review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Vaibhav Jain <vaibhav@linux.ibm.com>
	Tue, 29 Jan 2019 11:06:18 +0000 (16:36 +0530)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 23 Mar 2019 19:10:03 +0000 (20:10 +0100)
commit	c335b49379b5cd509e441822fa7c4317cee7f5aa
tree	397b70a8261195e6054481eeccd542b83f3f4e29	tree \| snapshot
parent	54674984d4780a8d7f2a938e69918b09e02fa79f	commit \| diff

cxl: Wrap iterations over afu slices inside 'afu_list_lock'

commit edeb304f659792fb5bab90d7d6f3408b4c7301fb upstream.

Within cxl module, iteration over array 'adapter->afu' may be racy
at few points as it might be simultaneously read during an EEH and its
contents being set to NULL while driver is being unloaded or unbound
from the adapter. This might result in a NULL pointer to 'struct afu'
being de-referenced during an EEH thereby causing a kernel oops.

This patch fixes this by making sure that all access to the array
'adapter->afu' is wrapped within the context of spin-lock
'adapter->afu_list_lock'.

Fixes: 9e8df8a21963 ("cxl: EEH support")
Cc: stable@vger.kernel.org # v4.3+
Acked-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Acked-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/misc/cxl/guest.c		diff \| blob \| history
drivers/misc/cxl/pci.c		diff \| blob \| history