[PATCH AUTOSEL 5.5 07/75] iommu/vt-d: Fix mm reference leak

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>,
	Lu Baolu <baolu.lu@linux.intel.com>,
	Joerg Roedel <jroedel@suse.de>, Sasha Levin <sashal@kernel.org>,
	iommu@lists.linux-foundation.org
Subject: [PATCH AUTOSEL 5.5 07/75] iommu/vt-d: Fix mm reference leak
Date: Sat, 18 Apr 2020 10:08:02 -0400	[thread overview]
Message-ID: <20200418140910.8280-7-sashal@kernel.org> (raw)
In-Reply-To: <20200418140910.8280-1-sashal@kernel.org>

From: Jacob Pan <jacob.jun.pan@linux.intel.com>

[ Upstream commit 902baf61adf6b187f0a6b789e70d788ea71ff5bc ]

Move canonical address check before mmget_not_zero() to avoid mm
reference leak.

Fixes: 9d8c3af31607 ("iommu/vt-d: IOMMU Page Request needs to check if address is canonical.")
Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/intel-svm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/iommu/intel-svm.c b/drivers/iommu/intel-svm.c
index 5313d043a6cf2..1d3816cd65d57 100644
--- a/drivers/iommu/intel-svm.c
+++ b/drivers/iommu/intel-svm.c
@@ -583,14 +583,15 @@ static irqreturn_t prq_event_thread(int irq, void *d)
 		 * any faults on kernel addresses. */
 		if (!svm->mm)
 			goto bad_req;
-		/* If the mm is already defunct, don't handle faults. */
-		if (!mmget_not_zero(svm->mm))
-			goto bad_req;
 
 		/* If address is not canonical, return invalid response */
 		if (!is_canonical_address(address))
 			goto bad_req;
 
+		/* If the mm is already defunct, don't handle faults. */
+		if (!mmget_not_zero(svm->mm))
+			goto bad_req;
+
 		down_read(&svm->mm->mmap_sem);
 		vma = find_extend_vma(svm->mm, address);
 		if (!vma || address < vma->vm_start)
-- 
2.20.1

next prev parent reply	other threads:[~2020-04-18 14:14 UTC|newest]

