Commit a55f8023 authored Apr 09, 2026 by Richard Cheng Committed by Jason Gunthorpe Apr 10, 2026

fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal

CXL is linked before fwctl in drivers/Makefile. Both use `module_init, so
`cxl_pci_driver_init()` runs first. When `cxl_pci_probe()` calls
`fwctl_register()` and then `device_add()`, fwctl_class is not yet
registered because fwctl_init() hasn't run, causing `class_to_subsys()` to
return NULL and skip knode_class initialization.

On device removal, `class_to_subsys()` returns non-NULL, and
`device_del()` calls `klist_del()` on the uninitialized knode, triggering
a NULL pointer dereference.

Fixes: 858ce2f5 ("cxl: Add FWCTL support to CXL")
Link: https://patch.msgid.link/r/20260409051902.40218-1-icheng@nvidia.com


Signed-off-by: Richard Cheng <icheng@nvidia.com>
Reviewed-by: Kai-Heng Feng <kaihengf@nvidia.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

parent 44230bb3

drivers/fwctl/main.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -415,7 +415,7 @@ static void __exit fwctl_exit(void)
		unregister_chrdev_region(fwctl_dev, FWCTL_MAX_DEVICES);
		}

		module_init(fwctl_init);
		subsys_initcall(fwctl_init);
		module_exit(fwctl_exit);
		MODULE_DESCRIPTION("fwctl device firmware access framework");
		MODULE_LICENSE("GPL");