diff options
| author | Frank Wunderlich <frank-w@public-files.de> | 2021-07-31 10:47:37 +0300 |
|---|---|---|
| committer | Joerg Roedel <jroedel@suse.de> | 2021-08-02 17:22:00 +0300 |
| commit | 5aa95d8834e07907e64937d792c12ffef7fb271f (patch) | |
| tree | e6dbfb30dfa120b3783d2d49fcad406f744830df /drivers/iommu | |
| parent | 0fbea680540108b09db7b26d9f4d24236d58a6ad (diff) | |
| download | linux-5aa95d8834e07907e64937d792c12ffef7fb271f.tar.xz | |
iommu: Check if group is NULL before remove device
If probe_device is failing, iommu_group is not initialized because
iommu_group_add_device is not reached, so freeing it will result
in NULL pointer access.
iommu_bus_init
->bus_iommu_probe
->probe_iommu_group in for each:/* return -22 in fail case */
->iommu_probe_device
->__iommu_probe_device /* return -22 here.*/
-> ops->probe_device /* return -22 here.*/
-> iommu_group_get_for_dev
-> ops->device_group
-> iommu_group_add_device //good case
->remove_iommu_group //in fail case, it will remove group
->iommu_release_device
->iommu_group_remove_device // here we don't have group
In my case ops->probe_device (mtk_iommu_probe_device from
mtk_iommu_v1.c) is due to failing fwspec->ops mismatch.
Fixes: d72e31c93746 ("iommu: IOMMU Groups")
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Link: https://lore.kernel.org/r/20210731074737.4573-1-linux@fw-web.de
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Diffstat (limited to 'drivers/iommu')
| -rw-r--r-- | drivers/iommu/iommu.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 5419c4b9f27a..63f0af10c403 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -924,6 +924,9 @@ void iommu_group_remove_device(struct device *dev) struct iommu_group *group = dev->iommu_group; struct group_device *tmp_device, *device = NULL; + if (!group) + return; + dev_info(dev, "Removing from iommu group %d\n", group->id); /* Pre-notify listeners that a device is being removed. */ |