Thread overview: 78+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-18 14:07 [PATCH AUTOSEL 5.5 01/75] iommu/amd: Fix the configuration of GCR3 table root pointer Sasha Levin
2020-04-18 14:07 ` [PATCH AUTOSEL 5.5 02/75] tools/testing/nvdimm: Fix compilation failure without CONFIG_DEV_DAX_PMEM_COMPAT Sasha Levin
2020-04-18 14:07 ` [PATCH AUTOSEL 5.5 03/75] watchdog: reset last_hw_keepalive time at start Sasha Levin
2020-04-18 14:07 ` [PATCH AUTOSEL 5.5 04/75] ovl: fix value of i_ino for lower hardlink corner case Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 05/75] iommu/vt-d: Fix page request descriptor size Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 06/75] acpi/nfit: improve bounds checking for 'func' Sasha Levin
2020-04-18 14:08 ` Sasha Levin [this message]
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 08/75] scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 09/75] xfs: correctly acount for reclaimable slabs Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 10/75] scsi: lpfc: Fix crash after handling a pci error Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 11/75] scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 12/75] scsi: libfc: If PRLI rejected, move rport to PLOGI state Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 13/75] ceph: return ceph_mdsc_do_request() errors from __get_parent() Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 14/75] ceph: don't skip updating wanted caps when cap is stale Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 15/75] pwm: rcar: Fix late Runtime PM enablement Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 16/75] nvme-tcp: fix possible crash in write_zeroes processing Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 17/75] ASoC: dpcm: allow start or stop during pause for backend Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 18/75] scsi: iscsi: Report unbind session event when the target has been removed Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 19/75] tools/test/nvdimm: Fix out of tree build Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 20/75] ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 21/75] nvme: fix deadlock caused by ANA update wrong locking Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 22/75] drm/amd/display: Update stream adjust in dc_stream_adjust_vmin_vmax Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 23/75] dma-direct: fix data truncation in dma_direct_get_required_mask() Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 24/75] dma-debug: fix displaying of dma allocation type Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 25/75] kernel/gcov/fs.c: gcov_seq_next() should increase position index Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 26/75] selftests: kmod: fix handling test numbers above 9 Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 27/75] ipc/util.c: sysvipc_find_ipc() should increase position index Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 28/75] kconfig: qconf: Fix a few alignment issues Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 29/75] lib/raid6/test: fix build on distros whose /bin/sh is not bash Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 30/75] block: fix busy device checking in blk_drop_partitions Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 31/75] KVM: s390: vsie: Fix possible race when shadowing region 3 tables Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 32/75] drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 33/75] s390/cio: generate delayed uevent for vfio-ccw subchannels Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 34/75] s390/cio: avoid duplicated 'ADD' uevents Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 35/75] loop: Better discard support for block devices Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 36/75] pwm: pca9685: Fix PWM/GPIO inter-operation Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 37/75] Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled" Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 38/75] powerpc/pseries: Fix MCE handling on pseries Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 39/75] drm/amdkfd: kfree the wrong pointer Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 40/75] nvme: fix compat address handling in several ioctls Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 41/75] pwm: renesas-tpu: Fix late Runtime PM enablement Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 42/75] pwm: bcm2835: Dynamically allocate base Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 43/75] scsi: lpfc: Fix erroneous cpu limit of 128 on I/O statistics Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 44/75] drm/vc4: Fix HDMI mode validation Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 45/75] iommu/virtio: Fix freeing of incomplete domains Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 46/75] scsi: lpfc: Fix lockdep error - register non-static key Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 47/75] iommu/vt-d: Silence RCU-list debugging warning in dmar_find_atsr() Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 48/75] platform/chrome: cros_ec_rpmsg: Fix race with host event Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 49/75] libnvdimm: Out of bounds read in __nd_ioctl() Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 50/75] platform/chrome: cros_ec: Query EC protocol version if EC transitions between RO/RW Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 51/75] ocfs2: no need try to truncate file beyond i_size Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 52/75] hfsplus: fix crash and filesystem corruption when deleting files Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 53/75] ALSA: hda: Add driver blacklist Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 54/75] ALSA: hda/realtek - Add quirk for MSI GL63 Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 55/75] perf/core: Disable page faults when getting phys address Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 56/75] libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 57/75] drm/amd/display: Calculate scaling ratios on every medium/full update Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 58/75] ALSA: ice1724: Fix invalid access for enumerated ctl items Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 59/75] ALSA: hda: Fix potential access overflow in beep helper Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 60/75] KVM: s390: vsie: Fix delivery of addressing exceptions Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 61/75] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN MPWIN895CL tablet Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 62/75] ipmi: fix hung processes in __get_guid() Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 63/75] ALSA: usb-audio: Add Pioneer DJ DJM-250MK2 quirk Sasha Levin
2020-04-18 14:08 ` [PATCH AUTOSEL 5.5 64/75] ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 65/75] scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 66/75] xhci: Ensure link state is U3 after setting USB_SS_PORT_LS_U3 Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 67/75] xhci: Wait until link state trainsits to U0 after setting USB_SS_PORT_LS_U0 Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 68/75] xhci: Finetune host initiated USB3 rootport link suspend and resume Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 69/75] drm/amd/display: Not doing optimize bandwidth if flip pending Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 70/75] ASoC: SOF: trace: fix unconditional free in trace release Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 71/75] powerpc/powernv/ioda: Fix ref count for devices with their own PE Sasha Levin
2020-04-21 11:07   ` Frederic Barrat
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 72/75] pci/hotplug/pnv-php: Remove erroneous warning Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 73/75] ocxl: Add PCI hotplug dependency to Kconfig Sasha Levin
2020-04-19 16:32   ` Andrew Donnellan
2020-04-19 23:40     ` Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 74/75] virtio-blk: improve virtqueue error to BLK_STS Sasha Levin
2020-04-18 14:09 ` [PATCH AUTOSEL 5.5 75/75] block: fix busy device checking in blk_drop_partitions again Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5313d043a6cf dfblob:1d3816cd65d5 )
 OR (
bs:"[PATCH AUTOSEL 5.5 07/75] iommu/vt-d: Fix mm reference leak" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200418140910.8280-7-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=baolu.lu@linux.intel.com \
    --cc=iommu@lists.linux-foundation.org \
    --cc=jacob.jun.pan@linux.intel.com \
    --cc=jroedel@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).