From: Jiang Liu <jiang.liu@linux.intel.com>
To: Joerg Roedel <joro@8bytes.org>,
David Woodhouse <dwmw2@infradead.org>,
Yinghai Lu <yinghai@kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Dan Williams <dan.j.williams@intel.com>,
Vinod Koul <vinod.koul@intel.com>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>
Cc: Jiang Liu <jiang.liu@linux.intel.com>,
Ashok Raj <ashok.raj@intel.com>,
Yijing Wang <wangyijing@huawei.com>,
Tony Luck <tony.luck@intel.com>,
iommu@lists.linux-foundation.org, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org, dmaengine@vger.kernel.org
Subject: [Patch Part2 V2 10/17] iommu/vt-d: check for NULL pointer when freeing IOMMU data structure
Date: Wed, 19 Feb 2014 14:07:30 +0800 [thread overview]
Message-ID: <1392790057-32434-11-git-send-email-jiang.liu@linux.intel.com> (raw)
In-Reply-To: <1392790057-32434-1-git-send-email-jiang.liu@linux.intel.com>
Domain id 0 will be assigned to invalid translation without allocating
domain data structure if DMAR unit supports caching mode. So in function
free_dmar_iommu(), we should check whether the domain pointer is NULL,
otherwise it will cause system crash as below:
[ 6.790519] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8
[ 6.799520] IP: [<ffffffff810e2dc8>] __lock_acquire+0x11f8/0x1430
[ 6.806493] PGD 0
[ 6.817972] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 6.823303] Modules linked in:
[ 6.826862] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.14.0-rc1+ #126
[ 6.834252] Hardware name: Intel Corporation BRICKLAND/BRICKLAND, BIOS BRIVTIN1.86B.0047.R00.1402050741 02/05/2014
[ 6.845951] task: ffff880455a80000 ti: ffff880455a88000 task.ti: ffff880455a88000
[ 6.854437] RIP: 0010:[<ffffffff810e2dc8>] [<ffffffff810e2dc8>] __lock_acquire+0x11f8/0x1430
[ 6.864154] RSP: 0000:ffff880455a89ce0 EFLAGS: 00010046
[ 6.870179] RAX: 0000000000000046 RBX: 0000000000000002 RCX: 0000000000000000
[ 6.878249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000c8
[ 6.886318] RBP: ffff880455a89d40 R08: 0000000000000002 R09: 0000000000000001
[ 6.894387] R10: 0000000000000000 R11: 0000000000000001 R12: ffff880455a80000
[ 6.902458] R13: 0000000000000000 R14: 00000000000000c8 R15: 0000000000000000
[ 6.910520] FS: 0000000000000000(0000) GS:ffff88045b800000(0000) knlGS:0000000000000000
[ 6.919687] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6.926198] CR2: 00000000000000c8 CR3: 0000000001e0e000 CR4: 00000000001407f0
[ 6.934269] Stack:
[ 6.936588] ffffffffffffff10 ffffffff810f59db 0000000000000010 0000000000000246
[ 6.945219] ffff880455a89d10 0000000000000000 ffffffff82bcb980 0000000000000046
[ 6.953850] 0000000000000000 0000000000000000 0000000000000002 0000000000000000
[ 6.962482] Call Trace:
[ 6.965300] [<ffffffff810f59db>] ? vprintk_emit+0x4fb/0x5a0
[ 6.971716] [<ffffffff810e3185>] lock_acquire+0x185/0x200
[ 6.977941] [<ffffffff821fbbee>] ? init_dmars+0x839/0xa1d
[ 6.984167] [<ffffffff81870b06>] _raw_spin_lock_irqsave+0x56/0x90
[ 6.991158] [<ffffffff821fbbee>] ? init_dmars+0x839/0xa1d
[ 6.997380] [<ffffffff821fbbee>] init_dmars+0x839/0xa1d
[ 7.003410] [<ffffffff8147d575>] ? pci_get_dev_by_id+0x75/0xd0
[ 7.010119] [<ffffffff821fc146>] intel_iommu_init+0x2f0/0x502
[ 7.016735] [<ffffffff821a7947>] ? iommu_setup+0x27d/0x27d
[ 7.023056] [<ffffffff821a796f>] pci_iommu_init+0x28/0x52
[ 7.029282] [<ffffffff81002162>] do_one_initcall+0xf2/0x220
[ 7.035702] [<ffffffff810a4a29>] ? parse_args+0x2c9/0x450
[ 7.041919] [<ffffffff8219d1b1>] kernel_init_freeable+0x1c9/0x25b
[ 7.048919] [<ffffffff8219c8d2>] ? do_early_param+0x8a/0x8a
[ 7.055336] [<ffffffff8184d3f0>] ? rest_init+0x150/0x150
[ 7.061461] [<ffffffff8184d3fe>] kernel_init+0xe/0x100
[ 7.067393] [<ffffffff8187b5fc>] ret_from_fork+0x7c/0xb0
[ 7.073518] [<ffffffff8184d3f0>] ? rest_init+0x150/0x150
