linux-riscv.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys
@ 2025-08-15  7:12 XianLiang Huang
  2025-08-15  9:03 ` Markus Elfring
  2025-08-15 10:01 ` Joerg Roedel
  0 siblings, 2 replies; 5+ messages in thread
From: XianLiang Huang @ 2025-08-15  7:12 UTC (permalink / raw)
  To: tjeznach
  Cc: markus.elfring, joro, will, robin.murphy, paul.walmsley, palmer,
	aou, alex, iommu, linux-riscv, linux-kernel, huangxianliang

The riscv_iommu_pte_fetch() function returns either NULL for
unmapped/never-mapped iova, or a valid leaf pte pointer that requires no
further validation.

riscv_iommu_iova_to_phys() failed to handle NULL returns. Fix by adding NULL
check before dereferencing and returning 0 for invalid iova.

Fixes: 488ffbf18171 ("iommu/riscv: Paging domain support")
Cc: Tomasz Jeznach <tjeznach@rivosinc.com>
Signed-off-by: XianLiang Huang <huangxianliang@lanxincomputing.com>
---
Changes
v3:
- Remove redundant pte validation in riscv_iommu_iova_to_phys
- Improve subject line to emphasize prevention

v2:
- Refine problem description
- Add "Fixes" tag
---
 drivers/iommu/riscv/iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iommu/riscv/iommu.c b/drivers/iommu/riscv/iommu.c
index 2d0d31ba2886..0eae2f4bdc5e 100644
--- a/drivers/iommu/riscv/iommu.c
+++ b/drivers/iommu/riscv/iommu.c
@@ -1283,7 +1283,7 @@ static phys_addr_t riscv_iommu_iova_to_phys(struct iommu_domain *iommu_domain,
 	unsigned long *ptr;
 
 	ptr = riscv_iommu_pte_fetch(domain, iova, &pte_size);
-	if (_io_pte_none(*ptr) || !_io_pte_present(*ptr))
+	if (!ptr)
 		return 0;
 
 	return pfn_to_phys(__page_val_to_pfn(*ptr)) | (iova & (pte_size - 1));
-- 
2.34.1

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys
  2025-08-15  7:12 [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys XianLiang Huang
@ 2025-08-15  9:03 ` Markus Elfring
  2025-08-15 10:01 ` Joerg Roedel
  1 sibling, 0 replies; 5+ messages in thread
From: Markus Elfring @ 2025-08-15  9:03 UTC (permalink / raw)
  To: XianLiang Huang, iommu, linux-riscv
  Cc: LKML, Albert Ou, Alexandre Ghiti, Jörg Rödel,
	Palmer Dabbelt, Paul Walmsley, Robin Murphy, Tomasz Jeznach,
	Will Deacon

…> riscv_iommu_iova_to_phys() failed to handle NULL returns. Fix by adding NULL
> check before dereferencing and returning 0 for invalid iova.
…> ---
> Changes
> v3:
> - Remove redundant pte validation in riscv_iommu_iova_to_phys
> - Improve subject line to emphasize prevention
…

Repetition:
https://lore.kernel.org/lkml/effb29be-6d14-47e5-ab71-454119467750@web.de/

Would a summary phrase like “Prevent null pointer dereference in riscv_iommu_iova_to_phys()”
be nicer anyhow?

Regards,
Markus

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys
  2025-08-15  7:12 [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys XianLiang Huang
  2025-08-15  9:03 ` Markus Elfring
@ 2025-08-15 10:01 ` Joerg Roedel
  2025-08-15 14:43   ` Robin Murphy
  1 sibling, 1 reply; 5+ messages in thread
From: Joerg Roedel @ 2025-08-15 10:01 UTC (permalink / raw)
  To: XianLiang Huang
  Cc: tjeznach, markus.elfring, will, robin.murphy, paul.walmsley,
	palmer, aou, alex, iommu, linux-riscv, linux-kernel

On Fri, Aug 15, 2025 at 03:12:44PM +0800, XianLiang Huang wrote:
> diff --git a/drivers/iommu/riscv/iommu.c b/drivers/iommu/riscv/iommu.c
> index 2d0d31ba2886..0eae2f4bdc5e 100644
> --- a/drivers/iommu/riscv/iommu.c
> +++ b/drivers/iommu/riscv/iommu.c
> @@ -1283,7 +1283,7 @@ static phys_addr_t riscv_iommu_iova_to_phys(struct iommu_domain *iommu_domain,
>  	unsigned long *ptr;
>  
>  	ptr = riscv_iommu_pte_fetch(domain, iova, &pte_size);
> -	if (_io_pte_none(*ptr) || !_io_pte_present(*ptr))
> +	if (!ptr)
>  		return 0;

Zero is usually not an invalid physical address, or is it on RISC-V?

-Joerg

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys
  2025-08-15 10:01 ` Joerg Roedel
@ 2025-08-15 14:43   ` Robin Murphy
  2025-08-18 16:04     ` Joerg Roedel
  0 siblings, 1 reply; 5+ messages in thread
From: Robin Murphy @ 2025-08-15 14:43 UTC (permalink / raw)
  To: Joerg Roedel, XianLiang Huang
  Cc: tjeznach, markus.elfring, will, paul.walmsley, palmer, aou, alex,
	iommu, linux-riscv, linux-kernel

On 15/08/2025 11:01 am, Joerg Roedel wrote:
> On Fri, Aug 15, 2025 at 03:12:44PM +0800, XianLiang Huang wrote:
>> diff --git a/drivers/iommu/riscv/iommu.c b/drivers/iommu/riscv/iommu.c
>> index 2d0d31ba2886..0eae2f4bdc5e 100644
>> --- a/drivers/iommu/riscv/iommu.c
>> +++ b/drivers/iommu/riscv/iommu.c
>> @@ -1283,7 +1283,7 @@ static phys_addr_t riscv_iommu_iova_to_phys(struct iommu_domain *iommu_domain,
>>   	unsigned long *ptr;
>>   
>>   	ptr = riscv_iommu_pte_fetch(domain, iova, &pte_size);
>> -	if (_io_pte_none(*ptr) || !_io_pte_present(*ptr))
>> +	if (!ptr)
>>   		return 0;
> 
> Zero is usually not an invalid physical address, or is it on RISC-V?

It's a valid PA on many systems of many architectures, but it's also 
been the "not mapped/error" value for the iova_to_phys operation all the 
way back to the very very first intel_iommu_iova_to_pfn() nearly 17 
years ago, so hey :)

Thanks,
Robin.

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys
  2025-08-15 14:43   ` Robin Murphy
@ 2025-08-18 16:04     ` Joerg Roedel
  0 siblings, 0 replies; 5+ messages in thread
From: Joerg Roedel @ 2025-08-18 16:04 UTC (permalink / raw)
  To: Robin Murphy
  Cc: XianLiang Huang, tjeznach, markus.elfring, will, paul.walmsley,
	palmer, aou, alex, iommu, linux-riscv, linux-kernel

On Fri, Aug 15, 2025 at 03:43:25PM +0100, Robin Murphy wrote:
> It's a valid PA on many systems of many architectures, but it's also been
> the "not mapped/error" value for the iova_to_phys operation all the way back
> to the very very first intel_iommu_iova_to_pfn() nearly 17 years ago, so hey
> :)

Right, the sins of the past finally haunt me ;)

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-08-18 17:33 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-15  7:12 [PATCH v3] iommu/riscv: prevent NULL deref in iova_to_phys XianLiang Huang
2025-08-15  9:03 ` Markus Elfring
2025-08-15 10:01 ` Joerg Roedel
2025-08-15 14:43   ` Robin Murphy
2025-08-18 16:04     ` Joerg Roedel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).