cxl: Fix leaking pid refs in some error paths
In some error paths in functions cxl_start_context and
afu_ioctl_start_work pid references to the current & group-leader tasks
can leak after they are taken. This patch fixes these error paths to
release these pid references before exiting the error path.
Fixes: 7b8ad495d5
("cxl: Fix DSI misses when the context owning task exits")
Cc: stable@vger.kernel.org # v4.5+
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reported-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Acked-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
This commit is contained in:
parent
80f23935ca
commit
a05b82d514
|
@ -247,7 +247,9 @@ int cxl_start_context(struct cxl_context *ctx, u64 wed,
|
||||||
cxl_ctx_get();
|
cxl_ctx_get();
|
||||||
|
|
||||||
if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
|
if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
|
||||||
|
put_pid(ctx->glpid);
|
||||||
put_pid(ctx->pid);
|
put_pid(ctx->pid);
|
||||||
|
ctx->glpid = ctx->pid = NULL;
|
||||||
cxl_adapter_context_put(ctx->afu->adapter);
|
cxl_adapter_context_put(ctx->afu->adapter);
|
||||||
cxl_ctx_put();
|
cxl_ctx_put();
|
||||||
goto out;
|
goto out;
|
||||||
|
|
|
@ -193,6 +193,16 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
|
||||||
|
|
||||||
ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF);
|
ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Increment the mapped context count for adapter. This also checks
|
||||||
|
* if adapter_context_lock is taken.
|
||||||
|
*/
|
||||||
|
rc = cxl_adapter_context_get(ctx->afu->adapter);
|
||||||
|
if (rc) {
|
||||||
|
afu_release_irqs(ctx, ctx);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We grab the PID here and not in the file open to allow for the case
|
* We grab the PID here and not in the file open to allow for the case
|
||||||
* where a process (master, some daemon, etc) has opened the chardev on
|
* where a process (master, some daemon, etc) has opened the chardev on
|
||||||
|
@ -205,15 +215,6 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
|
||||||
ctx->pid = get_task_pid(current, PIDTYPE_PID);
|
ctx->pid = get_task_pid(current, PIDTYPE_PID);
|
||||||
ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID);
|
ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID);
|
||||||
|
|
||||||
/*
|
|
||||||
* Increment the mapped context count for adapter. This also checks
|
|
||||||
* if adapter_context_lock is taken.
|
|
||||||
*/
|
|
||||||
rc = cxl_adapter_context_get(ctx->afu->adapter);
|
|
||||||
if (rc) {
|
|
||||||
afu_release_irqs(ctx, ctx);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr);
|
trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr);
|
||||||
|
|
||||||
|
@ -221,6 +222,9 @@ static long afu_ioctl_start_work(struct cxl_context *ctx,
|
||||||
amr))) {
|
amr))) {
|
||||||
afu_release_irqs(ctx, ctx);
|
afu_release_irqs(ctx, ctx);
|
||||||
cxl_adapter_context_put(ctx->afu->adapter);
|
cxl_adapter_context_put(ctx->afu->adapter);
|
||||||
|
put_pid(ctx->glpid);
|
||||||
|
put_pid(ctx->pid);
|
||||||
|
ctx->glpid = ctx->pid = NULL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue