From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-187.mta0.migadu.com (out-187.mta0.migadu.com [91.218.175.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB87F1ACEC6 for ; Fri, 14 Mar 2025 23:51:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.187 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741996314; cv=none; b=g5FkD+chW+aA4jsXaSMhpwzbjcvEMGpL5bLRAlqEdq0M0h6On+bzwaSEnQyqN/0K4ak0zvWCNausRe+MafsAsa2tA0jKIDcChTi+o6gzunc9RR/+3rBCWP6zkVZQJMzSt7nZI5e4Z4rShril0E6nx5Fxs7fjVVdj2RZej1xECf4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741996314; c=relaxed/simple; bh=p0Pj9tcQG6GfXZFp5IfdT5bVi4hWdGazLlS6zlwcJK0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=C72YtEERvYXyCpP7UTpwKaWPe9X1qiC/zoD4bSqOU9ilY8PYj999NZDiK/xXPcsSLW3+0etUemByh5FCv3o/MyNVhEcFyB6Aj2rS4GAP2OdExAO2Bgxwn4/MPsjkQNW0iHssqxcpZKvBttm7cKOrxbwZ2fjfHhB81NxSY0uORpU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=rosenzweig.io; spf=pass smtp.mailfrom=rosenzweig.io; dkim=pass (2048-bit key) header.d=rosenzweig.io header.i=@rosenzweig.io header.b=NFxeQgAk; arc=none smtp.client-ip=91.218.175.187 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=rosenzweig.io Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rosenzweig.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rosenzweig.io header.i=@rosenzweig.io header.b="NFxeQgAk" Date: Fri, 14 Mar 2025 19:51:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rosenzweig.io; s=key1; t=1741996309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P0BbUbAG3eg70hP8/1CroK/Kf34mgOD7Ll45eATb+8I=; b=NFxeQgAk/R//VsAghYt8xhZSxiEQfPlmN19UgK3B030JQ8DgU2qLncAavMBApOJvK5h5lg FUI5N99t4GbrKAlZJktXynUCkOGRuTdDJO+6pTR+vnBMnEg2gyTzcvSnu8Z6AeMVQhUdCe G/CygyehVX9vYdfN1LvodihTLRmi16FtkLWVdvudJpaumAGt4A6HbhqFCQ0WA8bXBghD0a FaY2zdPIg22BU+zEcb1/4T24fLmnLXnoNfEToknIWMRMU6gDUUQOti7EI4zXgs4O/Y7paf zr+w5Yo/Fw2B8LmI1cejA0u0Erz9SM016vXwFJNqetok9RyACi6XuJE+f6ly1w== X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Alyssa Rosenzweig To: Qasim Ijaz Cc: marcan@marcan.st, fnkl.kernel@gmail.com, Sven Peter , Janne Grunau , Joerg Roedel , Will Deacon , Robin Murphy , asahi@lists.linux.dev, linux-arm-kernel@lists.infradead.org, iommu@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH] iommu: apple-dart: fix potential null pointer deref Message-ID: References: <20250314230102.11008-1-qasdev00@gmail.com> Precedence: bulk X-Mailing-List: asahi@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20250314230102.11008-1-qasdev00@gmail.com> X-Migadu-Flow: FLOW_OUT Reviewed-by: Alyssa Rosenzweig Le Fri , Mar 14, 2025 at 11:01:02PM +0000, Qasim Ijaz a écrit : > If kzalloc() fails, accessing cfg->supports_bypass causes a null pointer dereference. > > Fix by checking for NULL immediately after allocation and returning -ENOMEM. > > Fixes: 3bc0102835f6 ("iommu: apple-dart: Allow mismatched bypass support") > Signed-off-by: Qasim Ijaz > --- > drivers/iommu/apple-dart.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/drivers/iommu/apple-dart.c b/drivers/iommu/apple-dart.c > index 13ccb801f52a..e13501541fdd 100644 > --- a/drivers/iommu/apple-dart.c > +++ b/drivers/iommu/apple-dart.c > @@ -797,12 +797,11 @@ static int apple_dart_of_xlate(struct device *dev, > > if (!cfg) { > cfg = kzalloc(sizeof(*cfg), GFP_KERNEL); > - > + if (!cfg) > + return -ENOMEM; > /* Will be ANDed with DART capabilities */ > cfg->supports_bypass = true; > } > - if (!cfg) > - return -ENOMEM; > dev_iommu_priv_set(dev, cfg); > > cfg_dart = cfg->stream_maps[0].dart; > -- > 2.39.5 >