Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()

If device_register() fails in cxl_register_afu|adapter(), the device
is not added, device_unregister() can not be called in the error path,
otherwise it will cause a null-ptr-deref because of removing not added
device.

As comment of device_register() says, it should use put_device() to give
up the reference in the error path. So split device_unregister() into
device_del() and put_device(), then goes to put dev when register fails.

Fixes: 14baf4d9c739 ("cxl: Add guest-specific code")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Andrew Donnellan <ajd@linux.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Link: https://lore.kernel.org/r/20221111145440.2426970-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Yang Yingliang and committed by
Greg Kroah-Hartman
61c80d1c fa1ba41c

+14 -10
+14 -10
drivers/misc/cxl/guest.c
··· 965 965 * if it returns an error! 966 966 */ 967 967 if ((rc = cxl_register_afu(afu))) 968 - goto err_put1; 968 + goto err_put_dev; 969 969 970 970 if ((rc = cxl_sysfs_afu_add(afu))) 971 - goto err_put1; 971 + goto err_del_dev; 972 972 973 973 /* 974 974 * pHyp doesn't expose the programming models supported by the ··· 984 984 afu->modes_supported = CXL_MODE_DIRECTED; 985 985 986 986 if ((rc = cxl_afu_select_best_mode(afu))) 987 - goto err_put2; 987 + goto err_remove_sysfs; 988 988 989 989 adapter->afu[afu->slice] = afu; 990 990 ··· 1004 1004 1005 1005 return 0; 1006 1006 1007 - err_put2: 1007 + err_remove_sysfs: 1008 1008 cxl_sysfs_afu_remove(afu); 1009 - err_put1: 1010 - device_unregister(&afu->dev); 1009 + err_del_dev: 1010 + device_del(&afu->dev); 1011 + err_put_dev: 1012 + put_device(&afu->dev); 1011 1013 free = false; 1012 1014 guest_release_serr_irq(afu); 1013 1015 err2: ··· 1143 1141 * even if it returns an error! 1144 1142 */ 1145 1143 if ((rc = cxl_register_adapter(adapter))) 1146 - goto err_put1; 1144 + goto err_put_dev; 1147 1145 1148 1146 if ((rc = cxl_sysfs_adapter_add(adapter))) 1149 - goto err_put1; 1147 + goto err_del_dev; 1150 1148 1151 1149 /* release the context lock as the adapter is configured */ 1152 1150 cxl_adapter_context_unlock(adapter); 1153 1151 1154 1152 return adapter; 1155 1153 1156 - err_put1: 1157 - device_unregister(&adapter->dev); 1154 + err_del_dev: 1155 + device_del(&adapter->dev); 1156 + err_put_dev: 1157 + put_device(&adapter->dev); 1158 1158 free = false; 1159 1159 cxl_guest_remove_chardev(adapter); 1160 1160 err1: