From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7070C286425 for ; Mon, 27 Apr 2026 08:32:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777278760; cv=none; b=nfxBylgUCoEEGtu2qK/7JNXaJ0NBIncQ0+vGCFg1zHFMFqrVwxjrx+rL62IUPHcm3h3SjIULAUsuQxCM4nF2RYS/+d4sRZ47PrqZ5iCI1OEz9FXuhW8XXi+PCG9erpUPVfHGlvpbVtgppjUWBS1/9dNxnaehJhD+lkUT6NgGHtg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777278760; c=relaxed/simple; bh=ewvA0suYpvwf/+1eG6MBS6wEeTmlhYKNq/xnWnOB02w=; h=Message-ID:Date:MIME-Version:Cc:Subject:To:References:From: In-Reply-To:Content-Type; b=qL8hE950hEJNFMsPaoYullzJ6b2xLSIuCMWQ9v8xIEHSOsw1zopJvEQDv4gYqUOPGNsF+g9ywm+jEigkPCooyJop5hSWEbVPPU+oZSuKBB2HIejOULoIAdGKEF1o7AzGT2kjpMXBJM+jhiXtRKIYDX7ijxf2s2LDp1JUk4KA1iw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HpQNnpXO; arc=none smtp.client-ip=192.198.163.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HpQNnpXO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1777278759; x=1808814759; h=message-id:date:mime-version:cc:subject:to:references: from:in-reply-to:content-transfer-encoding; bh=ewvA0suYpvwf/+1eG6MBS6wEeTmlhYKNq/xnWnOB02w=; b=HpQNnpXOy2KScR/5JCEa04mELSsre7bnP5AnD/DjRdT5RJrFvvesKyIc BKafetQSA+Rq2/wX9RDGL1FyFFjbS/xU2SWZgoN6+mrSwPcJMYorflMxK oGt07JpsfDBuQ4XTwvVWy9SY10ifjOGySGhEuy2cZibQ3R8c7yRJsAtyM vtT2qRYtJzaMx+Kdi1Ht+5Bn07aht6o8jWB0dAxSEe5XypRyIirywT6Cp PaeqfMyBWYSWIn7xykbEuEiKTAx7ekznQgnddzWksXY+/eGqbDWOuwYav dDEzsYHftn5UzdKwJSk1oFlOOnlZaRS1dBzoFzx+rx2EkFXnefkE4xFaU Q==; X-CSE-ConnectionGUID: 20a6UnMrRsmHWUhAfIg1aQ== X-CSE-MsgGUID: SL6m53FbQlyy/6V/tCb6LQ== X-IronPort-AV: E=McAfee;i="6800,10657,11768"; a="88853882" X-IronPort-AV: E=Sophos;i="6.23,201,1770624000"; d="scan'208";a="88853882" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2026 01:32:38 -0700 X-CSE-ConnectionGUID: gAvjHFv8TYK4it1lSdJPqA== X-CSE-MsgGUID: WAGCvf+XQm6ZlFR6cjXizg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,201,1770624000"; d="scan'208";a="237902767" Received: from blu2-mobl.ccr.corp.intel.com (HELO [10.124.248.249]) ([10.124.248.249]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2026 01:32:35 -0700 Message-ID: <19cb7a81-9eb4-4792-a102-de94e008f4c7@linux.intel.com> Date: Mon, 27 Apr 2026 16:32:32 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Cc: baolu.lu@linux.intel.com, will@kernel.org, robin.murphy@arm.com, iommu@lists.linux.dev, linux-kernel@vger.kernel.org, xueshuai@linux.alibaba.com Subject: Re: [PATCH rc v8 1/8] iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() To: Nicolin Chen , joro@8bytes.org, kevin.tian@intel.com, jgg@nvidia.com References: Content-Language: en-US From: Baolu Lu In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/25/2026 9:15 AM, Nicolin Chen wrote: > Local sashiko review pointed it out that group->domain could be NULL when > a default domain fails to allocate during the first probe, which can crash > at domain->ops->attach_dev dereference in __iommu_attach_device() invoked > by pci_dev_reset_iommu_done(). > > pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL. > > Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug. > > Fixes: c279e83953d9 ("iommu: Introduce pci_dev_reset_iommu_prepare/done()") > Cc:stable@vger.kernel.org > Signed-off-by: Nicolin Chen > --- > drivers/iommu/iommu.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) Reviewed-by: Lu Baolu