From: "Zhang, Tina" <tina.zhang@intel.com>
To: Baolu Lu <baolu.lu@linux.intel.com>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>
Cc: "Ma, Yongwei" <yongwei.ma@intel.com>
Subject: RE: [PATCH 1/4] iommu/vt-d: Fix null pointer access in invalidate_range callback
Date: Wed, 29 Mar 2023 13:40:58 +0000 [thread overview]
Message-ID: <MW5PR11MB588152CDCD93B26592B7F99C89899@MW5PR11MB5881.namprd11.prod.outlook.com> (raw)
In-Reply-To: <534e6556-40e8-82f7-b3f6-0d0ad67616c0@linux.intel.com>
Hi,
> -----Original Message-----
> From: Baolu Lu <baolu.lu@linux.intel.com>
> Sent: Wednesday, March 29, 2023 9:31 PM
> To: Zhang, Tina <tina.zhang@intel.com>; iommu@lists.linux.dev
> Cc: baolu.lu@linux.intel.com; Ma, Yongwei <yongwei.ma@intel.com>
> Subject: Re: [PATCH 1/4] iommu/vt-d: Fix null pointer access in invalidate_range
> callback
>
> On 2023/3/29 20:46, Tina Zhang wrote:
> > Add the missing check to avoid null pointer dereference.
> >
> > The patch fixes below issue reported by klocwork tool:
> > Pointer 'info' returned from call to function 'dev_iommu_priv_get'
> > at line 180 may be NULL and may be dereferenced at line 186.
> >
> > This patch can fix a potential null pointer dereference issue of
> > releasing a device working in svm mode.
>
> The svm logic guarantees that __flush_svm_range_dev() only be called after
> iommu_sva_bind_device() and before iommu_sva_unbind_device(). Thus @info
> should never be NULL. There's no need to add this check.
Yes, if the order can be ensured, no need to worry about the null pointer. How about hot-plugging devices? Can we keep the order all the time? Otherwise, it seems adding a null check makes sense.
Regards,
-Tina
>
> Best regards,
> baolu
>
> >
> > Reported-by: Yongwei Ma <yongwei.ma@intel.com>
> > Signed-off-by: Tina Zhang <tina.zhang@intel.com>
> > ---
> > drivers/iommu/intel/svm.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c
> > index 7367f56c3bad..837c1a4642e7 100644
> > --- a/drivers/iommu/intel/svm.c
> > +++ b/drivers/iommu/intel/svm.c
> > @@ -179,7 +179,7 @@ static void __flush_svm_range_dev(struct intel_svm
> *svm,
> > {
> > struct device_domain_info *info = dev_iommu_priv_get(sdev->dev);
> >
> > - if (WARN_ON(!pages))
> > + if (WARN_ON(!info || !pages))
> > return;
> >
> > qi_flush_piotlb(sdev->iommu, sdev->did, svm->pasid, address, pages,
> > ih);
next prev parent reply other threads:[~2023-03-29 13:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 12:46 [PATCH 0/4] iommu/vt-d: Several fixes for intel iommu driver Tina Zhang
2023-03-29 12:46 ` [PATCH 1/4] iommu/vt-d: Fix null pointer access in invalidate_range callback Tina Zhang
2023-03-29 13:30 ` Baolu Lu
2023-03-29 13:40 ` Zhang, Tina [this message]
2023-03-29 13:51 ` Baolu Lu
2023-03-29 12:46 ` [PATCH 2/4] iommu/vt-d: Fix operand size in bitwise operation Tina Zhang
2023-03-29 13:32 ` Baolu Lu
2023-03-29 13:44 ` Zhang, Tina
2023-03-29 12:46 ` [PATCH 3/4] iommu/vt-d: Fix quoted string split across lines Tina Zhang
2023-03-29 13:38 ` Baolu Lu
2023-03-29 23:40 ` Zhang, Tina
2023-03-29 12:46 ` [PATCH 4/4] iommu/vt-d: Replace BUG()/BUG_ON() with WARN_ON/WARN_ON_ONCE() Tina Zhang
2023-03-29 13:40 ` Baolu Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW5PR11MB588152CDCD93B26592B7F99C89899@MW5PR11MB5881.namprd11.prod.outlook.com \
--to=tina.zhang@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux.dev \
--cc=yongwei.ma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.