Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1723852ybz; Sat, 18 Apr 2020 07:12:18 -0700 (PDT) X-Google-Smtp-Source: APiQypJaQLla9qtTBd8G1/VaFxVDVB+9TbH/QRbHvXhfjyQ065FcMJRjz8mDXmIkPLykZ6/hmYE8 X-Received: by 2002:a17:906:3289:: with SMTP id 9mr7873269ejw.130.1587219138334; Sat, 18 Apr 2020 07:12:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587219138; cv=none; d=google.com; s=arc-20160816; b=x3tO2l7QWbABv4ciibEATm/tYunBDJWAhuD8/492fmTHPYZDo4fidV8nEF/MtmPxHC BxM5EFrMn394Wk1E2X5bQO8+QUUWcDROOP5qu94JbvBCGpT7azJDywilKZvxaNy7KukK ebR9skJwB3MptYw/+LLyfq/NN/LFMXoJhMDQeHjlZrjFdMLeX9rFkGsnUFC4Frr6OvPS pha6W0xvnTTspvOGwDowrTR1wOs3NqJ0eEzCVFmtaYYc7oPOOCvIrcoicD0LOVJVSIl9 DOte1PBa1DjpuMuLtYCo8DLm2awFEkbcYu83EvEENO+OAT5ShO22RFmFIbyWWMKC099h ILwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lMCUla6vj/gfKKcRrSlUTcEh0k0DsYkOm4N34PF5w9k=; b=iabQxS/MKoCKWZcHtM4JRDf0WwctPiUnCBOXC2ntRqiQ4B8kiTqyMSVWZdlfCMl3Gi bIqSfk+aO2icysOSJLpoVU60q5ieSUG2ylxnqTAvqSSOvWto+hSf4C5K6fO/DAjXjHIH kbLI/0csDM5KuVTPFZ1FOo19NS40NjhnRIECWhStK7NEsOC4F0Z3I6+bogcL+J8BV7Zs 3f/N5fNVjjjkuhPcD136NtdpJrLllmCbMiS4i37Y265otOvdML8fKWV5JZi4C3eFYzDg 2NeSZRzBbf3z8acRKCG74Wf2lnAgEaGHUxIlOXkBMTdSKh0CupXrwOTLrNnXSsLDYf9m 0WLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2Jw0S5Sk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l24si14244014eja.496.2020.04.18.07.11.55; Sat, 18 Apr 2020 07:12:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2Jw0S5Sk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726941AbgDROKU (ORCPT + 99 others); Sat, 18 Apr 2020 10:10:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:37978 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726823AbgDROKI (ORCPT ); Sat, 18 Apr 2020 10:10:08 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EDCD621D6C; Sat, 18 Apr 2020 14:10:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587219007; bh=W8o+PisOtU2oX7Zz9Q/BVrsKAC2DBRGXAIHr24EMmzs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2Jw0S5Sklct9YnAAh92kdtbRUb4/hyLd2cdPTrcNcWfGmx7PCQKcHEN6oc4xfWcus YgITxWneRZa58nPKIz95/l+IZN37841Rge3AsU8XslhZG1UFQb1NFdHLZAKSx+5z1n EdSlPfub7b+iTMpZqzslpAxK+L+t2K3B2OHLRKck= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Jean-Philippe Brucker , Eric Auger , Robin Murphy , Joerg Roedel , Sasha Levin , virtualization@lists.linux-foundation.org, iommu@lists.linux-foundation.org Subject: [PATCH AUTOSEL 5.5 45/75] iommu/virtio: Fix freeing of incomplete domains Date: Sat, 18 Apr 2020 10:08:40 -0400 Message-Id: <20200418140910.8280-45-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200418140910.8280-1-sashal@kernel.org> References: <20200418140910.8280-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jean-Philippe Brucker [ Upstream commit 7062af3ed2ba451029e3733d9f677c68f5ea9e77 ] Calling viommu_domain_free() on a domain that hasn't been finalised (not attached to any device, for example) can currently cause an Oops, because we attempt to call ida_free() on ID 0, which may either be unallocated or used by another domain. Only initialise the vdomain->viommu pointer, which denotes a finalised domain, at the end of a successful viommu_domain_finalise(). Fixes: edcd69ab9a32 ("iommu: Add virtio-iommu driver") Reported-by: Eric Auger Signed-off-by: Jean-Philippe Brucker Reviewed-by: Robin Murphy Link: https://lore.kernel.org/r/20200326093558.2641019-3-jean-philippe@linaro.org Signed-off-by: Joerg Roedel Signed-off-by: Sasha Levin --- drivers/iommu/virtio-iommu.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/iommu/virtio-iommu.c b/drivers/iommu/virtio-iommu.c index 315c7cc4f99d8..779a6025b5962 100644 --- a/drivers/iommu/virtio-iommu.c +++ b/drivers/iommu/virtio-iommu.c @@ -613,18 +613,20 @@ static int viommu_domain_finalise(struct viommu_dev *viommu, int ret; struct viommu_domain *vdomain = to_viommu_domain(domain); - vdomain->viommu = viommu; - vdomain->map_flags = viommu->map_flags; + ret = ida_alloc_range(&viommu->domain_ids, viommu->first_domain, + viommu->last_domain, GFP_KERNEL); + if (ret < 0) + return ret; + + vdomain->id = (unsigned int)ret; domain->pgsize_bitmap = viommu->pgsize_bitmap; domain->geometry = viommu->geometry; - ret = ida_alloc_range(&viommu->domain_ids, viommu->first_domain, - viommu->last_domain, GFP_KERNEL); - if (ret >= 0) - vdomain->id = (unsigned int)ret; + vdomain->map_flags = viommu->map_flags; + vdomain->viommu = viommu; - return ret > 0 ? 0 : ret; + return 0; } static void viommu_domain_free(struct iommu_domain *domain) -- 2.20.1