If userspace issues an ioctl to destroy a hardware context that has
already been automatically suspended, the driver may crash because the
mailbox channel pointer is NULL for the suspended context.
Fix this by checking the mailbox channel pointer in aie2_destroy_context()
before accessing it.
Fixes: 97f27573837e ("accel/amdxdna: Fix potential NULL pointer dereference in
context cleanup")
Signed-off-by: Lizhi Hou <[email protected]>
---
drivers/accel/amdxdna/aie2_message.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/accel/amdxdna/aie2_message.c
b/drivers/accel/amdxdna/aie2_message.c
index 7d7dcfeaf794..ab1178850c47 100644
--- a/drivers/accel/amdxdna/aie2_message.c
+++ b/drivers/accel/amdxdna/aie2_message.c
@@ -318,6 +318,9 @@ int aie2_destroy_context(struct amdxdna_dev_hdl *ndev,
struct amdxdna_hwctx *hwc
struct amdxdna_dev *xdna = ndev->xdna;
int ret;
+ if (!hwctx->priv->mbox_chann)
+ return 0;
+
xdna_mailbox_stop_channel(hwctx->priv->mbox_chann);
ret = aie2_destroy_context_req(ndev, hwctx->fw_ctx_id);
xdna_mailbox_destroy_channel(hwctx->priv->mbox_chann);
--
2.34.1
