[REPOST PATCH v4] iommu: Fix potential use-after-free during probe

finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Fix this by setting dev->iommu to NULL first and then freeing dev_iommu structure in dev_iommu_free function. Suggested-by: Robin Murphy Signed-off-by: V

Re: [PATCH v3] iommu: Fix potential use-after-free during probe

On 1/22/2022 12:50 AM, Robin Murphy wrote: > On 2022-01-21 07:16, Vijayanand Jitta wrote: >> >> >> On 1/18/2022 9:27 PM, Vijayanand Jitta wrote: >>> >>> >>> On 1/18/2022 7:19 PM, Robin Murphy wrote: >>>> On 2022-01-12 13:13, Vijaya

Re: [PATCH v3] iommu: Fix potential use-after-free during probe

On 1/18/2022 9:27 PM, Vijayanand Jitta wrote: > > > On 1/18/2022 7:19 PM, Robin Murphy wrote: >> On 2022-01-12 13:13, Vijayanand Jitta wrote: >>> Kasan has reported the following use after free on dev->iommu. >>> when a device probe fails and it

Re: [PATCH v3] iommu: Fix potential use-after-free during probe

On 1/18/2022 7:19 PM, Robin Murphy wrote: > On 2022-01-12 13:13, Vijayanand Jitta wrote: >> Kasan has reported the following use after free on dev->iommu. >> when a device probe fails and it is in process of freeing dev->iommu >> in dev_iommu_free function, a de

[PATCH v3] iommu: Fix potential use-after-free during probe

finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Fix this by taking device_lock during probe_iommu_group. Signed-off-by: Vijayanand Jitta --- drivers/iommu/iommu.c | 12 1 file changed, 8 inse

Re: [PATCH v5 2/2] iommu/iova: Free global iova rcache on iova alloc failure

On 9/30/2020 1:14 PM, vji...@codeaurora.org wrote: > From: Vijayanand Jitta > > When ever an iova alloc request fails we free the iova > ranges present in the percpu iova rcaches and then retry > but the global iova rcache is not freed as a result we could > still see iova

Re: [PATCH v5 1/2] iommu/iova: Retry from last rb tree node if iova search fails

On 9/30/2020 1:14 PM, vji...@codeaurora.org wrote: > From: Vijayanand Jitta > > When ever a new iova alloc request comes iova is always searched > from the cached node and the nodes which are previous to cached > node. So, even if there is free iova space available in th

Re: [PATCH v2 2/2] iommu/iova: Free global iova rcache on iova alloc failure

On 9/28/2020 6:11 PM, Vijayanand Jitta wrote: > > > On 9/18/2020 8:11 PM, Robin Murphy wrote: >> On 2020-08-20 13:49, vji...@codeaurora.org wrote: >>> From: Vijayanand Jitta >>> >>> When ever an iova alloc request fails we free the iova >

Re: [PATCH v2 1/2] iommu/iova: Retry from last rb tree node if iova search fails

On 9/18/2020 7:48 PM, Robin Murphy wrote: > On 2020-08-20 13:49, vji...@codeaurora.org wrote: >> From: Vijayanand Jitta >> >> When ever a new iova alloc request comes iova is always searched >> from the cached node and the nodes which are previous to cached >>

Re: [PATCH v2 2/2] iommu/iova: Free global iova rcache on iova alloc failure

On 9/18/2020 8:11 PM, Robin Murphy wrote: > On 2020-08-20 13:49, vji...@codeaurora.org wrote: >> From: Vijayanand Jitta >> >> When ever an iova alloc request fails we free the iova >> ranges present in the percpu iova rcaches and then retry >> but the global iov

Re: [PATCH v2 1/2] iommu/iova: Retry from last rb tree node if iova search fails

On 8/28/2020 1:01 PM, Vijayanand Jitta wrote: > > > On 8/20/2020 6:19 PM, vji...@codeaurora.org wrote: >> From: Vijayanand Jitta >> >> When ever a new iova alloc request comes iova is always searched >> from the cached node and the nodes which are pre

Re: [PATCH v2 1/2] iommu/iova: Retry from last rb tree node if iova search fails

On 8/20/2020 6:19 PM, vji...@codeaurora.org wrote: > From: Vijayanand Jitta > > When ever a new iova alloc request comes iova is always searched > from the cached node and the nodes which are previous to cached > node. So, even if there is free iova space available in th

Re: [PATCH 2/2] iommu/iova: Free global iova rcache on iova alloc failure

On 8/12/2020 8:46 PM, Joerg Roedel wrote: > On Mon, Aug 03, 2020 at 03:30:48PM +0530, Vijayanand Jitta wrote: >> ping? > > Please repost when v5.9-rc1 is released and add > > Robin Murphy > > on your Cc list. > > Thanks, > > Joerg >

Re: [PATCH 2/2] iommu/iova: Free global iova rcache on iova alloc failure

On 7/3/2020 7:47 PM, vji...@codeaurora.org wrote: > From: Vijayanand Jitta > > When ever an iova alloc request fails we free the iova > ranges present in the percpu iova rcaches and then retry > but the global iova rcache is not freed as a result we could > still see iova

Re: [PATCH 1/2] iommu/iova: Retry from last rb tree node if iova search fails

On 7/3/2020 7:47 PM, vji...@codeaurora.org wrote: > From: Vijayanand Jitta > > When ever a new iova alloc request comes iova is always searched > from the cached node and the nodes which are previous to cached > node. So, even if there is free iova space available in th

Re: [PATCH v2] iommu/iova: Retry from last rb tree node if iova search fails

On 5/11/2020 4:34 PM, vji...@codeaurora.org wrote: > From: Vijayanand Jitta > > When ever a new iova alloc request comes iova is always searched > from the cached node and the nodes which are previous to cached > node. So, even if there is free iova space available in th

Re: [PATCH] iommu/iova: Retry from last rb tree node if iova search fails

On 5/9/2020 12:25 AM, Vijayanand Jitta wrote: > > > On 5/7/2020 6:54 PM, Robin Murphy wrote: >> On 2020-05-06 9:01 pm, vji...@codeaurora.org wrote: >>> From: Vijayanand Jitta >>> >>> When ever a new iova alloc request comes iova is always searched &g

Re: [PATCH] iommu/iova: Retry from last rb tree node if iova search fails

On 5/7/2020 6:54 PM, Robin Murphy wrote: > On 2020-05-06 9:01 pm, vji...@codeaurora.org wrote: >> From: Vijayanand Jitta >> >> When ever a new iova alloc request comes iova is always searched >> from the cached node and the nodes which are previous to cached >>