1. Patchew
  2. linux
  3. View series

[PATCH] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en

Artem Chernyshev posted 1 patch 1 year, 5 months ago 
drivers/iommu/sprd-iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
Posted by Artem Chernyshev 1 year, 5 months ago 
In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()
dom->sdev is equal to NULL, which leads to null dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 9afea57384d4 ("iommu/sprd: Release dma buffer to avoid memory leak")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
---
 drivers/iommu/sprd-iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iommu/sprd-iommu.c b/drivers/iommu/sprd-iommu.c
index ba53571a8239..a2f4ffe6d949 100644
--- a/drivers/iommu/sprd-iommu.c
+++ b/drivers/iommu/sprd-iommu.c
@@ -232,8 +232,8 @@ static void sprd_iommu_cleanup(struct sprd_iommu_domain *dom)
 
 	pgt_size = sprd_iommu_pgt_size(&dom->domain);
 	dma_free_coherent(dom->sdev->dev, pgt_size, dom->pgt_va, dom->pgt_pa);
-	dom->sdev = NULL;
 	sprd_iommu_hw_en(dom->sdev, false);
+	dom->sdev = NULL;
 }
 
 static void sprd_iommu_domain_free(struct iommu_domain *domain)
-- 
2.44.0
Re: [PATCH] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
Posted by Will Deacon 1 year, 4 months ago 
On Tue, 16 Jul 2024 15:55:14 +0300, Artem Chernyshev wrote:
> In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()
> dom->sdev is equal to NULL, which leads to null dereference.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> 

Applied to iommu (next), thanks!

[1/1] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
      https://git.kernel.org/iommu/c/630482ee0653

Cheers,
-- 
Will

https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev
Re: [PATCH] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
Posted by Chunyan Zhang 1 year, 5 months ago 
On Tue, 16 Jul 2024 at 20:55, Artem Chernyshev
<artem.chernyshev@red-soft.ru> wrote:
>
> In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()
> dom->sdev is equal to NULL, which leads to null dereference.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 9afea57384d4 ("iommu/sprd: Release dma buffer to avoid memory leak")
> Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>

Thanks for fixing this.

Reviewed-by: Chunyan Zhang <zhang.lyra@gmail.com>

> ---
>  drivers/iommu/sprd-iommu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/sprd-iommu.c b/drivers/iommu/sprd-iommu.c
> index ba53571a8239..a2f4ffe6d949 100644
> --- a/drivers/iommu/sprd-iommu.c
> +++ b/drivers/iommu/sprd-iommu.c
> @@ -232,8 +232,8 @@ static void sprd_iommu_cleanup(struct sprd_iommu_domain *dom)
>
>         pgt_size = sprd_iommu_pgt_size(&dom->domain);
>         dma_free_coherent(dom->sdev->dev, pgt_size, dom->pgt_va, dom->pgt_pa);
> -       dom->sdev = NULL;
>         sprd_iommu_hw_en(dom->sdev, false);
> +       dom->sdev = NULL;
>  }
>
>  static void sprd_iommu_domain_free(struct iommu_domain *domain)
> --
> 2.44.0
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.