[git pull] IOMMU updates for 2.6.33-rc1

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [git pull] IOMMU updates for 2.6.33-rc1
@ 2009-12-21 15:22 Joerg Roedel
  2009-12-21 15:22 ` [PATCH 1/2] dma-debug: Do not add notifier when dma debugging is disabled Joerg Roedel
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Joerg Roedel @ 2009-12-21 15:22 UTC (permalink / raw)
  To: Ingo Molnar; +Cc: x86, linux-kernel

Hi Ingo,


The following changes since commit 55639353a0035052d9ea6cfe4dde0ac7fcbb2c9f:
  Linus Torvalds (1):
        Linux 2.6.33-rc1

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux-2.6-iommu.git iommu/fixes

Joerg Roedel (2):
      x86/amd-iommu: Fix initialization failure panic
      Merge branches 'dma-debug/fixes' and 'amd-iommu/fixes' into iommu/fixes

Shaun Ruffell (1):
      dma-debug: Do not add notifier when dma debugging is disabled.

 arch/x86/kernel/amd_iommu_init.c |   10 ++++++++++
 lib/dma-debug.c                  |    5 +++++

These two patches fix possible kernel null-pointer dereferences in the
initialization path of AMD IOMMU and the device notifier path of
dma-debug. Please pull.

	Joerg

 2 files changed, 15 insertions(+), 0 deletions(-)


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] dma-debug: Do not add notifier when dma debugging is disabled.
  2009-12-21 15:22 [git pull] IOMMU updates for 2.6.33-rc1 Joerg Roedel
@ 2009-12-21 15:22 ` Joerg Roedel
  2009-12-21 15:22 ` [PATCH 2/2] x86/amd-iommu: Fix initialization failure panic Joerg Roedel
  2009-12-28  8:24 ` [git pull] IOMMU updates for 2.6.33-rc1 Ingo Molnar
  2 siblings, 0 replies; 5+ messages in thread
From: Joerg Roedel @ 2009-12-21 15:22 UTC (permalink / raw)
  To: Ingo Molnar; +Cc: x86, linux-kernel, Shaun Ruffell, stable, Joerg Roedel

From: Shaun Ruffell <sruffell@digium.com>

If CONFIG_HAVE_DMA_API_DEBUG is defined and "dma_debug=off" is
specified on the kernel command line, when you detach a driver from a
device you can cause the following NULL pointer dereference:

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<c0580d35>] dma_debug_device_change+0x5d/0x117

The problem is that the dma_debug_device_change notifier function is
added to the bus notifier chain even though the dma_entry_hash array
was never initialized.  If dma debugging is disabled, this patch both
prevents dma_debug_device_change notifiers from being added to the
chain, and additionally ensures that the dma_debug_device_change
notifier function is a no-op.

Cc: stable@kernel.org
Signed-off-by: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 lib/dma-debug.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/lib/dma-debug.c b/lib/dma-debug.c
index d9b08e0..7399744 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
@@ -676,6 +676,8 @@ static int dma_debug_device_change(struct notifier_block *nb,
 	struct device *dev = data;
 	int count;
 
+	if (global_disable)
+		return;
 
 	switch (action) {
 	case BUS_NOTIFY_UNBOUND_DRIVER:
@@ -697,6 +699,9 @@ void dma_debug_add_bus(struct bus_type *bus)
 {
 	struct notifier_block *nb;
 
+	if (global_disable)
+		return;
+
 	nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
 	if (nb == NULL) {
 		pr_err("dma_debug_add_bus: out of memory\n");
-- 
1.6.5.4



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH 2/2] x86/amd-iommu: Fix initialization failure panic
  2009-12-21 15:22 [git pull] IOMMU updates for 2.6.33-rc1 Joerg Roedel
  2009-12-21 15:22 ` [PATCH 1/2] dma-debug: Do not add notifier when dma debugging is disabled Joerg Roedel
@ 2009-12-21 15:22 ` Joerg Roedel
  2009-12-28  8:25   ` Ingo Molnar
  2009-12-28  8:24 ` [git pull] IOMMU updates for 2.6.33-rc1 Ingo Molnar
  2 siblings, 1 reply; 5+ messages in thread
From: Joerg Roedel @ 2009-12-21 15:22 UTC (permalink / raw)
  To: Ingo Molnar; +Cc: x86, linux-kernel, Joerg Roedel, stable

The assumption that acpi_table_parse passes the return value
of the hanlder function to the caller proved wrong
recently. The return value of the handler function is
totally ignored. This makes the initialization code for AMD
IOMMU buggy in a way that could cause a kernel panic on
initialization. This patch fixes the issue in the AMD IOMMU
driver.

