public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/iommu
History
Lu Baolu 2d33b7d631 iommu/vt-d: Fix NULL pointer dereference in dev_iommu_priv_set() 
The dev_iommu_priv_set() must be called after probe_device(). This fixes
a NULL pointer deference bug when booting a system with kernel cmdline
"intel_iommu=on,igfx_off", where the dev_iommu_priv_set() is abused.

The following stacktrace was produced:

 Command line: BOOT_IMAGE=/isolinux/bzImage console=tty1 intel_iommu=on,igfx_off
 ...
 DMAR: Host address width 39
 DMAR: DRHD base: 0x000000fed90000 flags: 0x0
 DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 1c0000c40660462 ecap 19e2ff0505e
 DMAR: DRHD base: 0x000000fed91000 flags: 0x1
 DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap d2008c40660462 ecap f050da
 DMAR: RMRR base: 0x0000009aa9f000 end: 0x0000009aabefff
 DMAR: RMRR base: 0x0000009d000000 end: 0x0000009f7fffff
 DMAR: No ATSR found
 BUG: kernel NULL pointer dereference, address: 0000000000000038
 #PF: supervisor write access in kernel mode
 #PF: error_code(0x0002) - not-present page
 PGD 0 P4D 0
 Oops: 0002 [#1] SMP PTI
 CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.9.0-devel+ #2
 Hardware name: LENOVO 20HGS0TW00/20HGS0TW00, BIOS N1WET46S (1.25s ) 03/30/2018
 RIP: 0010:intel_iommu_init+0xed0/0x1136
 Code: fe e9 61 02 00 00 bb f4 ff ff ff e9 57 02 00 00 48 63 d1 48 c1 e2 04 48
       03 50 20 48 8b 12 48 85 d2 74 0b 48 8b 92 d0 02 00 00 48 89 7a 38 ff c1
       e9 15 f5 ff ff 48 c7 c7 60 99 ac a7 49 c7 c7 a0
 RSP: 0000:ffff96d180073dd0 EFLAGS: 00010282
 RAX: ffff8c91037a7d20 RBX: 0000000000000000 RCX: 0000000000000000
 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
 RBP: ffff96d180073e90 R08: 0000000000000001 R09: ffff8c91039fe3c0
 R10: 0000000000000226 R11: 0000000000000226 R12: 000000000000000b
 R13: ffff8c910367c650 R14: ffffffffa8426d60 R15: 0000000000000000
 FS:  0000000000000000(0000) GS:ffff8c9107480000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000038 CR3: 00000004b100a001 CR4: 00000000003706e0
 Call Trace:
  ? _raw_spin_unlock_irqrestore+0x1f/0x30
  ? call_rcu+0x10e/0x320
  ? trace_hardirqs_on+0x2c/0xd0
  ? rdinit_setup+0x2c/0x2c
  ? e820__memblock_setup+0x8b/0x8b
  pci_iommu_init+0x16/0x3f
  do_one_initcall+0x46/0x1e4
  kernel_init_freeable+0x169/0x1b2
  ? rest_init+0x9f/0x9f
  kernel_init+0xa/0x101
  ret_from_fork+0x22/0x30
 Modules linked in:
 CR2: 0000000000000038
 ---[ end trace 3653722a6f936f18 ]---

