From: Eric Badger <ebadger@purestorage.com>
To: ebadger@purestorage.com
Cc: David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Robin Murphy <robin.murphy@arm.com>,
iommu@lists.linux.dev (open list:INTEL IOMMU (VT-d)),
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH] iommu/vt-d: Check for non-NULL domain on device release
Date: Sat, 13 Jan 2024 10:17:13 -0800 [thread overview]
Message-ID: <20240113181713.1817855-1-ebadger@purestorage.com> (raw)
In the kdump kernel, the IOMMU will operate in deferred_attach mode. In
this mode, info->domain may not yet be assigned by the time the
release_device function is called, which leads to the following crash in
the crashkernel:
BUG: kernel NULL pointer dereference, address: 000000000000003c
...
RIP: 0010:do_raw_spin_lock+0xa/0xa0
...
_raw_spin_lock_irqsave+0x1b/0x30
intel_iommu_release_device+0x96/0x170
iommu_deinit_device+0x39/0xf0
__iommu_group_remove_device+0xa0/0xd0
iommu_bus_notifier+0x55/0xb0
notifier_call_chain+0x5a/0xd0
blocking_notifier_call_chain+0x41/0x60
bus_notify+0x34/0x50
device_del+0x269/0x3d0
pci_remove_bus_device+0x77/0x100
p2sb_bar+0xae/0x1d0
...
i801_probe+0x423/0x740
Signed-off-by: Eric Badger <ebadger@purestorage.com>
---
drivers/iommu/intel/iommu.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 6fb5f6fceea1..26e450259889 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -3750,7 +3750,6 @@ static void domain_context_clear(struct device_domain_info *info)
static void dmar_remove_one_dev_info(struct device *dev)
{
struct device_domain_info *info = dev_iommu_priv_get(dev);
- struct dmar_domain *domain = info->domain;
struct intel_iommu *iommu = info->iommu;
unsigned long flags;
@@ -3763,11 +3762,14 @@ static void dmar_remove_one_dev_info(struct device *dev)
domain_context_clear(info);
}
- spin_lock_irqsave(&domain->lock, flags);
+ if (!info->domain)
+ return;
+
+ spin_lock_irqsave(&info->domain->lock, flags);
list_del(&info->link);
- spin_unlock_irqrestore(&domain->lock, flags);
+ spin_unlock_irqrestore(&info->domain->lock, flags);
- domain_detach_iommu(domain, iommu);
+ domain_detach_iommu(info->domain, iommu);
info->domain = NULL;
}
--
2.34.1
next reply other threads:[~2024-01-13 18:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-13 18:17 Eric Badger [this message]
2024-01-16 15:22 ` [PATCH] iommu/vt-d: Check for non-NULL domain on device release Jason Gunthorpe
2024-01-16 23:15 ` Eric Badger
2024-01-17 1:57 ` Robin Murphy
2024-01-17 2:20 ` Jason Gunthorpe
2024-01-31 7:10 ` Baolu Lu
2024-02-21 15:40 ` Jason Gunthorpe
2024-02-22 11:53 ` Baolu Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240113181713.1817855-1-ebadger@purestorage.com \
--to=ebadger@purestorage.com \
--cc=baolu.lu@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.