[ 7.079642] Code: 01 76 18 89 05 46 04 36 01 41 be 01 00 00 00 e9 2f 02 00 00 0f 1f 80 00 00 00 00 41 be 01 00 00 00 e9 1d 02 00 00 0f 1f 44 00 00 <49> 81 3e c0 31 34 82 b8 01 00 00 00 0f 44 d8 41 83 ff 01 0f 87
[ 7.104944] RIP [<ffffffff810e2dc8>] __lock_acquire+0x11f8/0x1430
[ 7.112008] RSP <ffff880455a89ce0>
[ 7.115988] CR2: 00000000000000c8
[ 7.119784] ---[ end trace 13d756f0f462c538 ]---
[ 7.125034] note: swapper/0[1] exited with preempt_count 1
[ 7.131285] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 7.131285]
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
---
drivers/iommu/intel-iommu.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index a27d3eb..afbc8d6 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -1297,6 +1297,13 @@ static void free_dmar_iommu(struct intel_iommu *iommu)
if ((iommu->domains) && (iommu->domain_ids)) {
for_each_set_bit(i, iommu->domain_ids, cap_ndoms(iommu->cap)) {
+ /*
+ * Domain id 0 is reserved for invalid translation
+ * if hardware supports caching mode.
+ */
+ if (cap_caching_mode(iommu->cap) && i == 0)
+ continue;
+
domain = iommu->domains[i];
clear_bit(i, iommu->domain_ids);
--
1.7.10.4
next prev parent reply other threads:[~2014-02-19 6:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-19 6:07 [Patch Part2 V2 00/17] Enhance DMAR drivers to handle PCI/memory hotplug events Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 01/17] iommu/vt-d: avoid double free of g_iommus on error recovery path Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 02/17] iommu/vt-d: avoid caching stale domain_device_info and fix memory leak Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 03/17] iommu/vt-d: avoid caching stale domain_device_info when hot-removing PCI device Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 04/17] iommu/vt-d: factor out dmar_alloc_dev_scope() for later reuse Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 05/17] iommu/vt-d: move private structures and variables into intel-iommu.c Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 06/17] iommu/vt-d: simplify function get_domain_for_dev() Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 07/17] iommu/vt-d: free resources if failed to create domain for PCIe endpoint Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 08/17] iommu/vt-d: reduce duplicated code to handle virtual machine domains Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 09/17] iommu/vt-d: fix incorrect iommu_count for si_domain Jiang Liu
2014-02-19 6:07 ` Jiang Liu [this message]
2014-02-19 6:07 ` [Patch Part2 V2 11/17] iommu/vt-d: fix error in detect ATS capability Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 12/17] iommu/vt-d: introduce macro for_each_dev_scope() to walk device scope entries Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 13/17] iommu/vt-d: introduce a rwsem to protect global data structures Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 14/17] iommu/vt-d: use RCU to protect global resources in interrupt context Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 15/17] iommu/vt-d, PCI: update DRHD/RMRR/ATSR device scope caches when PCI hotplug happens Jiang Liu
2014-03-06 18:25 ` David Woodhouse
2014-03-10 8:46 ` Jiang Liu
2014-03-10 13:04 ` David Woodhouse
2014-02-19 6:07 ` [Patch Part2 V2 16/17] iommu/vt-d, PCI: unify the way to process DMAR device scope array Jiang Liu
2014-02-19 6:07 ` [Patch Part2 V2 17/17] iommu/vt-d: update IOMMU state when memory hotplug happens Jiang Liu
2014-03-05 7:48 ` [Patch Part2 V2 00/17] Enhance DMAR drivers to handle PCI/memory hotplug events Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1392790057-32434-11-git-send-email-jiang.liu@linux.intel.com \
--to=jiang.liu@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dmaengine@vger.kernel.org \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=tony.luck@intel.com \
--cc=vinod.koul@intel.com \
--cc=wangyijing@huawei.com \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).