Cc: stable@kernel.org
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 arch/x86/kernel/amd_iommu_init.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kernel/amd_iommu_init.c b/arch/x86/kernel/amd_iommu_init.c
index 1dca9c3..fb490ce 100644
--- a/arch/x86/kernel/amd_iommu_init.c
+++ b/arch/x86/kernel/amd_iommu_init.c
@@ -138,6 +138,11 @@ int amd_iommus_present;
 bool amd_iommu_np_cache __read_mostly;
 
 /*
+ * Set to true if ACPI table parsing and hardware intialization went properly
+ */
+static bool amd_iommu_initialized;
+
+/*
  * List of protection domains - used during resume
  */
 LIST_HEAD(amd_iommu_pd_list);
@@ -929,6 +934,8 @@ static int __init init_iommu_all(struct acpi_table_header *table)
 	}
 	WARN_ON(p != end);
 
+	amd_iommu_initialized = true;
+
 	return 0;
 }
 
@@ -1263,6 +1270,9 @@ static int __init amd_iommu_init(void)
 	if (acpi_table_parse("IVRS", init_iommu_all) != 0)
 		goto free;
 
+	if (!amd_iommu_initialized)
+		goto free;
+
 	if (acpi_table_parse("IVRS", init_memory_definitions) != 0)
 		goto free;
 
-- 
1.6.5.4



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [git pull] IOMMU updates for 2.6.33-rc1
  2009-12-21 15:22 [git pull] IOMMU updates for 2.6.33-rc1 Joerg Roedel
  2009-12-21 15:22 ` [PATCH 1/2] dma-debug: Do not add notifier when dma debugging is disabled Joerg Roedel
  2009-12-21 15:22 ` [PATCH 2/2] x86/amd-iommu: Fix initialization failure panic Joerg Roedel
@ 2009-12-28  8:24 ` Ingo Molnar
  2 siblings, 0 replies; 5+ messages in thread
From: Ingo Molnar @ 2009-12-28  8:24 UTC (permalink / raw)
  To: Joerg Roedel; +Cc: Ingo Molnar, x86, linux-kernel


* Joerg Roedel <joerg.roedel@amd.com> wrote:

> Hi Ingo,
> 
> 
> The following changes since commit 55639353a0035052d9ea6cfe4dde0ac7fcbb2c9f:
>   Linus Torvalds (1):
>         Linux 2.6.33-rc1
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux-2.6-iommu.git iommu/fixes
> 
> Joerg Roedel (2):
>       x86/amd-iommu: Fix initialization failure panic
>       Merge branches 'dma-debug/fixes' and 'amd-iommu/fixes' into iommu/fixes
> 
> Shaun Ruffell (1):
>       dma-debug: Do not add notifier when dma debugging is disabled.
> 
>  arch/x86/kernel/amd_iommu_init.c |   10 ++++++++++
>  lib/dma-debug.c                  |    5 +++++
> 
> These two patches fix possible kernel null-pointer dereferences in the 
> initialization path of AMD IOMMU and the device notifier path of dma-debug. 
> Please pull.
> 
> 	Joerg
> 
>  2 files changed, 15 insertions(+), 0 deletions(-)

Pulled, thanks a lot Joerg!

	Ingo

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2] x86/amd-iommu: Fix initialization failure panic
  2009-12-21 15:22 ` [PATCH 2/2] x86/amd-iommu: Fix initialization failure panic Joerg Roedel
@ 2009-12-28  8:25   ` Ingo Molnar
  0 siblings, 0 replies; 5+ messages in thread
From: Ingo Molnar @ 2009-12-28  8:25 UTC (permalink / raw)
  To: Joerg Roedel; +Cc: Ingo Molnar, x86, linux-kernel, stable


* Joerg Roedel <joerg.roedel@amd.com> wrote:

> The assumption that acpi_table_parse passes the return value
> of the hanlder function to the caller proved wrong
> recently. The return value of the handler function is
> totally ignored. This makes the initialization code for AMD
> IOMMU buggy in a way that could cause a kernel panic on
> initialization. This patch fixes the issue in the AMD IOMMU
> driver.
> 
> Cc: stable@kernel.org
> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
> ---
>  arch/x86/kernel/amd_iommu_init.c |   10 ++++++++++
>  1 files changed, 10 insertions(+), 0 deletions(-)
> 
> diff --git a/arch/x86/kernel/amd_iommu_init.c b/arch/x86/kernel/amd_iommu_init.c
> index 1dca9c3..fb490ce 100644
> --- a/arch/x86/kernel/amd_iommu_init.c
> +++ b/arch/x86/kernel/amd_iommu_init.c
> @@ -138,6 +138,11 @@ int amd_iommus_present;
>  bool amd_iommu_np_cache __read_mostly;
>  
>  /*
> + * Set to true if ACPI table parsing and hardware intialization went properly
> + */
> +static bool amd_iommu_initialized;

Btw., could this new variable be __init?

	Ingo

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2009-12-28  8:25 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-21 15:22 [git pull] IOMMU updates for 2.6.33-rc1 Joerg Roedel
2009-12-21 15:22 ` [PATCH 1/2] dma-debug: Do not add notifier when dma debugging is disabled Joerg Roedel
2009-12-21 15:22 ` [PATCH 2/2] x86/amd-iommu: Fix initialization failure panic Joerg Roedel
2009-12-28  8:25   ` Ingo Molnar
2009-12-28  8:24 ` [git pull] IOMMU updates for 2.6.33-rc1 Ingo Molnar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox