Re: [PATCH 1/2] cxl/region: Fix potential invalid pointer dereference
From: Ira Weiny
Date: Mon Apr 29 2024 - 12:06:29 EST
Li Zhijian wrote:
> construct_region() could return a PTR_ERR() which cannot be derefernced.
^^^^
dereferenced
> Moving the dereference behind the error checking to make sure the
> pointer is valid.
>
Reviewed-by: Ira Weiny <ira.weiny@xxxxxxxxx>
> Fixes: a32320b71f08 ("cxl/region: Add region autodiscovery")
> Signed-off-by: Li Zhijian <lizhijian@xxxxxxxxxxx>
> ---
> drivers/cxl/core/region.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c
> index 8535718a20f0..3c80aa263a65 100644
> --- a/drivers/cxl/core/region.c
> +++ b/drivers/cxl/core/region.c
> @@ -3086,10 +3086,9 @@ int cxl_add_to_region(struct cxl_port *root, struct cxl_endpoint_decoder *cxled)
> mutex_lock(&cxlrd->range_lock);
> region_dev = device_find_child(&cxlrd->cxlsd.cxld.dev, hpa,
> match_region_by_range);
> - if (!region_dev) {
> + if (!region_dev)
> cxlr = construct_region(cxlrd, cxled);
> - region_dev = &cxlr->dev;
> - } else
> + else
> cxlr = to_cxl_region(region_dev);
> mutex_unlock(&cxlrd->range_lock);
>
> @@ -3097,6 +3096,9 @@ int cxl_add_to_region(struct cxl_port *root, struct cxl_endpoint_decoder *cxled)
> if (rc)
> goto out;
>
> + if (!region_dev)
> + region_dev = &cxlr->dev;
> +
> attach_target(cxlr, cxled, -1, TASK_UNINTERRUPTIBLE);
>
> down_read(&cxl_region_rwsem);
> --
> 2.29.2
>