Commit bc720ae2 authored by Vaibhav Jain's avatar Vaibhav Jain Committed by Greg Kroah-Hartman

cxl: Fix leaking pid refs in some error paths

commit a05b82d5 upstream.

In some error paths in functions cxl_start_context and
afu_ioctl_start_work pid references to the current & group-leader tasks
can leak after they are taken. This patch fixes these error paths to
release these pid references before exiting the error path.

Fixes: 7b8ad495 ("cxl: Fix DSI misses when the context owning task exits")
Reviewed-by: default avatarAndrew Donnellan <andrew.donnellan@au1.ibm.com>
Reported-by: default avatarFrederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: default avatarVaibhav Jain <vaibhav@linux.vnet.ibm.com>
Acked-by: default avatarFrederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 2a997e83
...@@ -247,7 +247,9 @@ int cxl_start_context(struct cxl_context *ctx, u64 wed, ...@@ -247,7 +247,9 @@ int cxl_start_context(struct cxl_context *ctx, u64 wed,
cxl_ctx_get(); cxl_ctx_get();
if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) { if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
put_pid(ctx->glpid);
put_pid(ctx->pid); put_pid(ctx->pid);
ctx->glpid = ctx->pid = NULL;
cxl_adapter_context_put(ctx->afu->adapter); cxl_adapter_context_put(ctx->afu->adapter);
cxl_ctx_put(); cxl_ctx_put();
goto out; goto out;
......
...@@ -193,6 +193,16 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, ...@@ -193,6 +193,16 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF); ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF);
/*
* Increment the mapped context count for adapter. This also checks
* if adapter_context_lock is taken.
*/
rc = cxl_adapter_context_get(ctx->afu->adapter);
if (rc) {
afu_release_irqs(ctx, ctx);
goto out;
}
/* /*
* We grab the PID here and not in the file open to allow for the case * We grab the PID here and not in the file open to allow for the case
* where a process (master, some daemon, etc) has opened the chardev on * where a process (master, some daemon, etc) has opened the chardev on
...@@ -205,15 +215,6 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, ...@@ -205,15 +215,6 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
ctx->pid = get_task_pid(current, PIDTYPE_PID); ctx->pid = get_task_pid(current, PIDTYPE_PID);
ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID); ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID);
/*
* Increment the mapped context count for adapter. This also checks
* if adapter_context_lock is taken.
*/
rc = cxl_adapter_context_get(ctx->afu->adapter);
if (rc) {
afu_release_irqs(ctx, ctx);
goto out;
}
trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr); trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr);
...@@ -221,6 +222,9 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, ...@@ -221,6 +222,9 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
amr))) { amr))) {
afu_release_irqs(ctx, ctx); afu_release_irqs(ctx, ctx);
cxl_adapter_context_put(ctx->afu->adapter); cxl_adapter_context_put(ctx->afu->adapter);
put_pid(ctx->glpid);
put_pid(ctx->pid);
ctx->glpid = ctx->pid = NULL;
goto out; goto out;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment