Re: [syzbot] test uaf in iommufd_vfio_ioas
From: syzbot
Date: Thu Nov 02 2023 - 21:18:12 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.
***
Subject: test uaf in iommufd_vfio_ioas
Author: lizhi.xu@xxxxxxxxxxxxx
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2af9b20dbb39
diff --git a/drivers/iommu/iommufd/vfio_compat.c b/drivers/iommu/iommufd/vfio_compat.c
index 6c810bf80f99..85cff4489757 100644
--- a/drivers/iommu/iommufd/vfio_compat.c
+++ b/drivers/iommu/iommufd/vfio_compat.c
@@ -138,6 +138,8 @@ int iommufd_vfio_ioas(struct iommufd_ucmd *ucmd)
case IOMMU_VFIO_IOAS_SET:
ioas = iommufd_get_ioas(ucmd->ictx, cmd->ioas_id);
+ if (!ioas)
+ return -EINVAL;
if (IS_ERR(ioas))
return PTR_ERR(ioas);
xa_lock(&ucmd->ictx->objects);