diff options
author | Ian Munsie <imunsie@au1.ibm.com> | 2016-06-29 21:55:17 +0300 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2016-07-08 15:13:34 +0300 |
commit | f5c9df9a442f586b183947627210e167ded81d19 (patch) | |
tree | f9bd0f98948bd5c879aa5c10aa2c41c641be519c | |
parent | 2a4f667aadb2d61c289a52a0d6dbc7e4e3aa009f (diff) | |
download | linux-f5c9df9a442f586b183947627210e167ded81d19.tar.xz |
cxl: Fix NULL pointer dereference on kernel contexts with no AFU interrupts
If a kernel context is initialised and does not have any AFU interrupts
allocated it will cause a NULL pointer dereference when the context is
detached since the irq_names list will not have been initialised.
Move the initialisation of the irq_names list into the cxl_context_init
routine so that it will be valid for the entire lifetime of the context
and will not cause a NULL pointer dereference.
Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-rw-r--r-- | drivers/misc/cxl/context.c | 2 | ||||
-rw-r--r-- | drivers/misc/cxl/irq.c | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/drivers/misc/cxl/context.c b/drivers/misc/cxl/context.c index 26d206b1d08c..edbb99e93114 100644 --- a/drivers/misc/cxl/context.c +++ b/drivers/misc/cxl/context.c @@ -67,6 +67,8 @@ int cxl_context_init(struct cxl_context *ctx, struct cxl_afu *afu, bool master, ctx->pending_fault = false; ctx->pending_afu_err = false; + INIT_LIST_HEAD(&ctx->irq_names); + /* * When we have to destroy all contexts in cxl_context_detach_all() we * end up with afu_release_irqs() called from inside a diff --git a/drivers/misc/cxl/irq.c b/drivers/misc/cxl/irq.c index 8def4553acba..f3a7d4aa1cd5 100644 --- a/drivers/misc/cxl/irq.c +++ b/drivers/misc/cxl/irq.c @@ -260,9 +260,6 @@ int afu_allocate_irqs(struct cxl_context *ctx, u32 count) else alloc_count = count + 1; - /* Initialize the list head to hold irq names */ - INIT_LIST_HEAD(&ctx->irq_names); - if ((rc = cxl_ops->alloc_irq_ranges(&ctx->irqs, ctx->afu->adapter, alloc_count))) return rc; |