Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C07D6C64EC7 for ; Wed, 22 Feb 2023 08:13:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231277AbjBVINr (ORCPT ); Wed, 22 Feb 2023 03:13:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59484 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231126AbjBVINp (ORCPT ); Wed, 22 Feb 2023 03:13:45 -0500 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42793AD12; Wed, 22 Feb 2023 00:13:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1677053622; x=1708589622; h=from:to:cc:subject:date:message-id; bh=qJcai1HxyJhUZs8xkP6Kzc6D6zv9YtIedUROjHo5Cc0=; b=nyTmJWdX2Qm6/3B3MBojmuchqjHvsLHDTGDBsUhRAr2Qb+l4Co8WXdm7 13VwuxdkMTrTuq4OPMS4GtYrknWBUKOUwGs1T/Qj87K/SN90dTMUXARZU NrFJEF8wqt1hzBrsE365jE0wF9sG/GN+5dCQDA6Xqi2D+uKWJO/EaUeED +eStav9eryPu7ILPs8g9OnGhuT86tBRsdvWepzXPO2GDqjPzNyzGJRXnf ojKApsflX5yPWNIdgy1cEih5Rz0WMP1V3n2Qz6fntHuHuICRcEK7OmeNY i0v24lP7Ekh1YKb4n4xeQOLviRXhbvrTulh84nKO2/dQJGDYkuAwjgvi0 g==; X-IronPort-AV: E=McAfee;i="6500,9779,10628"; a="395346717" X-IronPort-AV: E=Sophos;i="5.97,318,1669104000"; d="scan'208";a="395346717" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2023 00:13:41 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10628"; a="649471253" X-IronPort-AV: E=Sophos;i="5.97,318,1669104000"; d="scan'208";a="649471253" Received: from yzhao56-desk.sh.intel.com ([10.239.159.62]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2023 00:13:39 -0800 From: Yan Zhao To: alex.williamson@redhat.com, jgg@nvidia.com, kevin.tian@intel.com Cc: yi.l.liu@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yan Zhao Subject: [PATCH] vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd Date: Wed, 22 Feb 2023 15:49:38 +0800 Message-Id: <20230222074938.13681-1-yan.y.zhao@intel.com> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org group->iommufd is not initialized for the iommufd_ctx_put() [20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000 [20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd] ... [20018.476483] Call Trace: [20018.479214] [20018.481555] vfio_group_fops_unl_ioctl+0x506/0x690 [vfio] [20018.487586] __x64_sys_ioctl+0x6a/0xb0 [20018.491773] ? trace_hardirqs_on+0xc5/0xe0 [20018.496347] do_syscall_64+0x67/0x90 [20018.500340] entry_SYSCALL_64_after_hwframe+0x4b/0xb5 Fixes: 9eefba8002c2 ("vfio: Move vfio group specific code into group.c") Signed-off-by: Yan Zhao --- drivers/vfio/group.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vfio/group.c b/drivers/vfio/group.c index 57ebe5e1a7e6..8649f85f3be4 100644 --- a/drivers/vfio/group.c +++ b/drivers/vfio/group.c @@ -137,7 +137,7 @@ static int vfio_group_ioctl_set_container(struct vfio_group *group, ret = iommufd_vfio_compat_ioas_id(iommufd, &ioas_id); if (ret) { - iommufd_ctx_put(group->iommufd); + iommufd_ctx_put(iommufd); goto out_unlock; } -- 2.17.1