From: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
To: David Woodhouse
<David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() array
Date: Tue, 25 Mar 2014 20:30:15 +0100 [thread overview]
Message-ID: <20140325193015.GI13491@8bytes.org> (raw)
In-Reply-To: <1395422354-19762-6-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Hi David,
On Fri, Mar 21, 2014 at 05:18:46PM +0000, David Woodhouse wrote:
> +static int __init dmar_acpi_dev_scope_init(void)
> +{
> + struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
> +
> + while (((unsigned long)andd) <
> + ((unsigned long)dmar_tbl) + dmar_tbl->length) {
This is causing a kernel crash on AMD IOMMU systems. I will queue
attached patch on the x86/vt-d to fix the issue. A better solution would
be to not call ir_dev_scope_init() by a rootfs-initcall, but this is
more complicated and better not done that close to the merge-window.
Do you have objections?
Joerg
>From 0e1ad789087ea3b142ee4a169662db0ec77425ff Mon Sep 17 00:00:00 2001
From: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Date: Tue, 25 Mar 2014 20:16:40 +0100
Subject: [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init()
When ir_dev_scope_init() is called via a rootfs initcall it
will check for irq_remapping_enabled before it calls
(indirectly) into dmar_acpi_dev_scope_init() which uses the
dmar_tbl pointer without any checks.
The AMD IOMMU driver also sets the irq_remapping_enabled
flag which causes the dmar_acpi_dev_scope_init() function to
be called on systems with AMD IOMMU hardware too, causing a
boot-time kernel crash.
Signed-off-by: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
---
drivers/iommu/dmar.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
index 56e1c79..e531a2b 100644
--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c
@@ -657,7 +657,12 @@ static void __init dmar_acpi_insert_dev_scope(u8 device_number,
static int __init dmar_acpi_dev_scope_init(void)
{
- struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
+ struct acpi_dmar_andd *andd;
+
+ if (dmar_tbl == NULL)
+ return -ENODEV;
+
+ andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
while (((unsigned long)andd) <
((unsigned long)dmar_tbl) + dmar_tbl->length) {
--
1.7.9.5
next prev parent reply other threads:[~2014-03-25 19:30 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-21 17:18 [PATCH 00/33] iommu/vt-d: Add support for DMA mapping of ACPI-enumerated devices David Woodhouse
[not found] ` <1395422354-19762-1-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-03-21 17:18 ` [PATCH 01/33] iommu/vt-d: Add ACPI namespace device reporting structures David Woodhouse
2014-03-21 17:18 ` [PATCH 02/33] iommu/vt-d: Parse ANDD records David Woodhouse
2014-03-21 17:18 ` [PATCH 03/33] iommu/vt-d: Allocate space for ACPI devices David Woodhouse
2014-03-21 17:18 ` [PATCH 04/33] iommu/vt-d: Change scope lists to struct device, bus, devfn David Woodhouse
2014-03-21 17:18 ` [PATCH 05/33] iommu/vt-d: Add ACPI devices into dmaru->devices[] array David Woodhouse
[not found] ` <1395422354-19762-6-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-03-25 19:30 ` Joerg Roedel [this message]
[not found] ` <20140325193015.GI13491-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2014-03-26 9:16 ` [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() array Woodhouse, David
2014-03-21 17:18 ` [PATCH 06/33] iommu/vt-d: Make iommu_dummy() take struct device instead of struct pci_dev David Woodhouse
2014-03-21 17:18 ` [PATCH 07/33] iommu/vt-d: Make dmar_insert_dev_info() " David Woodhouse
2014-03-21 17:18 ` [PATCH 08/33] iommu/vt-d: Use struct device in device_domain_info, not " David Woodhouse
2014-03-21 17:18 ` [PATCH 09/33] iommu/vt-d: Pass iommu to domain_context_mapping_one() and iommu_support_dev_iotlb() David Woodhouse
2014-03-21 17:18 ` [PATCH 10/33] iommu/vt-d: Stop dmar_insert_dev_info() freeing domains on losing race David Woodhouse
2014-03-21 17:18 ` [PATCH 11/33] iommu/vt-d: use dmar_insert_dev_info() from dma_add_dev_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 12/33] iommu/vt-d: Use domain_remove_one_dev_info() in domain_add_dev_info() error path David Woodhouse
2014-03-21 17:18 ` [PATCH 13/33] iommu/vt-d: Always store iommu in device_domain_info David Woodhouse
2014-03-21 17:18 ` [PATCH 14/33] iommu/vt-d: Simplify iommu check in domain_remove_one_dev_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 15/33] iommu/vt-d: Remove device_to_iommu() call from domain_remove_dev_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 16/33] iommu/vt-d: Store PCI segment number in struct intel_iommu David Woodhouse
2014-03-21 17:18 ` [PATCH 17/33] iommu/vt-d: Remove segment from struct device_domain_info() David Woodhouse
2014-03-21 17:18 ` [PATCH 18/33] iommu/vt-d: Make identity_mapping() take struct device not struct pci_dev David Woodhouse
2014-03-21 17:19 ` [PATCH 19/33] iommu/vt-d: Make device_to_iommu() cope with non-PCI devices David Woodhouse
2014-03-21 17:19 ` [PATCH 20/33] iommu/vt-d: Make domain_context_mapp{ed, ing}() take struct device David Woodhouse
2014-03-21 17:19 ` [PATCH 21/33] iommu/vt-d: Make get_domain_for_dev() " David Woodhouse
[not found] ` <1395422354-19762-22-git-send-email-David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-04-14 21:22 ` Alex Williamson
[not found] ` <1397510541.3060.15.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-04-14 21:40 ` Woodhouse, David
[not found] ` <1397511643.19944.217.camel-Fexsq3y4057IgHVZqg5X0TlWvGAXklZc@public.gmane.org>
2014-04-14 21:52 ` Alex Williamson
2014-03-21 17:19 ` [PATCH 22/33] iommu/vt-d: Handle RMRRs for non-PCI devices David Woodhouse
2014-03-21 17:19 ` [PATCH 23/33] iommu/vt-d: Make iommu_should_identity_map() take struct device David Woodhouse
2014-03-21 17:19 ` [PATCH 24/33] iommu/vt-d: Make get_valid_domain_for_dev() " David Woodhouse
2014-03-21 17:19 ` [PATCH 25/33] iommu/vt-d: Remove some pointless to_pci_dev() calls David Woodhouse
2014-03-21 17:19 ` [PATCH 26/33] iommu/vt-d: Rename 'hwdev' variables to 'dev' now that that's the norm David Woodhouse
2014-03-21 17:19 ` [PATCH 27/33] iommu/vt-d: Make domain_remove_one_dev_info() take struct device David Woodhouse
2014-03-21 17:19 ` [PATCH 28/33] iommu/vt-d: Make domain_add_dev_info() " David Woodhouse
2014-03-21 17:19 ` [PATCH 29/33] iommu/vt-d: Remove pdev from iommu_no_mapping() David Woodhouse
2014-03-21 17:19 ` [PATCH 30/33] iommu/vt-d: Remove pdev from intel_iommu_attach_device() David Woodhouse
2014-03-21 17:19 ` [PATCH 31/33] iommu/vt-d: Remove to_pci_dev() in intel_map_page() David Woodhouse
2014-03-21 17:19 ` [PATCH 32/33] iommu/vt-d: Finally enable translation for non-PCI devices David Woodhouse
2014-03-21 17:19 ` [PATCH 33/33] iommu/vt-d: Include ACPI devices in iommu=pt David Woodhouse
2014-03-24 13:52 ` [PATCH 34/33] iommu/vt-d: Fix RCU annotations on device scope lists Woodhouse, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140325193015.GI13491@8bytes.org \
--to=joro-zlv9swrftaidnm+yrofe0a@public.gmane.org \
--cc=David.Woodhouse-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).