Commit 8363c028 authored by Lizhi Hou's avatar Lizhi Hou
Browse files

accel/amdxdna: Fix crash when destroying a suspended hardware context 



If userspace issues an ioctl to destroy a hardware context that has
already been automatically suspended, the driver may crash because the
mailbox channel pointer is NULL for the suspended context.

Fix this by checking the mailbox channel pointer in aie2_destroy_context()
before accessing it.

Fixes: 97f27573 ("accel/amdxdna: Fix potential NULL pointer dereference in context cleanup")
Reviewed-by: default avatarKarol Wachowski <karol.wachowski@linux.intel.com>
Signed-off-by: default avatarLizhi Hou <lizhi.hou@amd.com>
Link: https://patch.msgid.link/20260206060306.4050531-1-lizhi.hou@amd.com
parent c68a6af4

drivers/accel/amdxdna/aie2_message.c

+3 −0
Original line number Diff line number Diff line
@@ -318,6 +318,9 @@ int aie2_destroy_context(struct amdxdna_dev_hdl *ndev, struct amdxdna_hwctx *hwc 
	struct amdxdna_dev *xdna = ndev->xdna;

	int ret;



	if (!hwctx->priv->mbox_chann)

		return 0;



	xdna_mailbox_stop_channel(hwctx->priv->mbox_chann);

	ret = aie2_destroy_context_req(ndev, hwctx->fw_ctx_id);

	xdna_mailbox_destroy_channel(hwctx->priv->mbox_chann);