cxl/region: Validate partition index before array access

construct_region() reads cxled->part and uses it to index
cxlds->part[] without checking for a negative value. If the
partition was never resolved, part remains at its initial value
of -1, causing an out-of-bounds array access.

Add a guard to return -EBUSY when part is negative.

The check was dropped during a merge.

Signed-off-by: Koba Ko <kobak@nvidia.com>
Reviewed-by: Alison Schofield <alison.schofield@intel.com>
Link: https://patch.msgid.link/20260414024527.3399590-1-kobak@nvidia.com
Signed-off-by: Dave Jiang <dave.jiang@intel.com>

diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c
index e50dc716d4e820df278840814eed91483c461cd8..cc41c08c0c0cb039aebadca2cf562e866f87b1c5 100644 (file)
--- a/drivers/cxl/core/region.c
+++ b/drivers/cxl/core/region.c
@@ -3714,6 +3714,9 @@ static struct cxl_region *construct_region(struct cxl_root_decoder *cxlrd,
        int rc, part = READ_ONCE(cxled->part);
        struct cxl_region *cxlr;
 
+       if (part < 0)
+               return ERR_PTR(-EBUSY);
+
        do {
                cxlr = __create_region(cxlrd, cxlds->part[part].mode,
                                       atomic_read(&cxlrd->region_id),