* [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. (fwd)
@ 2020-05-14 14:41 Julia Lawall
2020-05-15 0:23 ` Lu, Baolu
0 siblings, 1 reply; 2+ messages in thread
From: Julia Lawall @ 2020-05-14 14:41 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 12722 bytes --]
Hello,
Line 367 requires svm to be a valid pointer. This will cause problems
with at least the gotos on lines 266 and 300.
julia
---------- Forwarded message ----------
Date: Thu, 14 May 2020 18:31:21 +0800
From: kbuild test robot <lkp@intel.com>
To: kbuild(a)lists.01.org
Cc: lkp(a)intel.com, Julia Lawall <julia.lawall@lip6.fr>
Subject: [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26:
ERROR: svm is NULL but dereferenced.
CC: kbuild-all(a)lists.01.org
CC: Baolu Lu <baolu.lu@intel.com>
TO: Lu Baolu <baolu.lu@linux.intel.com>
tree: baolu/iommu/next/20200514
head: 28c528ddc9501f8caba71dba375bd1d35403dd4b
commit: 64e95c1afbadc5601bc100f6424b1848888613f7 [4/16] iommu/vt-d: Add bind guest PASID support
:::::: branch date: 8 hours ago
:::::: commit date: 8 hours ago
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
coccinelle warnings: (new ones prefixed by >>)
>> drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced.
git remote add baolu git://bee.sh.intel.com/git/blu2/usb.git
git remote update baolu
git checkout 64e95c1afbadc5601bc100f6424b1848888613f7
vim +367 drivers/iommu/intel-svm.c
2f26e0a9c9860d David Woodhouse 2015-09-09 224
034d473109e907 Jacob Pan 2020-01-02 225 #define for_each_svm_dev(sdev, svm, d) \
034d473109e907 Jacob Pan 2020-01-02 226 list_for_each_entry((sdev), &(svm)->devs, list) \
034d473109e907 Jacob Pan 2020-01-02 227 if ((d) != (sdev)->dev) {} else
034d473109e907 Jacob Pan 2020-01-02 228
64e95c1afbadc5 Jacob Pan 2020-05-14 229 int intel_svm_bind_gpasid(struct iommu_domain *domain, struct device *dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 230 struct iommu_gpasid_bind_data *data)
64e95c1afbadc5 Jacob Pan 2020-05-14 231 {
64e95c1afbadc5 Jacob Pan 2020-05-14 232 struct intel_iommu *iommu = intel_svm_device_to_iommu(dev);
64e95c1afbadc5 Jacob Pan 2020-05-14 233 struct dmar_domain *dmar_domain;
64e95c1afbadc5 Jacob Pan 2020-05-14 234 struct intel_svm_dev *sdev;
64e95c1afbadc5 Jacob Pan 2020-05-14 235 struct intel_svm *svm;
64e95c1afbadc5 Jacob Pan 2020-05-14 236 int ret = 0;
64e95c1afbadc5 Jacob Pan 2020-05-14 237
64e95c1afbadc5 Jacob Pan 2020-05-14 238 if (WARN_ON(!iommu) || !data)
64e95c1afbadc5 Jacob Pan 2020-05-14 239 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 240
64e95c1afbadc5 Jacob Pan 2020-05-14 241 if (data->version != IOMMU_GPASID_BIND_VERSION_1 ||
64e95c1afbadc5 Jacob Pan 2020-05-14 242 data->format != IOMMU_PASID_FORMAT_INTEL_VTD)
64e95c1afbadc5 Jacob Pan 2020-05-14 243 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 244
64e95c1afbadc5 Jacob Pan 2020-05-14 245 if (dev_is_pci(dev)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 246 /* VT-d supports devices with full 20 bit PASIDs only */
64e95c1afbadc5 Jacob Pan 2020-05-14 247 if (pci_max_pasids(to_pci_dev(dev)) != PASID_MAX)
64e95c1afbadc5 Jacob Pan 2020-05-14 248 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 249 } else {
64e95c1afbadc5 Jacob Pan 2020-05-14 250 return -ENOTSUPP;
64e95c1afbadc5 Jacob Pan 2020-05-14 251 }
64e95c1afbadc5 Jacob Pan 2020-05-14 252
64e95c1afbadc5 Jacob Pan 2020-05-14 253 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 254 * We only check host PASID range, we have no knowledge to check
64e95c1afbadc5 Jacob Pan 2020-05-14 255 * guest PASID range.
