dmaengine: idxd: Fix possible invalid memory access after FLR

[ Upstream commit d6077df7b75d26e4edf98983836c05d00ebabd8d ]

In the case that the first Function Level Reset (FLR) concludes
correctly, but in the second FLR the scratch area for the saved
configuration cannot be allocated, it's possible for a invalid memory
access to happen.

Always set the deallocated scratch area to NULL after FLR completes.

Fixes: 98d187a98903 ("dmaengine: idxd: Enable Function Level Reset (FLR) for halt")
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Link: https://patch.msgid.link/20260121-idxd-fix-flr-on-kernel-queues-v3-v3-3-7ed70658a9d1@intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
index 449424242631d4aeee47e15c986f5ae17b35d14c..f2b37c63a964c580f75930361a393f69bd9c55c4 100644 (file)
--- a/drivers/dma/idxd/init.c
+++ b/drivers/dma/idxd/init.c
@@ -1137,6 +1137,7 @@ static void idxd_reset_done(struct pci_dev *pdev)
        }
 out:
        kfree(idxd->idxd_saved);
+       idxd->idxd_saved = NULL;
 }
 
 static const struct pci_error_handlers idxd_error_handler = {