summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMohammed Gamal <mgamal@redhat.com>2023-02-17 21:44:11 +0100
committerWei Liu <wei.liu@kernel.org>2023-03-06 16:28:03 +0100
commit1eb65c8687316c65140b48fad27133d583178e15 (patch)
tree1bf6ff42afba23bac4d108742e586765d895a17e
parentLinux 6.3-rc1 (diff)
downloadlinux-1eb65c8687316c65140b48fad27133d583178e15.tar.xz
linux-1eb65c8687316c65140b48fad27133d583178e15.zip
Drivers: vmbus: Check for channel allocation before looking up relids
relid2channel() assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When the second kernel boots and if the guest receives a vmbus interrupt during vmbus driver initialization before vmbus_connect() is called, before it finishes, or if it fails, the vmbus interrupt service routine is called which in turn calls relid2channel() and can cause a null pointer dereference. Print a warning and error out in relid2channel() for a channel id that's invalid in the second kernel. Fixes: 8b6a877c060e ("Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels") Signed-off-by: Mohammed Gamal <mgamal@redhat.com> Reviewed-by: Dexuan Cui <decui@microsoft.com> Link: https://lore.kernel.org/r/20230217204411.212709-1-mgamal@redhat.com Signed-off-by: Wei Liu <wei.liu@kernel.org>
-rw-r--r--drivers/hv/connection.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
index 9dc27e5d367a..da51b50787df 100644
--- a/drivers/hv/connection.c
+++ b/drivers/hv/connection.c
@@ -409,6 +409,10 @@ void vmbus_disconnect(void)
*/
struct vmbus_channel *relid2channel(u32 relid)
{
+ if (vmbus_connection.channels == NULL) {
+ pr_warn_once("relid2channel: relid=%d: No channels mapped!\n", relid);
+ return NULL;
+ }
if (WARN_ON(relid >= MAX_CHANNEL_RELIDS))
return NULL;
return READ_ONCE(vmbus_connection.channels[relid]);