64e95c1afbadc5 Jacob Pan 2020-05-14 256 */
64e95c1afbadc5 Jacob Pan 2020-05-14 257 if (data->hpasid <= 0 || data->hpasid >= PASID_MAX)
64e95c1afbadc5 Jacob Pan 2020-05-14 258 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 259
64e95c1afbadc5 Jacob Pan 2020-05-14 260 dmar_domain = to_dmar_domain(domain);
64e95c1afbadc5 Jacob Pan 2020-05-14 261
64e95c1afbadc5 Jacob Pan 2020-05-14 262 mutex_lock(&pasid_mutex);
64e95c1afbadc5 Jacob Pan 2020-05-14 263 svm = ioasid_find(NULL, data->hpasid, NULL);
64e95c1afbadc5 Jacob Pan 2020-05-14 264 if (IS_ERR(svm)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 265 ret = PTR_ERR(svm);
64e95c1afbadc5 Jacob Pan 2020-05-14 266 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 267 }
64e95c1afbadc5 Jacob Pan 2020-05-14 268
64e95c1afbadc5 Jacob Pan 2020-05-14 269 if (svm) {
64e95c1afbadc5 Jacob Pan 2020-05-14 270 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 271 * If we found svm for the PASID, there must be at
64e95c1afbadc5 Jacob Pan 2020-05-14 272 * least one device bond, otherwise svm should be freed.
64e95c1afbadc5 Jacob Pan 2020-05-14 273 */
64e95c1afbadc5 Jacob Pan 2020-05-14 274 if (WARN_ON(list_empty(&svm->devs))) {
64e95c1afbadc5 Jacob Pan 2020-05-14 275 ret = -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 276 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 277 }
64e95c1afbadc5 Jacob Pan 2020-05-14 278
64e95c1afbadc5 Jacob Pan 2020-05-14 279 for_each_svm_dev(sdev, svm, dev) {
64e95c1afbadc5 Jacob Pan 2020-05-14 280 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 281 * For devices with aux domains, we should allow
64e95c1afbadc5 Jacob Pan 2020-05-14 282 * multiple bind calls with the same PASID and pdev.
64e95c1afbadc5 Jacob Pan 2020-05-14 283 */
64e95c1afbadc5 Jacob Pan 2020-05-14 284 if (iommu_dev_feature_enabled(dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 285 IOMMU_DEV_FEAT_AUX)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 286 sdev->users++;
64e95c1afbadc5 Jacob Pan 2020-05-14 287 } else {
64e95c1afbadc5 Jacob Pan 2020-05-14 288 dev_warn_ratelimited(dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 289 "Already bound with PASID %u\n",
64e95c1afbadc5 Jacob Pan 2020-05-14 290 svm->pasid);
64e95c1afbadc5 Jacob Pan 2020-05-14 291 ret = -EBUSY;
64e95c1afbadc5 Jacob Pan 2020-05-14 292 }
64e95c1afbadc5 Jacob Pan 2020-05-14 293 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 294 }
64e95c1afbadc5 Jacob Pan 2020-05-14 295 } else {
64e95c1afbadc5 Jacob Pan 2020-05-14 296 /* We come here when PASID has never been bond to a device. */
64e95c1afbadc5 Jacob Pan 2020-05-14 297 svm = kzalloc(sizeof(*svm), GFP_KERNEL);
64e95c1afbadc5 Jacob Pan 2020-05-14 298 if (!svm) {
64e95c1afbadc5 Jacob Pan 2020-05-14 299 ret = -ENOMEM;
64e95c1afbadc5 Jacob Pan 2020-05-14 300 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 301 }
64e95c1afbadc5 Jacob Pan 2020-05-14 302 /* REVISIT: upper layer/VFIO can track host process that bind
64e95c1afbadc5 Jacob Pan 2020-05-14 303 * the PASID. ioasid_set = mm might be sufficient for vfio to
64e95c1afbadc5 Jacob Pan 2020-05-14 304 * check pasid VMM ownership. We can drop the following line
64e95c1afbadc5 Jacob Pan 2020-05-14 305 * once VFIO and IOASID set check is in place.
