From: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
To: David Woodhouse
<David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() array
Date: Tue, 25 Mar 2014 20:30:15 +0100 [thread overview]
Message-ID: <20140325193015.GI13491@8bytes.org> (raw)
In-Reply-To: <1395422354-19762-6-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Hi David,
On Fri, Mar 21, 2014 at 05:18:46PM +0000, David Woodhouse wrote:
> +static int __init dmar_acpi_dev_scope_init(void)
> +{
> + struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
> +
> + while (((unsigned long)andd) <
> + ((unsigned long)dmar_tbl) + dmar_tbl->length) {
This is causing a kernel crash on AMD IOMMU systems. I will queue
attached patch on the x86/vt-d to fix the issue. A better solution would
be to not call ir_dev_scope_init() by a rootfs-initcall, but this is
more complicated and better not done that close to the merge-window.
Do you have objections?
Joerg
>From 0e1ad789087ea3b142ee4a169662db0ec77425ff Mon Sep 17 00:00:00 2001
From: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Date: Tue, 25 Mar 2014 20:16:40 +0100
Subject: [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init()
When ir_dev_scope_init() is called via a rootfs initcall it
will check for irq_remapping_enabled before it calls
(indirectly) into dmar_acpi_dev_scope_init() which uses the
dmar_tbl pointer without any checks.
The AMD IOMMU driver also sets the irq_remapping_enabled
flag which causes the dmar_acpi_dev_scope_init() function to
be called on systems with AMD IOMMU hardware too, causing a
boot-time kernel crash.
Signed-off-by: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
---
drivers/iommu/dmar.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
index 56e1c79..e531a2b 100644
--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c
@@ -657,7 +657,12 @@ static void __init dmar_acpi_insert_dev_scope(u8 device_number,
static int __init dmar_acpi_dev_scope_init(void)
{
- struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
+ struct acpi_dmar_andd *andd;
+
+ if (dmar_tbl == NULL)
+ return -ENODEV;
+
+ andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
while (((unsigned long)andd) <
((unsigned long)dmar_tbl) + dmar_tbl->length) {
--
1.7.9.5
next prev parent reply other threads:[~2014-03-25 19:30 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-21 17:18 [PATCH 00/33] iommu/vt-d: Add support for DMA mapping of ACPI-enumerated devices David Woodhouse
[not found] ` <1395422354-19762-1-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-03-21 17:18 ` [PATCH 01/33] iommu/vt-d: Add ACPI namespace device reporting structures David Woodhouse
2014-03-21 17:18 ` [PATCH 02/33] iommu/vt-d: Parse ANDD records David Woodhouse
2014-03-21 17:18 ` [PATCH 03/33] iommu/vt-d: Allocate space for ACPI devices David Woodhouse
2014-03-21 17:18 ` [PATCH 04/33] iommu/vt-d: Change scope lists to struct device, bus, devfn David Woodhouse
2014-03-21 17:18 ` [PATCH 05/33] iommu/vt-d: Add ACPI devices into dmaru->devices[] array David Woodhouse
[not found] ` <1395422354-19762-6-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-03-25 19:30 ` Joerg Roedel [this message]
[not found] ` <20140325193015.GI13491-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2014-03-26 9:16 ` [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() array Woodhouse, David
2014-03-21 17:18 ` [PATCH 06/33] iommu/vt-d: Make iommu_dummy() take struct device instead of struct pci_dev David Woodhouse
2014-03-21 17:18 ` [PATCH 07/33] iommu/vt-d: Make dmar_insert_dev_info() " David Woodhouse
