Commit 2816e24b authored Aug 18, 2022 by Jonathan Cameron Committed by Dan Williams Oct 20, 2022

cxl/region: Fix null pointer dereference due to pass through decoder commit



Not all decoders have a commit callback.

The CXL specification allows a host bridge with a single root port to
have no explicit HDM decoders. Currently the region driver assumes there
are none.  As such the CXL core creates a special pass through decoder
instance without a commit callback.

Prior to this patch, the ->commit() callback was called unconditionally.
Thus a configuration with 1 Host Bridge, 1 Root Port, 1 switch with
multiple downstream ports below which there are multiple CXL type 3
devices results in a situation where committing the region causes a null
pointer dereference.

Reported-by: Bobo WL <lmw.bobo@gmail.com>
Fixes: 176baefb ("cxl/hdm: Commit decoder state to hardware")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
Link: https://lore.kernel.org/r/20220818164210.2084-1-Jonathan.Cameron@huawei.com


Signed-off-by: Dan Williams <dan.j.williams@intel.com>

parent cf00b330

drivers/cxl/core/region.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -174,6 +174,7 @@ static int cxl_region_decode_commit(struct cxl_region *cxlr)
		iter = to_cxl_port(iter->dev.parent)) {
		cxl_rr = cxl_rr_load(iter, cxlr);
		cxld = cxl_rr->decoder;
		if (cxld->commit)
		rc = cxld->commit(cxld);
		if (rc)
		break;