• Geert Uytterhoeven's avatar
    iommu/ipmmu-vmsa: Fix crash on early domain free · b65fa7b5
    Geert Uytterhoeven authored
    [ Upstream commit e5b78f2e ]
    
    If iommu_ops.add_device() fails, iommu_ops.domain_free() is still
    called, leading to a crash, as the domain was only partially
    initialized:
    
        ipmmu-vmsa e67b0000.mmu: Cannot accommodate DMA translation for IOMMU page tables
        sata_rcar ee300000.sata: Unable to initialize IPMMU context
        iommu: Failed to add device ee300000.sata to group 0: -22
        Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038
        ...
        Call trace:
         ipmmu_domain_free+0x1c/0xa0
         iommu_group_release+0x48/0x68
         kobject_put+0x74/0xe8
         kobject_del.part.0+0x3c/0x50
         kobject_put+0x60/0xe8
         iommu_group_get_for_dev+0xa8/0x1f0
         ipmmu_add_device+0x1c/0x40
         of_iommu_configure+0x118/0x190
    
    Fix this by checking if the domain's context already exists, before
    trying to destroy it.
    Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
    Reviewed-by: default avatarRobin Murphy <robin.murphy@arm.com>
    Fixes: d25a2a16 ('iommu: Add driver for Renesas VMSA-compatible IPMMU')
    Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    b65fa7b5
ipmmu-vmsa.c 25.5 KB