Fixes: 01b9d4e211 ("iommu/vt-d: Use dev_iommu_priv_get/set()")
Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Reported-by: Wendy Wang <wendy.wang@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Tested-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Link: https://lore.kernel.org/linux-iommu/96717683-70be-7388-3d2f-61131070a96a@secunet.com/
Link: https://lore.kernel.org/r/20200903065132.16879-1-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2020-09-04 11:50:37 +02:00
..
amd treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
arm treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
intel iommu/vt-d: Fix NULL pointer dereference in dev_iommu_priv_set() 2020-09-04 11:50:37 +02:00
dma-iommu.c dma-pool: fix coherent pool allocations for IOMMU mappings 2020-08-14 16:27:00 +02:00
exynos-iommu.c Merge branches 'arm/renesas', 'arm/qcom', 'arm/mediatek', 'arm/omap', 'arm/exynos', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2020-07-29 14:42:00 +02:00
fsl_pamu.c iommu/pamu: Use kzfree() in fsl_pamu_probe() 2020-06-30 10:47:38 +02:00
fsl_pamu.h
fsl_pamu_domain.c iommu/pamu: Use dev_iommu_priv_get/set() 2020-06-30 11:59:48 +02:00
fsl_pamu_domain.h
hyperv-iommu.c irqdomain/treewide: Keep firmware node unconditionally allocated 2020-07-14 17:44:42 +02:00
io-pgtable-arm-v7s.c iommu: Add gfp parameter to io_pgtable_ops->map() 2020-07-24 14:29:47 +02:00
io-pgtable-arm.c Merge branches 'arm/renesas', 'arm/qcom', 'arm/mediatek', 'arm/omap', 'arm/exynos', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2020-07-29 14:42:00 +02:00
io-pgtable.c iommu/io-pgtable-arm: Rationalise TCR handling 2020-01-10 15:52:24 +00:00
ioasid.c
iommu-debugfs.c
iommu-sysfs.c
iommu-traces.c
iommu.c Merge branches 'arm/renesas', 'arm/qcom', 'arm/mediatek', 'arm/omap', 'arm/exynos', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2020-07-29 14:42:00 +02:00
iova.c iommu/iova: Don't BUG on invalid PFNs 2020-06-30 10:42:27 +02:00
ipmmu-vmsa.c IOMMU Updates for Linux v5.9 2020-08-11 14:13:24 -07:00
irq_remapping.c
irq_remapping.h
Kconfig IOMMU Updates for Linux v5.9 2020-08-11 14:13:24 -07:00
Makefile More Arm SMMU updates for 5.9 2020-07-29 14:47:37 +02:00
msm_iommu.c iommu: Add gfp parameter to io_pgtable_ops->map() 2020-07-24 14:29:47 +02:00
msm_iommu.h
msm_iommu_hw-8xxx.h
mtk_iommu.c Merge branches 'arm/renesas', 'arm/qcom', 'arm/mediatek', 'arm/omap', 'arm/exynos', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2020-07-29 14:42:00 +02:00
mtk_iommu.h Merge branches 'arm/renesas', 'arm/qcom', 'arm/mediatek', 'arm/omap', 'arm/exynos', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2020-07-29 14:42:00 +02:00
mtk_iommu_v1.c iommu/mediatek: Do no use dev->archdata.iommu 2020-06-30 11:59:48 +02:00
of_iommu.c of/device: Add input id to of_dma_configure() 2020-07-28 15:51:32 +01:00
omap-iommu-debug.c iommu/omap: Check for failure of a call to omap_iommu_dump_ctx 2020-07-22 15:02:33 +02:00
omap-iommu.c Merge branches 'arm/renesas', 'arm/qcom', 'arm/mediatek', 'arm/omap', 'arm/exynos', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2020-07-29 14:42:00 +02:00
omap-iommu.h
omap-iopgtable.h iommu/omap: Fix -Woverflow warnings when compiling on 64-bit architectures 2020-03-04 16:24:46 +01:00
rockchip-iommu.c iommu/rockchip: Use dev_iommu_priv_get/set() 2020-06-30 11:59:48 +02:00
s390-iommu.c s390 updates for the 5.8 merge window 2020-06-08 12:05:31 -07:00
sun50i-iommu.c iommu/sun50i: Remove unused variable 2020-06-30 12:05:09 +02:00
tegra-gart.c iommu/tegra: Use dev_iommu_priv_get/set() 2020-06-30 11:59:48 +02:00
tegra-smmu.c iommu/tegra: Use dev_iommu_priv_get/set() 2020-06-30 11:59:48 +02:00
virtio-iommu.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00