Hi, On 27/07/2016 17:46, Robin Murphy wrote: > Due to the limitations of having to wait until we see a device's DMA > restrictions before we know how we want an IOVA domain initialised, > there is a window for error if a DMA ops domain is allocated but later > freed without ever being used. In that case, init_iova_domain() was > never called, so calling put_iova_domain() from iommu_put_dma_cookie() > ends up trying to take an uninitialised lock and crashing. > > Make things robust by skipping the call unless the IOVA domain actually > has been initialised, as we probably should have done from the start. > > Reported-by: Nate Watterson <[email protected]> > Signed-off-by: Robin Murphy <[email protected]> > --- > > I'm not sure this warrants a cc stable, as with the code currently in > mainline it's only at all likely if other things have already failed > elsewhere in a manner they should not be expected to. > > drivers/iommu/dma-iommu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c > index ea5a9ebf0f78..97a23082e18a 100644 > --- a/drivers/iommu/dma-iommu.c > +++ b/drivers/iommu/dma-iommu.c > @@ -68,7 +68,8 @@ void iommu_put_dma_cookie(struct iommu_domain *domain) > if (!iovad) > return; > > - put_iova_domain(iovad); > + if (iovad->granule) > + put_iova_domain(iovad); > kfree(iovad); > domain->iova_cookie = NULL; > } > Reviewed-by: Eric Auger <[email protected]> Tested-by: Eric Auger <[email protected]>
Thanks Eric _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
