From e47756c6b4223d045706c5c7fea82c430da30cd2 Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas Date: Thu, 5 Nov 2020 08:52:30 -0600 Subject: PCI: ibmphp: Remove unneeded break A break is not needed if it is preceded by a return. Based on Tom Rix's treewide patch; this instance extracted from Joe Perches' list. Link: https://lore.kernel.org/r/20201017160928.12698-1-trix@redhat.com Link: https://lore.kernel.org/r/f530b7aeecbbf9654b4540cfa20023a4c2a11889.camel@perches .com Signed-off-by: Bjorn Helgaas Cc: Tom Rix Cc: Joe Perches --- drivers/pci/hotplug/ibmphp_pci.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/pci/hotplug/ibmphp_pci.c b/drivers/pci/hotplug/ibmphp_pci.c index e22d023f91d1..754c3f23282e 100644 --- a/drivers/pci/hotplug/ibmphp_pci.c +++ b/drivers/pci/hotplug/ibmphp_pci.c @@ -294,7 +294,6 @@ int ibmphp_configure_card(struct pci_func *func, u8 slotno) default: err("MAJOR PROBLEM!!!!, header type not supported? %x\n", hdr_type); return -ENXIO; - break; } /* end of switch */ } /* end of valid device */ } /* end of for */ @@ -1509,7 +1508,6 @@ static int unconfigure_boot_card(struct slot *slot_cur) default: err("MAJOR PROBLEM!!!! Cannot read device's header\n"); return -1; - break; } /* end of switch */ } /* end of valid device */ } /* end of for */ -- cgit From 4684709bf81a2d98152ed6b610e3d5c403f9bced Mon Sep 17 00:00:00 2001 From: Jubin Zhong Date: Wed, 2 Dec 2020 10:33:42 +0800 Subject: PCI: Fix pci_slot_release() NULL pointer dereference If kobject_init_and_add() fails, pci_slot_release() is called to delete slot->list from parent->slots. But slot->list hasn't been initialized yet, so we dereference a NULL pointer: Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... CPU: 10 PID: 1 Comm: swapper/0 Not tainted 4.4.240 #197 task: ffffeb398a45ef10 task.stack: ffffeb398a470000 PC is at __list_del_entry_valid+0x5c/0xb0 LR is at pci_slot_release+0x84/0xe4 ... __list_del_entry_valid+0x5c/0xb0 pci_slot_release+0x84/0xe4 kobject_put+0x184/0x1c4 pci_create_slot+0x17c/0x1b4 __pci_hp_initialize+0x68/0xa4 pciehp_probe+0x1a4/0x2fc pcie_port_probe_service+0x58/0x84 driver_probe_device+0x320/0x470 Initialize slot->list before calling kobject_init_and_add() to avoid this. Fixes: 8a94644b440e ("PCI: Fix pci_create_slot() reference count leak") Link: https://lore.kernel.org/r/1606876422-117457-1-git-send-email-zhongjubin@huawei.com Signed-off-by: Jubin Zhong Signed-off-by: Bjorn Helgaas Cc: stable@vger.kernel.org # v5.9+ --- drivers/pci/slot.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c index 3861505741e6..ed2077e7470a 100644 --- a/drivers/pci/slot.c +++ b/drivers/pci/slot.c @@ -272,6 +272,9 @@ placeholder: goto err; } + INIT_LIST_HEAD(&slot->list); + list_add(&slot->list, &parent->slots); + err = kobject_init_and_add(&slot->kobj, &pci_slot_ktype, NULL, "%s", slot_name); if (err) { @@ -279,9 +282,6 @@ placeholder: goto err; } - INIT_LIST_HEAD(&slot->list); - list_add(&slot->list, &parent->slots); - down_read(&pci_bus_sem); list_for_each_entry(dev, &parent->devices, bus_list) if (PCI_SLOT(dev->devfn) == slot_nr) -- cgit