64e95c1afbadc5 Jacob Pan 2020-05-14 306 */
64e95c1afbadc5 Jacob Pan 2020-05-14 307 svm->mm = get_task_mm(current);
64e95c1afbadc5 Jacob Pan 2020-05-14 308 svm->pasid = data->hpasid;
64e95c1afbadc5 Jacob Pan 2020-05-14 309 if (data->flags & IOMMU_SVA_GPASID_VAL) {
64e95c1afbadc5 Jacob Pan 2020-05-14 310 svm->gpasid = data->gpasid;
64e95c1afbadc5 Jacob Pan 2020-05-14 311 svm->flags |= SVM_FLAG_GUEST_PASID;
64e95c1afbadc5 Jacob Pan 2020-05-14 312 }
64e95c1afbadc5 Jacob Pan 2020-05-14 313 ioasid_set_data(data->hpasid, svm);
64e95c1afbadc5 Jacob Pan 2020-05-14 314 INIT_LIST_HEAD_RCU(&svm->devs);
64e95c1afbadc5 Jacob Pan 2020-05-14 315 mmput(svm->mm);
64e95c1afbadc5 Jacob Pan 2020-05-14 316 }
64e95c1afbadc5 Jacob Pan 2020-05-14 317 sdev = kzalloc(sizeof(*sdev), GFP_KERNEL);
64e95c1afbadc5 Jacob Pan 2020-05-14 318 if (!sdev) {
64e95c1afbadc5 Jacob Pan 2020-05-14 319 ret = -ENOMEM;
64e95c1afbadc5 Jacob Pan 2020-05-14 320 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 321 }
64e95c1afbadc5 Jacob Pan 2020-05-14 322 sdev->dev = dev;
64e95c1afbadc5 Jacob Pan 2020-05-14 323
64e95c1afbadc5 Jacob Pan 2020-05-14 324 /* Only count users if device has aux domains */
64e95c1afbadc5 Jacob Pan 2020-05-14 325 if (iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX))
64e95c1afbadc5 Jacob Pan 2020-05-14 326 sdev->users = 1;
64e95c1afbadc5 Jacob Pan 2020-05-14 327
64e95c1afbadc5 Jacob Pan 2020-05-14 328 /* Set up device context entry for PASID if not enabled already */
64e95c1afbadc5 Jacob Pan 2020-05-14 329 ret = intel_iommu_enable_pasid(iommu, sdev->dev);
64e95c1afbadc5 Jacob Pan 2020-05-14 330 if (ret) {
64e95c1afbadc5 Jacob Pan 2020-05-14 331 dev_err_ratelimited(dev, "Failed to enable PASID capability\n");
64e95c1afbadc5 Jacob Pan 2020-05-14 332 kfree(sdev);
64e95c1afbadc5 Jacob Pan 2020-05-14 333 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 334 }
64e95c1afbadc5 Jacob Pan 2020-05-14 335
64e95c1afbadc5 Jacob Pan 2020-05-14 336 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 337 * PASID table is per device for better security. Therefore, for
64e95c1afbadc5 Jacob Pan 2020-05-14 338 * each bind of a new device even with an existing PASID, we need to
64e95c1afbadc5 Jacob Pan 2020-05-14 339 * call the nested mode setup function here.
64e95c1afbadc5 Jacob Pan 2020-05-14 340 */
64e95c1afbadc5 Jacob Pan 2020-05-14 341 spin_lock(&iommu->lock);
64e95c1afbadc5 Jacob Pan 2020-05-14 342 ret = intel_pasid_setup_nested(iommu,
64e95c1afbadc5 Jacob Pan 2020-05-14 343 dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 344 (pgd_t *)data->gpgd,
64e95c1afbadc5 Jacob Pan 2020-05-14 345 data->hpasid,
64e95c1afbadc5 Jacob Pan 2020-05-14 346 &data->vtd,
64e95c1afbadc5 Jacob Pan 2020-05-14 347 dmar_domain,
64e95c1afbadc5 Jacob Pan 2020-05-14 348 data->addr_width);
64e95c1afbadc5 Jacob Pan 2020-05-14 349 spin_unlock(&iommu->lock);
64e95c1afbadc5 Jacob Pan 2020-05-14 350 if (ret) {
64e95c1afbadc5 Jacob Pan 2020-05-14 351 dev_err_ratelimited(dev, "Failed to set up PASID %llu in nested mode, Err %d\n",
64e95c1afbadc5 Jacob Pan 2020-05-14 352 data->hpasid, ret);
64e95c1afbadc5 Jacob Pan 2020-05-14 353 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 354 * PASID entry should be in cleared state if nested mode
64e95c1afbadc5 Jacob Pan 2020-05-14 355 * set up failed. So we only need to clear IOASID tracking
64e95c1afbadc5 Jacob Pan 2020-05-14 356 * data such that free call will succeed.
64e95c1afbadc5 Jacob Pan 2020-05-14 357 */
64e95c1afbadc5 Jacob Pan 2020-05-14 358 kfree(sdev);
64e95c1afbadc5 Jacob Pan 2020-05-14 359 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 360 }
64e95c1afbadc5 Jacob Pan 2020-05-14 361
64e95c1afbadc5 Jacob Pan 2020-05-14 362 svm->flags |= SVM_FLAG_GUEST_MODE;
64e95c1afbadc5 Jacob Pan 2020-05-14 363
64e95c1afbadc5 Jacob Pan 2020-05-14 364 init_rcu_head(&sdev->rcu);
64e95c1afbadc5 Jacob Pan 2020-05-14 365 list_add_rcu(&sdev->list, &svm->devs);
64e95c1afbadc5 Jacob Pan 2020-05-14 366 out:
64e95c1afbadc5 Jacob Pan 2020-05-14 @367 if (list_empty(&svm->devs)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 368 ioasid_set_data(data->hpasid, NULL);
64e95c1afbadc5 Jacob Pan 2020-05-14 369 kfree(svm);
64e95c1afbadc5 Jacob Pan 2020-05-14 370 }
64e95c1afbadc5 Jacob Pan 2020-05-14 371
64e95c1afbadc5 Jacob Pan 2020-05-14 372 mutex_unlock(&pasid_mutex);
64e95c1afbadc5 Jacob Pan 2020-05-14 373 return ret;
64e95c1afbadc5 Jacob Pan 2020-05-14 374 }
64e95c1afbadc5 Jacob Pan 2020-05-14 375
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. (fwd)
2020-05-14 14:41 [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. (fwd) Julia Lawall
@ 2020-05-15 0:23 ` Lu, Baolu
0 siblings, 0 replies; 2+ messages in thread
From: Lu, Baolu @ 2020-05-15 0:23 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 13108 bytes --]
Yes! Thanks a lot for catching it.
-----Original Message-----
From: Julia Lawall [mailto:julia.lawall(a)inria.fr]
Sent: Thursday, May 14, 2020 10:42 PM
To: Lu, Baolu <baolu.lu@intel.com>
Cc: Lu Baolu <baolu.lu@linux.intel.com>; kbuild-all(a)lists.01.org
Subject: [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. (fwd)
Hello,
Line 367 requires svm to be a valid pointer. This will cause problems with at least the gotos on lines 266 and 300.
julia
---------- Forwarded message ----------
Date: Thu, 14 May 2020 18:31:21 +0800
From: kbuild test robot <lkp@intel.com>
To: kbuild(a)lists.01.org
Cc: lkp(a)intel.com, Julia Lawall <julia.lawall@lip6.fr>
Subject: [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26:
ERROR: svm is NULL but dereferenced.
CC: kbuild-all(a)lists.01.org
CC: Baolu Lu <baolu.lu@intel.com>
TO: Lu Baolu <baolu.lu@linux.intel.com>
tree: baolu/iommu/next/20200514
head: 28c528ddc9501f8caba71dba375bd1d35403dd4b
commit: 64e95c1afbadc5601bc100f6424b1848888613f7 [4/16] iommu/vt-d: Add bind guest PASID support
:::::: branch date: 8 hours ago
:::::: commit date: 8 hours ago
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
coccinelle warnings: (new ones prefixed by >>)
>> drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced.
git remote add baolu git://bee.sh.intel.com/git/blu2/usb.git
git remote update baolu
git checkout 64e95c1afbadc5601bc100f6424b1848888613f7
vim +367 drivers/iommu/intel-svm.c
2f26e0a9c9860d David Woodhouse 2015-09-09 224
034d473109e907 Jacob Pan 2020-01-02 225 #define for_each_svm_dev(sdev, svm, d) \
034d473109e907 Jacob Pan 2020-01-02 226 list_for_each_entry((sdev), &(svm)->devs, list) \
034d473109e907 Jacob Pan 2020-01-02 227 if ((d) != (sdev)->dev) {} else
034d473109e907 Jacob Pan 2020-01-02 228
64e95c1afbadc5 Jacob Pan 2020-05-14 229 int intel_svm_bind_gpasid(struct iommu_domain *domain, struct device *dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 230 struct iommu_gpasid_bind_data *data)
64e95c1afbadc5 Jacob Pan 2020-05-14 231 {
64e95c1afbadc5 Jacob Pan 2020-05-14 232 struct intel_iommu *iommu = intel_svm_device_to_iommu(dev);
64e95c1afbadc5 Jacob Pan 2020-05-14 233 struct dmar_domain *dmar_domain;
64e95c1afbadc5 Jacob Pan 2020-05-14 234 struct intel_svm_dev *sdev;
64e95c1afbadc5 Jacob Pan 2020-05-14 235 struct intel_svm *svm;
64e95c1afbadc5 Jacob Pan 2020-05-14 236 int ret = 0;
64e95c1afbadc5 Jacob Pan 2020-05-14 237
64e95c1afbadc5 Jacob Pan 2020-05-14 238 if (WARN_ON(!iommu) || !data)
64e95c1afbadc5 Jacob Pan 2020-05-14 239 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 240
64e95c1afbadc5 Jacob Pan 2020-05-14 241 if (data->version != IOMMU_GPASID_BIND_VERSION_1 ||
64e95c1afbadc5 Jacob Pan 2020-05-14 242 data->format != IOMMU_PASID_FORMAT_INTEL_VTD)
64e95c1afbadc5 Jacob Pan 2020-05-14 243 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 244
64e95c1afbadc5 Jacob Pan 2020-05-14 245 if (dev_is_pci(dev)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 246 /* VT-d supports devices with full 20 bit PASIDs only */
64e95c1afbadc5 Jacob Pan 2020-05-14 247 if (pci_max_pasids(to_pci_dev(dev)) != PASID_MAX)
64e95c1afbadc5 Jacob Pan 2020-05-14 248 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 249 } else {
64e95c1afbadc5 Jacob Pan 2020-05-14 250 return -ENOTSUPP;
64e95c1afbadc5 Jacob Pan 2020-05-14 251 }
64e95c1afbadc5 Jacob Pan 2020-05-14 252
64e95c1afbadc5 Jacob Pan 2020-05-14 253 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 254 * We only check host PASID range, we have no knowledge to check
64e95c1afbadc5 Jacob Pan 2020-05-14 255 * guest PASID range.
64e95c1afbadc5 Jacob Pan 2020-05-14 256 */
64e95c1afbadc5 Jacob Pan 2020-05-14 257 if (data->hpasid <= 0 || data->hpasid >= PASID_MAX)
64e95c1afbadc5 Jacob Pan 2020-05-14 258 return -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 259
64e95c1afbadc5 Jacob Pan 2020-05-14 260 dmar_domain = to_dmar_domain(domain);
64e95c1afbadc5 Jacob Pan 2020-05-14 261
64e95c1afbadc5 Jacob Pan 2020-05-14 262 mutex_lock(&pasid_mutex);
64e95c1afbadc5 Jacob Pan 2020-05-14 263 svm = ioasid_find(NULL, data->hpasid, NULL);
64e95c1afbadc5 Jacob Pan 2020-05-14 264 if (IS_ERR(svm)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 265 ret = PTR_ERR(svm);
64e95c1afbadc5 Jacob Pan 2020-05-14 266 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 267 }
64e95c1afbadc5 Jacob Pan 2020-05-14 268
64e95c1afbadc5 Jacob Pan 2020-05-14 269 if (svm) {
64e95c1afbadc5 Jacob Pan 2020-05-14 270 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 271 * If we found svm for the PASID, there must be at
64e95c1afbadc5 Jacob Pan 2020-05-14 272 * least one device bond, otherwise svm should be freed.
64e95c1afbadc5 Jacob Pan 2020-05-14 273 */
64e95c1afbadc5 Jacob Pan 2020-05-14 274 if (WARN_ON(list_empty(&svm->devs))) {
64e95c1afbadc5 Jacob Pan 2020-05-14 275 ret = -EINVAL;
64e95c1afbadc5 Jacob Pan 2020-05-14 276 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 277 }
64e95c1afbadc5 Jacob Pan 2020-05-14 278
64e95c1afbadc5 Jacob Pan 2020-05-14 279 for_each_svm_dev(sdev, svm, dev) {
64e95c1afbadc5 Jacob Pan 2020-05-14 280 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 281 * For devices with aux domains, we should allow
64e95c1afbadc5 Jacob Pan 2020-05-14 282 * multiple bind calls with the same PASID and pdev.
64e95c1afbadc5 Jacob Pan 2020-05-14 283 */
64e95c1afbadc5 Jacob Pan 2020-05-14 284 if (iommu_dev_feature_enabled(dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 285 IOMMU_DEV_FEAT_AUX)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 286 sdev->users++;
64e95c1afbadc5 Jacob Pan 2020-05-14 287 } else {
64e95c1afbadc5 Jacob Pan 2020-05-14 288 dev_warn_ratelimited(dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 289 "Already bound with PASID %u\n",
64e95c1afbadc5 Jacob Pan 2020-05-14 290 svm->pasid);
64e95c1afbadc5 Jacob Pan 2020-05-14 291 ret = -EBUSY;
64e95c1afbadc5 Jacob Pan 2020-05-14 292 }
64e95c1afbadc5 Jacob Pan 2020-05-14 293 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 294 }
64e95c1afbadc5 Jacob Pan 2020-05-14 295 } else {
64e95c1afbadc5 Jacob Pan 2020-05-14 296 /* We come here when PASID has never been bond to a device. */
64e95c1afbadc5 Jacob Pan 2020-05-14 297 svm = kzalloc(sizeof(*svm), GFP_KERNEL);
64e95c1afbadc5 Jacob Pan 2020-05-14 298 if (!svm) {
64e95c1afbadc5 Jacob Pan 2020-05-14 299 ret = -ENOMEM;
64e95c1afbadc5 Jacob Pan 2020-05-14 300 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 301 }
64e95c1afbadc5 Jacob Pan 2020-05-14 302 /* REVISIT: upper layer/VFIO can track host process that bind
64e95c1afbadc5 Jacob Pan 2020-05-14 303 * the PASID. ioasid_set = mm might be sufficient for vfio to
64e95c1afbadc5 Jacob Pan 2020-05-14 304 * check pasid VMM ownership. We can drop the following line
64e95c1afbadc5 Jacob Pan 2020-05-14 305 * once VFIO and IOASID set check is in place.
64e95c1afbadc5 Jacob Pan 2020-05-14 306 */
64e95c1afbadc5 Jacob Pan 2020-05-14 307 svm->mm = get_task_mm(current);
64e95c1afbadc5 Jacob Pan 2020-05-14 308 svm->pasid = data->hpasid;
64e95c1afbadc5 Jacob Pan 2020-05-14 309 if (data->flags & IOMMU_SVA_GPASID_VAL) {
64e95c1afbadc5 Jacob Pan 2020-05-14 310 svm->gpasid = data->gpasid;
64e95c1afbadc5 Jacob Pan 2020-05-14 311 svm->flags |= SVM_FLAG_GUEST_PASID;
64e95c1afbadc5 Jacob Pan 2020-05-14 312 }
64e95c1afbadc5 Jacob Pan 2020-05-14 313 ioasid_set_data(data->hpasid, svm);
64e95c1afbadc5 Jacob Pan 2020-05-14 314 INIT_LIST_HEAD_RCU(&svm->devs);
64e95c1afbadc5 Jacob Pan 2020-05-14 315 mmput(svm->mm);
64e95c1afbadc5 Jacob Pan 2020-05-14 316 }
64e95c1afbadc5 Jacob Pan 2020-05-14 317 sdev = kzalloc(sizeof(*sdev), GFP_KERNEL);
64e95c1afbadc5 Jacob Pan 2020-05-14 318 if (!sdev) {
64e95c1afbadc5 Jacob Pan 2020-05-14 319 ret = -ENOMEM;
64e95c1afbadc5 Jacob Pan 2020-05-14 320 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 321 }
64e95c1afbadc5 Jacob Pan 2020-05-14 322 sdev->dev = dev;
64e95c1afbadc5 Jacob Pan 2020-05-14 323
64e95c1afbadc5 Jacob Pan 2020-05-14 324 /* Only count users if device has aux domains */
64e95c1afbadc5 Jacob Pan 2020-05-14 325 if (iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX))
64e95c1afbadc5 Jacob Pan 2020-05-14 326 sdev->users = 1;
64e95c1afbadc5 Jacob Pan 2020-05-14 327
64e95c1afbadc5 Jacob Pan 2020-05-14 328 /* Set up device context entry for PASID if not enabled already */
64e95c1afbadc5 Jacob Pan 2020-05-14 329 ret = intel_iommu_enable_pasid(iommu, sdev->dev);
64e95c1afbadc5 Jacob Pan 2020-05-14 330 if (ret) {
64e95c1afbadc5 Jacob Pan 2020-05-14 331 dev_err_ratelimited(dev, "Failed to enable PASID capability\n");
64e95c1afbadc5 Jacob Pan 2020-05-14 332 kfree(sdev);
64e95c1afbadc5 Jacob Pan 2020-05-14 333 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 334 }
64e95c1afbadc5 Jacob Pan 2020-05-14 335
64e95c1afbadc5 Jacob Pan 2020-05-14 336 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 337 * PASID table is per device for better security. Therefore, for
64e95c1afbadc5 Jacob Pan 2020-05-14 338 * each bind of a new device even with an existing PASID, we need to
64e95c1afbadc5 Jacob Pan 2020-05-14 339 * call the nested mode setup function here.
