'[Resend PATCH] intel-iommu Fix NULL pointer dereference in snd_soc_sst_haswell_pcm registration'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel
Subject:    [Resend PATCH] intel-iommu Fix NULL pointer dereference in snd_soc_sst_haswell_pcm registration
From:       Koos Vriezen <koos.vriezen () gmail ! com>
Date:       2017-02-25 11:56:58
Message-ID: 20170225115657.mcbadxcjcsd6nyqv () dammtor
[Download RAW message or body]

Hi,

This oops

[    1.616381] sst-acpi INT3438:00: DesignWare DMA Controller, 8 channels
[    1.616505] BUG: unable to handle kernel NULL pointer dereference at \
00000000000007ab [    1.616512] IP: [<ffffffff8132234a>] device_to_iommu+0x11a/0x1a0
[    1.616515] PGD 0 

[    1.616518] Oops: 0000 [#1] SMP
[    1.616563] Modules linked in: snd_soc_sst_haswell_pcm(+) snd_soc_sst_dsp \
snd_soc_sst_ipc joydev snd_soc_sst_firmware dell_wmi dell_laptop intel_rapl \
x86_pkg_temp_thermal dell_smbios snd_hda_codec_hdmi intel_powerclamp coretemp \
kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel \
ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper \
cryptd wl(PO) efivars hid_multitouch rtsx_pci_ms sg memstick cfg80211 \
intel_pch_thermal i915 intel_gtt snd_soc_rt286 i2c_algo_bit snd_soc_rl6347a \
drm_kms_helper snd_soc_core syscopyarea sysfillrect sysimgblt snd_hda_intel \
fb_sys_fops snd_hda_codec lpc_ich drm snd_hda_core ac97_bus shpchp cfbfillrect \
snd_pcm dw_dmac cfbimgblt snd_timer snd cfbcopyarea wmi battery intel_vbtn \
int3403_thermal snd_soc_sst_acpi dw_dmac_core soundcore [    1.616584]  \
snd_soc_sst_match int3402_thermal processor_thermal_device int340x_thermal_zone \
intel_soc_dts_iosf int3406_thermal int3400_thermal acpi_pad intel_hid \
acpi_thermal_rel ac evdev efivarfs ip_tables x_tables autofs4 i2c_hid hid \
rtsx_pci_sdmmc mmc_core i2c_i801 i2c_smbus xhci_pci xhci_hcd usbcore rtsx_pci \
mfd_core usb_common fan thermal gpio_lynxpoint i2c_designware_platform \
i2c_designware_core [    1.616588] CPU: 2 PID: 231 Comm: systemd-udevd Tainted: P     \
U     O    4.9.11 #5 [    1.616589] Hardware name: Dell Inc. XPS 13 9343/09K8G1, BIOS \
A11 12/08/2016 [    1.616591] task: ffff880213d2c980 task.stack: ffffc90001454000
[    1.616597] RIP: 0010:[<ffffffff8132234a>]  [<ffffffff8132234a>] \
device_to_iommu+0x11a/0x1a0 [    1.616598] RSP: 0018:ffffc90001457a78  EFLAGS: \
00010246 [    1.616600] RAX: ffff880216008c00 RBX: 0000000000000010 RCX: \
0000000000000001 [    1.616601] RDX: ffffc90001457aa5 RSI: ffffc90001457aa4 RDI: \
ffff880215b6ca68 [    1.616603] RBP: ffff880216004710 R08: ffff880215b6ca68 R09: \
ffff88021600aa00 [    1.616604] R10: 0000000000000000 R11: 0000000000000002 R12: \
0000000000000002 [    1.616605] R13: 0000000000000000 R14: ffff88020e468280 R15: \
00000000000a0000 [    1.616608] FS:  00007f60c05e18c0(0000) GS:ffff88021f500000(0000) \
knlGS:0000000000000000 [    1.616610] CS:  0010 DS: 0000 ES: 0000 CR0: \
0000000080050033 [    1.616611] CR2: 00000000000007ab CR3: 0000000215794000 CR4: \
00000000003406e0 [    1.616612] Stack:
[    1.616616]  000000007fffffff ffff880215bce010 ffff88020e300000 ffff880215bce010
[    1.616620]  ffffffff8132593a 0000000000000001 ffffffffa0242d31 000000007fffffff
[    1.616623]  ffff880215bce010 ffff88020e300000 ffffffff81326ec9 0000000200000000
[    1.616624] Call Trace:
