summaryrefslogtreecommitdiff
path: root/drivers/phy/spacemit/git@git.tavy.me:linux.git
diff options
context:
space:
mode:
authorLi Ming <ming.li@zohomail.com>2026-06-06 15:51:00 +0800
committerDave Jiang <dave.jiang@intel.com>2026-06-12 08:48:02 -0700
commitcbda6a2c2bec2a5fb30a2ce85baeab15b5fc7db3 (patch)
tree03a12d266e61759b4a2da81e159120dbbb6c4bbd /drivers/phy/spacemit/git@git.tavy.me:linux.git
parent769f0b350c81ab147fff37b92637e12190f1be29 (diff)
cxl/region: Fix out-of-bounds access in cxl_cancel_auto_attach()
In cxl_cancel_auto_attach(), it assumes cxled->pos is a valid index for accessing p->targets[]. However, cxled->pos can be set to negative errno in cxl_region_sort_targets() if cxl_calc_interleave_pos() fails. This causes the driver to use a negative index to access p->targets[], resulting in out-of-bounds access. Fix it by walking p->targets[] instead of using cxled->pos directly. Fixes: 87805c32e6ad ("cxl/region: Fix use-after-free from auto assembly failure") Signed-off-by: Li Ming <ming.li@zohomail.com> Reviewed-by: Alison Schofield <alison.schofield@intel.com> Link: https://patch.msgid.link/20260606-fix_two_issues_introduced_by_cxl_cancel_auto_attach-v1-1-5d94ca06c4e4@zohomail.com Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Diffstat (limited to 'drivers/phy/spacemit/git@git.tavy.me:linux.git')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-20 04:32:32 +0000