* [PATCH 1/2] iommu/dma: Don't put uninitialised IOVA domains
@ 2016-08-09 15:23 Robin Murphy
2016-08-09 15:36 ` Joerg Roedel
0 siblings, 1 reply; 2+ messages in thread
From: Robin Murphy @ 2016-08-09 15:23 UTC (permalink / raw)
To: joro; +Cc: iommu, stable
Due to the limitations of having to wait until we see a device's DMA
restrictions before we know how we want an IOVA domain initialised,
there is a window for error if a DMA ops domain is allocated but later
freed without ever being used. In that case, init_iova_domain() was
never called, so calling put_iova_domain() from iommu_put_dma_cookie()
ends up trying to take an uninitialised lock and crashing.
Make things robust by skipping the call unless the IOVA domain actually
has been initialised, as we probably should have done from the start.
Fixes: 0db2e5d18f76 ("iommu: Implement common IOMMU ops for DMA mapping")
Cc: stable@vger.kernel.org
Reported-by: Nate Watterson <nwatters@codeaurora.org>
Reviewed-by: Nate Watterson <nwatters@codeaurora.org>
Tested-by: Nate Watterson <nwatters@codeaurora.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
---
drivers/iommu/dma-iommu.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
index 08a1e2f3690f..7d991c81c4fa 100644
--- a/drivers/iommu/dma-iommu.c
+++ b/drivers/iommu/dma-iommu.c
@@ -68,7 +68,8 @@ void iommu_put_dma_cookie(struct iommu_domain *domain)
if (!iovad)
return;
- put_iova_domain(iovad);
+ if (iovad->granule)
+ put_iova_domain(iovad);
kfree(iovad);
domain->iova_cookie = NULL;
}
--
2.8.1.dirty
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/2] iommu/dma: Don't put uninitialised IOVA domains
2016-08-09 15:23 [PATCH 1/2] iommu/dma: Don't put uninitialised IOVA domains Robin Murphy
@ 2016-08-09 15:36 ` Joerg Roedel
0 siblings, 0 replies; 2+ messages in thread
From: Joerg Roedel @ 2016-08-09 15:36 UTC (permalink / raw)
To: Robin Murphy; +Cc: iommu, stable
On Tue, Aug 09, 2016 at 04:23:17PM +0100, Robin Murphy wrote:
> Due to the limitations of having to wait until we see a device's DMA
> restrictions before we know how we want an IOVA domain initialised,
> there is a window for error if a DMA ops domain is allocated but later
> freed without ever being used. In that case, init_iova_domain() was
> never called, so calling put_iova_domain() from iommu_put_dma_cookie()
> ends up trying to take an uninitialised lock and crashing.
>
> Make things robust by skipping the call unless the IOVA domain actually
> has been initialised, as we probably should have done from the start.
>
> Fixes: 0db2e5d18f76 ("iommu: Implement common IOMMU ops for DMA mapping")
> Cc: stable@vger.kernel.org
> Reported-by: Nate Watterson <nwatters@codeaurora.org>
> Reviewed-by: Nate Watterson <nwatters@codeaurora.org>
> Tested-by: Nate Watterson <nwatters@codeaurora.org>
> Reviewed-by: Eric Auger <eric.auger@redhat.com>
> Tested-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Robin Murphy <robin.murphy@arm.com>
> ---
> drivers/iommu/dma-iommu.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Wow, that was quick :)
Applied to iommu/fixes, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-08-09 15:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-09 15:23 [PATCH 1/2] iommu/dma: Don't put uninitialised IOVA domains Robin Murphy
2016-08-09 15:36 ` Joerg Roedel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox