From mboxrd@z Thu Jan 1 00:00:00 1970 From: Robin Murphy Subject: [PATCH 2/2] iommu: Sanity-check device attach Date: Mon, 17 Oct 2016 12:40:10 +0100 Message-ID: References: <17c608b6bb857c409ef9236f768b5ef8cd7e0f50.1476702439.git.robin.murphy@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <17c608b6bb857c409ef9236f768b5ef8cd7e0f50.1476702439.git.robin.murphy-5wv7dgnIgG8@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org Cc: iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: iommu@lists.linux-foundation.org Now that IOMMU domains are driver-specific, attempting to attach any old device to any old domain can result in one IOMMU driver dereferencing another's private data as its own and going horribly wrong. Fortunately, we can prevent this easily in the core since both the device and the domain have an associated set of IOMMU ops. Make sure they match. Signed-off-by: Robin Murphy --- drivers/iommu/iommu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index eab883e6c5a9..ff87dd083152 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -1085,6 +1085,9 @@ static int __iommu_attach_device(struct iommu_domain *domain, if (unlikely(domain->ops->attach_dev == NULL)) return -ENODEV; + if (unlikely(domain->ops != dev_iommu_ops(dev))) + return -EINVAL; + ret = domain->ops->attach_dev(domain, dev); if (!ret) trace_attach_device_to_domain(dev); -- 1.9.1