Now that IOMMU domains are driver-specific, attempting to attach any old
device to any old domain can result in one IOMMU driver dereferencing
another's private data as its own and going horribly wrong. Fortunately,
we can prevent this easily in the core since both the device and the
domain have an associated set of IOMMU ops. Make sure they match.

Signed-off-by: Robin Murphy <>
 drivers/iommu/iommu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index eab883e6c5a9..ff87dd083152 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -1085,6 +1085,9 @@ static int __iommu_attach_device(struct iommu_domain 
        if (unlikely(domain->ops->attach_dev == NULL))
                return -ENODEV;
+       if (unlikely(domain->ops != dev_iommu_ops(dev)))
+               return -EINVAL;
        ret = domain->ops->attach_dev(domain, dev);
        if (!ret)

iommu mailing list

Reply via email to