64e95c1afbadc5 Jacob Pan 2020-05-14 340 */
64e95c1afbadc5 Jacob Pan 2020-05-14 341 spin_lock(&iommu->lock);
64e95c1afbadc5 Jacob Pan 2020-05-14 342 ret = intel_pasid_setup_nested(iommu,
64e95c1afbadc5 Jacob Pan 2020-05-14 343 dev,
64e95c1afbadc5 Jacob Pan 2020-05-14 344 (pgd_t *)data->gpgd,
64e95c1afbadc5 Jacob Pan 2020-05-14 345 data->hpasid,
64e95c1afbadc5 Jacob Pan 2020-05-14 346 &data->vtd,
64e95c1afbadc5 Jacob Pan 2020-05-14 347 dmar_domain,
64e95c1afbadc5 Jacob Pan 2020-05-14 348 data->addr_width);
64e95c1afbadc5 Jacob Pan 2020-05-14 349 spin_unlock(&iommu->lock);
64e95c1afbadc5 Jacob Pan 2020-05-14 350 if (ret) {
64e95c1afbadc5 Jacob Pan 2020-05-14 351 dev_err_ratelimited(dev, "Failed to set up PASID %llu in nested mode, Err %d\n",
64e95c1afbadc5 Jacob Pan 2020-05-14 352 data->hpasid, ret);
64e95c1afbadc5 Jacob Pan 2020-05-14 353 /*
64e95c1afbadc5 Jacob Pan 2020-05-14 354 * PASID entry should be in cleared state if nested mode
64e95c1afbadc5 Jacob Pan 2020-05-14 355 * set up failed. So we only need to clear IOASID tracking
64e95c1afbadc5 Jacob Pan 2020-05-14 356 * data such that free call will succeed.
64e95c1afbadc5 Jacob Pan 2020-05-14 357 */
64e95c1afbadc5 Jacob Pan 2020-05-14 358 kfree(sdev);
64e95c1afbadc5 Jacob Pan 2020-05-14 359 goto out;
64e95c1afbadc5 Jacob Pan 2020-05-14 360 }
64e95c1afbadc5 Jacob Pan 2020-05-14 361
64e95c1afbadc5 Jacob Pan 2020-05-14 362 svm->flags |= SVM_FLAG_GUEST_MODE;
64e95c1afbadc5 Jacob Pan 2020-05-14 363
64e95c1afbadc5 Jacob Pan 2020-05-14 364 init_rcu_head(&sdev->rcu);
64e95c1afbadc5 Jacob Pan 2020-05-14 365 list_add_rcu(&sdev->list, &svm->devs);
64e95c1afbadc5 Jacob Pan 2020-05-14 366 out:
64e95c1afbadc5 Jacob Pan 2020-05-14 @367 if (list_empty(&svm->devs)) {
64e95c1afbadc5 Jacob Pan 2020-05-14 368 ioasid_set_data(data->hpasid, NULL);
64e95c1afbadc5 Jacob Pan 2020-05-14 369 kfree(svm);
64e95c1afbadc5 Jacob Pan 2020-05-14 370 }
64e95c1afbadc5 Jacob Pan 2020-05-14 371
64e95c1afbadc5 Jacob Pan 2020-05-14 372 mutex_unlock(&pasid_mutex);
64e95c1afbadc5 Jacob Pan 2020-05-14 373 return ret;
64e95c1afbadc5 Jacob Pan 2020-05-14 374 }
64e95c1afbadc5 Jacob Pan 2020-05-14 375
---
0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-15 0:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-14 14:41 [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. (fwd) Julia Lawall
2020-05-15 0:23 ` Lu, Baolu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.