iommu: Check if group is NULL before remove device (5aa95d88) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 5aa95d88 authored Jul 31, 2021 by

Frank Wunderlich Committed by Joerg Roedel Aug 02, 2021

iommu: Check if group is NULL before remove device

If probe_device is failing, iommu_group is not initialized because
iommu_group_add_device is not reached, so freeing it will result
in NULL pointer access.

iommu_bus_init
  ->bus_iommu_probe
      ->probe_iommu_group in for each:/* return -22 in fail case */
          ->iommu_probe_device
              ->__iommu_probe_device       /* return -22 here.*/
                  -> ops->probe_device          /* return -22 here.*/
                  -> iommu_group_get_for_dev
                        -> ops->device_group
                        -> iommu_group_add_device //good case
  ->remove_iommu_group  //in fail case, it will remove group
     ->iommu_release_device
         ->iommu_group_remove_device // here we don't have group

In my case ops->probe_device (mtk_iommu_probe_device from
mtk_iommu_v1.c) is due to failing fwspec->ops mismatch.

Fixes: d72e31c9

 ("iommu: IOMMU Groups")
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Link: https://lore.kernel.org/r/20210731074737.4573-1-linux@fw-web.de
Signed-off-by: Joerg Roedel <jroedel@suse.de>

parent 0fbea680

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit d2ab5491
· Aug 27, 2021

mentioned in commit d2ab5491

mentioned in commit d2ab5491de91a7f70e8474e70378086c29bd7e94

Toggle commit list
mirror @mirror
mentioned in commit 731825e5
· Aug 27, 2021

mentioned in commit 731825e5

mentioned in commit 731825e59e1de9597268091c850ae482d4733a17

Toggle commit list
mirror @mirror
mentioned in commit cb9a9d5f
· Aug 27, 2021

mentioned in commit cb9a9d5f

mentioned in commit cb9a9d5fe636492d6b26fc0de267f8ad50724ed6

Toggle commit list

Please register or to comment