[PATCH 7/7] cxl/port: Reset cxlmd->endpoint to -ENXIO by default
From: Li Ming
Date: Tue Mar 10 2026 - 12:26:30 EST
cxlmd->endpoint is set to -ENXIO by default, This intentional invalid
value ensures that any unintended access to the endpoint will be
detectable. But CXL driver didn't reset it to the default value when the
endpoint is released in delete_endpoint().
Besides, cxlmd->endpoint is updated to point to an valid endpoint in
cxl_port_add(), but if the device_add() in cxl_port_add() fails, the
endpoint will be released, but cxlmd->endpoint remains pointing to the
released endpoint, it may introduce a potential use-after-free issue.
Fixes: 3d8be8b398e3 ("cxl: Set cxlmd->endpoint before adding port device")
Fixes: 29317f8dc6ed ("cxl/mem: Introduce cxl_memdev_attach for CXL-dependent operation")
Signed-off-by: Li Ming <ming.li@xxxxxxxxxxxx>
---
drivers/cxl/core/port.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/cxl/core/port.c b/drivers/cxl/core/port.c
index 0c5957d1d329..ec3cb62b44b7 100644
--- a/drivers/cxl/core/port.c
+++ b/drivers/cxl/core/port.c
@@ -834,11 +834,14 @@ static int cxl_port_add(struct cxl_port *port,
struct cxl_dport *parent_dport)
{
struct device *dev __free(put_device) = &port->dev;
+ struct cxl_memdev *cxlmd = NULL;
int rc;
if (is_cxl_memdev(port->uport_dev)) {
- struct cxl_memdev *cxlmd = to_cxl_memdev(port->uport_dev);
- struct cxl_dev_state *cxlds = cxlmd->cxlds;
+ struct cxl_dev_state *cxlds;
+
+ cxlmd = to_cxl_memdev(port->uport_dev);
+ cxlds = cxlmd->cxlds;
rc = dev_set_name(dev, "endpoint%d", port->id);
if (rc)
@@ -865,8 +868,11 @@ static int cxl_port_add(struct cxl_port *port,
}
rc = device_add(dev);
- if (rc)
+ if (rc) {
+ if (cxlmd)
+ cxlmd->endpoint = ERR_PTR(-ENXIO);
return rc;
+ }
/* Inhibit the cleanup function invoked */
dev = NULL;
@@ -1425,7 +1431,7 @@ static void delete_endpoint(void *data)
devm_release_action(host, cxl_unlink_uport, endpoint);
devm_release_action(host, unregister_port, endpoint);
}
- cxlmd->endpoint = NULL;
+ cxlmd->endpoint = ERR_PTR(-ENXIO);
}
put_device(&endpoint->dev);
put_device(host);
--
2.43.0