ctx->mapping is allocated within the kernel and thus needs to be freed when the context is freed. reclaim_ctx() attempts to do this for contexts with the ctx->kernelapi flag set, but afu_release() (which can be called from the kernel API through cxl_fd_release()) sets ctx->mapping to NULL before calling cxl_context_free() to free the context. Add a check to afu_release() so that the mappings in contexts created via the kernel API are left alone so reclaim_ctx() can free them. Reported-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Fixes: 6f7f0b3df6d4 ("cxl: Add AFU virtual PHB and kernel API") Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com> Acked-by: Ian Munsie <imunsie@au1.ibm.com> Reviewed-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Diffstat (limited to 'drivers/misc')
-rw-r--r--drivers/misc/cxl/file.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c
index a30bf285b5bd..7ccd2998be92 100644
--- a/drivers/misc/cxl/file.c
+++ b/drivers/misc/cxl/file.c
@@ -120,9 +120,16 @@ int afu_release(struct inode *inode, struct file *file)
__func__, ctx->pe);
cxl_context_detach(ctx);
- mutex_lock(&ctx->mapping_lock);
- ctx->mapping = NULL;
- mutex_unlock(&ctx->mapping_lock);
+
+ /*
+ * Delete the context's mapping pointer, unless it's created by the
+ * kernel API, in which case leave it so it can be freed by reclaim_ctx()
+ */
+ if (!ctx->kernelapi) {
+ mutex_lock(&ctx->mapping_lock);
+ ctx->mapping = NULL;
+ mutex_unlock(&ctx->mapping_lock);
+ }
put_device(&ctx->afu->dev);