cxl: Wrap iterations over afu slices inside 'afu_list_lock'
authorVaibhav Jain <vaibhav@linux.ibm.com>
Tue, 29 Jan 2019 11:06:18 +0000 (16:36 +0530)
committerMichael Ellerman <mpe@ellerman.id.au>
Wed, 30 Jan 2019 12:36:53 +0000 (23:36 +1100)
commitedeb304f659792fb5bab90d7d6f3408b4c7301fb
treea5aca84df7ced12a90718d96abedda53747a572d
parent9bf3d3c4e4fd82c7174f4856df372ab2a71005b9
cxl: Wrap iterations over afu slices inside 'afu_list_lock'

Within cxl module, iteration over array 'adapter->afu' may be racy
at few points as it might be simultaneously read during an EEH and its
contents being set to NULL while driver is being unloaded or unbound
from the adapter. This might result in a NULL pointer to 'struct afu'
being de-referenced during an EEH thereby causing a kernel oops.

This patch fixes this by making sure that all access to the array
'adapter->afu' is wrapped within the context of spin-lock
'adapter->afu_list_lock'.

Fixes: 9e8df8a21963 ("cxl: EEH support")
Cc: stable@vger.kernel.org # v4.3+
Acked-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Acked-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
drivers/misc/cxl/guest.c
drivers/misc/cxl/pci.c