Re: [PATCH] iommu: Fix missing check for return value of iommu_group_get()
From: Baolu Lu
Date: Wed Jun 14 2023 - 22:32:37 EST
On 6/14/23 11:43 PM, Chenyuan Mi wrote:
The iommu_group_get() function may return NULL, which may
cause null pointer deference, and most other callsites of
iommu_group_get() do Null check. Add Null check for return
value of iommu_group_get().
Found by our static analysis tool.
Signed-off-by: Chenyuan Mi <cymi20@xxxxxxxxxxxx>
---
drivers/iommu/iommu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index f1dcfa3f1a1b..ef3483e75511 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -3217,6 +3217,8 @@ EXPORT_SYMBOL_GPL(iommu_group_release_dma_owner);
void iommu_device_release_dma_owner(struct device *dev)
{
struct iommu_group *group = iommu_group_get(dev);
+ if (!group)
+ return;
This interface should never be used in this way.
Check the comments of this function:
"Release the DMA ownership claimed by iommu_device_claim_dma_owner()."
iommu group has been checked in the claim api.
If any driver misuses this api, a null pointer deference warning is
better than ignoring silently.
mutex_lock(&group->mutex);
if (group->owner_cnt > 1)
@@ -3329,6 +3331,8 @@ void iommu_detach_device_pasid(struct iommu_domain *domain, struct device *dev,
ioasid_t pasid)
{
struct iommu_group *group = iommu_group_get(dev);
+ if (!group)
+ return;
Ditto...
mutex_lock(&group->mutex);
__iommu_remove_group_pasid(group, pasid);
Best regards,
baolu