[    1.616630]  [<ffffffff8132593a>] ? find_or_alloc_domain.constprop.29+0x1a/0x300
[    1.616636]  [<ffffffffa0242d31>] ? dw_dma_probe+0x561/0x580 [dw_dmac_core]
[    1.616640]  [<ffffffff81326ec9>] ? __get_valid_domain_for_dev+0x39/0x120
[    1.616644]  [<ffffffff81327308>] ? __intel_map_single+0x138/0x180
[    1.616648]  [<ffffffff81327436>] ? intel_alloc_coherent+0xb6/0x120
[    1.616656]  [<ffffffffa11e1ed3>] ? sst_hsw_dsp_init+0x173/0x420 \
[snd_soc_sst_haswell_pcm] [    1.616660]  [<ffffffff814b0139>] ? mutex_lock+0x9/0x30
[    1.616664]  [<ffffffff8119058b>] ? kernfs_add_one+0xdb/0x130
[    1.616668]  [<ffffffff813358e9>] ? devres_add+0x19/0x60
[    1.616675]  [<ffffffffa11e38f6>] ? hsw_pcm_dev_probe+0x46/0xd0 \
[snd_soc_sst_haswell_pcm] [    1.616679]  [<ffffffff81334470>] ? \
platform_drv_probe+0x30/0x90 [    1.616683]  [<ffffffff81332b7d>] ? \
driver_probe_device+0x1ed/0x2b0 [    1.616687]  [<ffffffff81332ccf>] ? \
__driver_attach+0x8f/0xa0 [    1.616691]  [<ffffffff81332c40>] ? \
driver_probe_device+0x2b0/0x2b0 [    1.616694]  [<ffffffff81330d75>] ? \
bus_for_each_dev+0x55/0x90 [    1.616698]  [<ffffffff81331fa0>] ? \
bus_add_driver+0x110/0x210 [    1.616701]  [<ffffffffa11ea000>] ? 0xffffffffa11ea000
[    1.616705]  [<ffffffff81333322>] ? driver_register+0x52/0xc0
[    1.616707]  [<ffffffffa11ea000>] ? 0xffffffffa11ea000
[    1.616710]  [<ffffffff810003e2>] ? do_one_initcall+0x32/0x130
[    1.616714]  [<ffffffff81104ed7>] ? free_vmap_area_noflush+0x37/0x70
[    1.616717]  [<ffffffff81119f08>] ? kmem_cache_alloc+0x88/0xd0
[    1.616721]  [<ffffffff810cf1cd>] ? do_init_module+0x51/0x1c4
[    1.616726]  [<ffffffff810aca19>] ? load_module+0x1ee9/0x2430
[    1.616730]  [<ffffffff810a9d50>] ? show_taint+0x20/0x20
[    1.616734]  [<ffffffff81133a5d>] ? kernel_read_file+0xfd/0x190
[    1.616739]  [<ffffffff810ad123>] ? SyS_finit_module+0xa3/0xb0
[    1.616742]  [<ffffffff810013aa>] ? do_syscall_64+0x4a/0xb0
[    1.616746]  [<ffffffff814b22ca>] ? entry_SYSCALL64_slow_path+0x25/0x25
[    1.616792] Code: 78 ff ff ff 4d 85 c0 74 ee 49 8b 5a 10 0f b6 9b e0 00 00 00 41 \
38 98 e0 00 00 00 77 da 0f b6 eb 49 39 a8 88 00 00 00 72 ce eb 8f <41> f6 82 ab 07 00 \
00 04 0f 85 76 ff ff ff 0f b6 4d 08 88 0e 49  [    1.616796] RIP  \
[<ffffffff8132234a>] device_to_iommu+0x11a/0x1a0 [    1.616797]  RSP \
<ffffc90001457a78> [    1.616798] CR2: 00000000000007ab
[    1.616800] ---[ end trace 16f974b6d58d0aad ]---

is because of a missing null ptr check for non-pci devices.
Tested against 4.9.11. Also see
https://bugzilla.redhat.com/show_bug.cgi?id=1411946

Fixes: 1c387188c60f53b338c20eee32db055dfe022a9b ("iommu/vt-d: Fix IOMMU lookup for \
                SR-IOV Virtual Functions")
Signed-off-by: Koos Vriezen <koos.vriezen@gmail.com>
Cc: stable@vger.kernel.org # 4.8.15+
---
--- linux/drivers/iommu/intel-iommu.c.orig	2017-02-24 23:29:59.758656270 +0100
+++ linux/drivers/iommu/intel-iommu.c	2017-02-24 23:30:29.672500523 +0100
@@ -915,7 +915,7 @@ static struct intel_iommu *device_to_iom
 				 * which we used for the IOMMU lookup. Strictly speaking
 				 * we could do this for all PCI devices; we only need to
 				 * get the BDF# from the scope table for ACPI matches. */
-				if (pdev->is_virtfn)
+				if (pdev && pdev->is_virtfn)
 					goto got_pdev;
 
 				*bus = drhd->devices[i].bus;


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic