[PATCH] iommu: Check the result of iommu_group

iommu.lists.linux-foundation.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] iommu: Check the result of iommu_group_get() for NULL
@ 2017-12-04 17:22 Jordan Crouse
       [not found] ` <1512408130-24833-1-git-send-email-jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Jordan Crouse @ 2017-12-04 17:22 UTC (permalink / raw)
  To: iommu; +Cc: linux-arm-msm

The result of iommu_group_get() was being blindly used in both
attach and detach which results in a dereference when trying
to work with an unknown device.

Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
---
 drivers/iommu/iommu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 3de5c0b..69fef99 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -1303,6 +1303,9 @@ int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
 	int ret;
 
 	group = iommu_group_get(dev);
+	if (!group)
+		return -ENODEV;
+
 	/*
 	 * Lock the group to make sure the device-count doesn't
 	 * change while we are attaching
@@ -1341,6 +1344,8 @@ void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
 	struct iommu_group *group;
 
 	group = iommu_group_get(dev);
+	if (!group)
+		return;
 
 	mutex_lock(&group->mutex);
 	if (iommu_group_device_count(group) != 1) {
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

[parent not found: <1512408130-24833-1-git-send-email-jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>]

* Re: [PATCH] iommu: Check the result of iommu_group_get() for NULL
       [not found] ` <1512408130-24833-1-git-send-email-jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
@ 2017-12-20 19:02   ` Alex Williamson
  2018-01-09 17:15   ` Robin Murphy
  1 sibling, 0 replies; 3+ messages in thread
From: Alex Williamson @ 2017-12-20 19:02 UTC (permalink / raw)
  To: Jordan Crouse
  Cc: linux-arm-msm-u79uwXL29TY76Z2rM5mHXA,
	iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA

On Mon,  4 Dec 2017 10:22:10 -0700
Jordan Crouse <jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org> wrote:

> The result of iommu_group_get() was being blindly used in both
> attach and detach which results in a dereference when trying
> to work with an unknown device.
> 
> Signed-off-by: Jordan Crouse <jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
> ---
>  drivers/iommu/iommu.c | 5 +++++
>  1 file changed, 5 insertions(+)

Applied to v4.16-iommu/misc.  Thanks,

Alex

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] iommu: Check the result of iommu_group_get() for NULL
       [not found] ` <1512408130-24833-1-git-send-email-jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
  2017-12-20 19:02   ` Alex Williamson
@ 2018-01-09 17:15   ` Robin Murphy
  1 sibling, 0 replies; 3+ messages in thread
From: Robin Murphy @ 2018-01-09 17:15 UTC (permalink / raw)
  To: Jordan Crouse, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA
  Cc: linux-arm-msm-u79uwXL29TY76Z2rM5mHXA

Hi Jordan,

On 04/12/17 17:22, Jordan Crouse wrote:
> The result of iommu_group_get() was being blindly used in both
> attach and detach which results in a dereference when trying
> to work with an unknown device.

I missed this one before it got applied, but FWIW that behaviour was 
actually somewhat intentional (see 05f80300dc8b). Callers really 
shouldn't be trying to attach random unknown devices to IOMMU domains 
anyway, but more crucially, now that iommu_{attach,detach}_group() work 
everywhere I think the long-term plan is still to remove 
iommu_{attach,detach}_device() completely.

I have no great objection to this patch myself, but do consider it a 
heads-up that any callers it fixes are liable to be ridden roughshod 
over by further API changes in future.

Robin.

> Signed-off-by: Jordan Crouse <jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
> ---
>   drivers/iommu/iommu.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 3de5c0b..69fef99 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -1303,6 +1303,9 @@ int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
>   	int ret;
>   
>   	group = iommu_group_get(dev);
> +	if (!group)
> +		return -ENODEV;
> +
>   	/*
>   	 * Lock the group to make sure the device-count doesn't
>   	 * change while we are attaching
> @@ -1341,6 +1344,8 @@ void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
>   	struct iommu_group *group;
>   
>   	group = iommu_group_get(dev);
> +	if (!group)
> +		return;
>   
>   	mutex_lock(&group->mutex);
>   	if (iommu_group_device_count(group) != 1) {
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-01-09 17:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-04 17:22 [PATCH] iommu: Check the result of iommu_group_get() for NULL Jordan Crouse
     [not found] ` <1512408130-24833-1-git-send-email-jcrouse-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2017-12-20 19:02   ` Alex Williamson
2018-01-09 17:15   ` Robin Murphy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).