mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
2c069a118f
The pointer to an AFU in the adapter's list of AFUs can be null if we're in the process of removing AFUs. The afu_list_lock doesn't guard against this. Say we have 2 slices, and we're in the process of removing cxl. - We remove the AFUs in order (see cxl_remove). In cxl_remove_afu for AFU 0, we take the lock, set adapter->afu[0] = NULL, and release the lock. - Then we get an slbia. In cxl_slbia we take the lock, and set afu = adapter->afu[0], which is NULL. - Therefore our attempt to check afu->enabled will blow up. Therefore, check if afu is a null pointer before dereferencing it. Cc: stable@vger.kernel.org Signed-off-by: Daniel Axtens <dja@axtens.net> Acked-by: Michael Neuling <mikey@neuling.org> Acked-by: Ian Munsie <imunsie@au1.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> |
||
|---|---|---|
| .. | ||
| altera-stapl | ||
| c2port | ||
| cb710 | ||
| cxl | ||
| echo | ||
| eeprom | ||
| genwqe | ||
| ibmasm | ||
| lis3lv02d | ||
| mei | ||
| mic | ||
| sgi-gru | ||
| sgi-xp | ||
| ti-st | ||
| vmw_vmci | ||
| ad525x_dpot-i2c.c | ||
| ad525x_dpot-spi.c | ||
| ad525x_dpot.c | ||
| ad525x_dpot.h | ||
| apds990x.c | ||
| apds9802als.c | ||
| arm-charlcd.c | ||
| atmel-ssc.c | ||
| atmel_tclib.c | ||
| bh1770glc.c | ||
| bh1780gli.c | ||
| bmp085-i2c.c | ||
| bmp085-spi.c | ||
| bmp085.c | ||
| bmp085.h | ||
| cs5535-mfgpt.c | ||
| ds1682.c | ||
| dummy-irq.c | ||
| enclosure.c | ||
| fsa9480.c | ||
| hmc6352.c | ||
| hpilo.c | ||
| hpilo.h | ||
| ics932s401.c | ||
| ioc4.c | ||
| isl29003.c | ||
| isl29020.c | ||
| Kconfig | ||
| kgdbts.c | ||
| lattice-ecp3-config.c | ||
| lkdtm.c | ||
| Makefile | ||
| pch_phub.c | ||
| phantom.c | ||
| pti.c | ||
| spear13xx_pcie_gadget.c | ||
| sram.c | ||
| ti_dac7512.c | ||
| tifm_7xx1.c | ||
| tifm_core.c | ||
| tsl2550.c | ||
| vexpress-syscfg.c | ||
| vmw_balloon.c | ||