diff options
| author | Vaibhav Jain <vaibhav@linux.vnet.ibm.com> | 2016-10-21 05:23:53 -0400 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2016-10-23 20:38:27 -0400 |
| commit | a05b82d5149dfeef05254a11c3636a89a854520a (patch) | |
| tree | 754443158c6580a98fe669086cf97f981d37d1bb /drivers/misc/cxl/file.c | |
| parent | 80f23935cadb1c654e81951f5a8b7ceae0acc1b4 (diff) | |
cxl: Fix leaking pid refs in some error paths
In some error paths in functions cxl_start_context and
afu_ioctl_start_work pid references to the current & group-leader tasks
can leak after they are taken. This patch fixes these error paths to
release these pid references before exiting the error path.
Fixes: 7b8ad495d592 ("cxl: Fix DSI misses when the context owning task exits")
Cc: stable@vger.kernel.org # v4.5+
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reported-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Diffstat (limited to 'drivers/misc/cxl/file.c')
| -rw-r--r-- | drivers/misc/cxl/file.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c index d0b421f49b39..77080cc5fa0a 100644 --- a/drivers/misc/cxl/file.c +++ b/drivers/misc/cxl/file.c | |||
| @@ -194,6 +194,16 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, | |||
| 194 | ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF); | 194 | ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF); |
| 195 | 195 | ||
| 196 | /* | 196 | /* |
| 197 | * Increment the mapped context count for adapter. This also checks | ||
| 198 | * if adapter_context_lock is taken. | ||
| 199 | */ | ||
| 200 | rc = cxl_adapter_context_get(ctx->afu->adapter); | ||
| 201 | if (rc) { | ||
| 202 | afu_release_irqs(ctx, ctx); | ||
| 203 | goto out; | ||
| 204 | } | ||
| 205 | |||
| 206 | /* | ||
| 197 | * We grab the PID here and not in the file open to allow for the case | 207 | * We grab the PID here and not in the file open to allow for the case |
| 198 | * where a process (master, some daemon, etc) has opened the chardev on | 208 | * where a process (master, some daemon, etc) has opened the chardev on |
| 199 | * behalf of another process, so the AFU's mm gets bound to the process | 209 | * behalf of another process, so the AFU's mm gets bound to the process |
| @@ -205,15 +215,6 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, | |||
| 205 | ctx->pid = get_task_pid(current, PIDTYPE_PID); | 215 | ctx->pid = get_task_pid(current, PIDTYPE_PID); |
| 206 | ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID); | 216 | ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID); |
| 207 | 217 | ||
| 208 | /* | ||
| 209 | * Increment the mapped context count for adapter. This also checks | ||
| 210 | * if adapter_context_lock is taken. | ||
| 211 | */ | ||
| 212 | rc = cxl_adapter_context_get(ctx->afu->adapter); | ||
| 213 | if (rc) { | ||
| 214 | afu_release_irqs(ctx, ctx); | ||
| 215 | goto out; | ||
| 216 | } | ||
| 217 | 218 | ||
| 218 | trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr); | 219 | trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr); |
| 219 | 220 | ||
| @@ -221,6 +222,9 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, | |||
| 221 | amr))) { | 222 | amr))) { |
| 222 | afu_release_irqs(ctx, ctx); | 223 | afu_release_irqs(ctx, ctx); |
| 223 | cxl_adapter_context_put(ctx->afu->adapter); | 224 | cxl_adapter_context_put(ctx->afu->adapter); |
| 225 | put_pid(ctx->glpid); | ||
| 226 | put_pid(ctx->pid); | ||
| 227 | ctx->glpid = ctx->pid = NULL; | ||
| 224 | goto out; | 228 | goto out; |
| 225 | } | 229 | } |
| 226 | 230 | ||