2014-03-21 17:18 ` [PATCH 08/33] iommu/vt-d: Use struct device in device_domain_info, not " David Woodhouse
2014-03-21 17:18 ` [PATCH 09/33] iommu/vt-d: Pass iommu to domain_context_mapping_one() and iommu_support_dev_iotlb() David Woodhouse
2014-03-21 17:18 ` [PATCH 10/33] iommu/vt-d: Stop dmar_insert_dev_info() freeing domains on losing race David Woodhouse
2014-03-21 17:18 ` [PATCH 11/33] iommu/vt-d: use dmar_insert_dev_info() from dma_add_dev_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 12/33] iommu/vt-d: Use domain_remove_one_dev_info() in domain_add_dev_info() error path David Woodhouse
2014-03-21 17:18 ` [PATCH 13/33] iommu/vt-d: Always store iommu in device_domain_info David Woodhouse
2014-03-21 17:18 ` [PATCH 14/33] iommu/vt-d: Simplify iommu check in domain_remove_one_dev_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 15/33] iommu/vt-d: Remove device_to_iommu() call from domain_remove_dev_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 16/33] iommu/vt-d: Store PCI segment number in struct intel_iommu David Woodhouse
2014-03-21 17:18 ` [PATCH 17/33] iommu/vt-d: Remove segment from struct device_domain_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 18/33] iommu/vt-d: Make identity_mapping() take struct device not struct pci_dev David Woodhouse
2014-03-21 17:19 ` [PATCH 19/33] iommu/vt-d: Make device_to_iommu() cope with non-PCI devices David Woodhouse
2014-03-21 17:19 ` [PATCH 20/33] iommu/vt-d: Make domain_context_mapp{ed, ing}() take struct device David Woodhouse
2014-03-21 17:19 ` [PATCH 21/33] iommu/vt-d: Make get_domain_for_dev() " David Woodhouse
[not found] ` <1395422354-19762-22-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-04-14 21:22 ` Alex Williamson
[not found] ` <1397510541.3060.15.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-04-14 21:40 ` Woodhouse, David
[not found] ` <1397511643.19944.217.camel-Fexsq3y4057IgHVZqg5X0TlWvGAXklZc@public.gmane.org>
2014-04-14 21:52 ` Alex Williamson
2014-03-21 17:19 ` [PATCH 22/33] iommu/vt-d: Handle RMRRs for non-PCI devices David Woodhouse
2014-03-21 17:19 ` [PATCH 23/33] iommu/vt-d: Make iommu_should_identity_map() take struct device David Woodhouse
2014-03-21 17:19 ` [PATCH 24/33] iommu/vt-d: Make get_valid_domain_for_dev() " David Woodhouse
2014-03-21 17:19 ` [PATCH 25/33] iommu/vt-d: Remove some pointless to_pci_dev() calls David Woodhouse
2014-03-21 17:19 ` [PATCH 26/33] iommu/vt-d: Rename 'hwdev' variables to 'dev' now that that's the norm David Woodhouse
2014-03-21 17:19 ` [PATCH 27/33] iommu/vt-d: Make domain_remove_one_dev_info() take struct device David Woodhouse
2014-03-21 17:19 ` [PATCH 28/33] iommu/vt-d: Make domain_add_dev_info() " David Woodhouse
2014-03-21 17:19 ` [PATCH 29/33] iommu/vt-d: Remove pdev from iommu_no_mapping() David Woodhouse
2014-03-21 17:19 ` [PATCH 30/33] iommu/vt-d: Remove pdev from intel_iommu_attach_device() David Woodhouse
2014-03-21 17:19 ` [PATCH 31/33] iommu/vt-d: Remove to_pci_dev() in intel_map_page() David Woodhouse
2014-03-21 17:19 ` [PATCH 32/33] iommu/vt-d: Finally enable translation for non-PCI devices David Woodhouse
2014-03-21 17:19 ` [PATCH 33/33] iommu/vt-d: Include ACPI devices in iommu=pt David Woodhouse
2014-03-24 13:52 ` [PATCH 34/33] iommu/vt-d: Fix RCU annotations on device scope lists Woodhouse, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140325193015.GI13491@8bytes.org \
--to=joro-zlv9swrftaidnm+yrofe0a@public.gmane.org \
--cc=David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.