* [PATCH 1/1] iommu/vt-d: Fix kernel NULL pointer dereference in find_domain()
@ 2020-10-28 7:07 Lu Baolu
2020-11-03 13:30 ` Joerg Roedel
0 siblings, 1 reply; 2+ messages in thread
From: Lu Baolu @ 2020-10-28 7:07 UTC (permalink / raw)
To: Joerg Roedel; +Cc: Xu Pengfei, iommu, stable, linux-kernel
If calling find_domain() for a device which hasn't been probed by the
iommu core, below kernel NULL pointer dereference issue happens.
[ 362.736947] BUG: kernel NULL pointer dereference, address: 0000000000000038
[ 362.743953] #PF: supervisor read access in kernel mode
[ 362.749115] #PF: error_code(0x0000) - not-present page
[ 362.754278] PGD 0 P4D 0
[ 362.756843] Oops: 0000 [#1] SMP NOPTI
[ 362.760528] CPU: 0 PID: 844 Comm: cat Not tainted 5.9.0-rc4-intel-next+ #1
[ 362.767428] Hardware name: Intel Corporation Ice Lake Client Platform/IceLake
U DDR4 SODIMM PD RVP TLC, BIOS ICLSFWR1.R00.3384.A02.1909200816
09/20/2019
[ 362.781109] RIP: 0010:find_domain+0xd/0x40
[ 362.785234] Code: 48 81 fb 60 28 d9 b2 75 de 5b 41 5c 41 5d 5d c3 0f 1f 00 66
2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 87 e0 02 00
00 55 <48> 8b 40 38 48 89 e5 48 83 f8 fe 0f 94 c1 48 85 ff
0f 94 c2 08 d1
[ 362.804041] RSP: 0018:ffffb09cc1f0bd38 EFLAGS: 00010046
[ 362.809292] RAX: 0000000000000000 RBX: ffff905b98e4fac8 RCX: 0000000000000000
[ 362.816452] RDX: 0000000000000001 RSI: ffff905b98e4fac8 RDI: ffff905b9ccd40d0
[ 362.823617] RBP: ffffb09cc1f0bda0 R08: ffffb09cc1f0bd48 R09: 000000000000000f
[ 362.830778] R10: ffffffffb266c080 R11: ffff905b9042602d R12: ffff905b98e4fac8
[ 362.837944] R13: ffffb09cc1f0bd48 R14: ffff905b9ccd40d0 R15: ffff905b98e4fac8
[ 362.845108] FS: 00007f8485460740(0000) GS:ffff905b9fc00000(0000)
knlGS:0000000000000000
[ 362.853227] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 362.858996] CR2: 0000000000000038 CR3: 00000004627a6003 CR4: 0000000000770ef0
[ 362.866161] PKRU: fffffffc
[ 362.868890] Call Trace:
[ 362.871363] ? show_device_domain_translation+0x32/0x100
[ 362.876700] ? bind_store+0x110/0x110
[ 362.880387] ? klist_next+0x91/0x120
[ 362.883987] ? domain_translation_struct_show+0x50/0x50
[ 362.889237] bus_for_each_dev+0x79/0xc0
[ 362.893121] domain_translation_struct_show+0x36/0x50
[ 362.898204] seq_read+0x135/0x410
[ 362.901545] ? handle_mm_fault+0xeb8/0x1750
[ 362.905755] full_proxy_read+0x5c/0x90
[ 362.909526] vfs_read+0xa6/0x190
[ 362.912782] ksys_read+0x61/0xe0
[ 362.916037] __x64_sys_read+0x1a/0x20
[ 362.919725] do_syscall_64+0x37/0x80
[ 362.923329] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 362.928405] RIP: 0033:0x7f84855c5e95
Filter out those devices to avoid such error.
Fixes: e2726daea583d ("iommu/vt-d: debugfs: Add support to show page table internals")
Cc: stable@vger.kernel.org#v5.6+
Reported-and-tested-by: Xu Pengfei <pengfei.xu@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
---
drivers/iommu/intel/iommu.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8651f6d4dfa0..1b1ca63e6bbe 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -2525,6 +2525,9 @@ struct dmar_domain *find_domain(struct device *dev)
{
struct device_domain_info *info;
+ if (unlikely(!dev || !dev->iommu))
+ return NULL;
+
if (unlikely(attach_deferred(dev)))
return NULL;
--
2.17.1
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] iommu/vt-d: Fix kernel NULL pointer dereference in find_domain()
2020-10-28 7:07 [PATCH 1/1] iommu/vt-d: Fix kernel NULL pointer dereference in find_domain() Lu Baolu
@ 2020-11-03 13:30 ` Joerg Roedel
0 siblings, 0 replies; 2+ messages in thread
From: Joerg Roedel @ 2020-11-03 13:30 UTC (permalink / raw)
To: Lu Baolu; +Cc: Xu Pengfei, iommu, stable, linux-kernel
On Wed, Oct 28, 2020 at 03:07:25PM +0800, Lu Baolu wrote:
> Fixes: e2726daea583d ("iommu/vt-d: debugfs: Add support to show page table internals")
> Cc: stable@vger.kernel.org#v5.6+
> Reported-and-tested-by: Xu Pengfei <pengfei.xu@intel.com>
> Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Applied for v5.10, thanks.
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-03 13:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-28 7:07 [PATCH 1/1] iommu/vt-d: Fix kernel NULL pointer dereference in find_domain() Lu Baolu
2020-11-03 13:30 ` Joerg Roedel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).