| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jul 2016 14:49:32 -0400 From: Nate Watterson <nwatters@...eaurora.org> To: robin.murphy@....com, Joerg Roedel <joro@...tes.org>, iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org Cc: Nate Watterson <nwatters@...eaurora.org> Subject: [PATCH] iommu/iova: validate iova_domain input to put_iova_domain Passing a NULL or uninitialized iova_domain into put_iova_domain will currently crash the kernel when the unconfigured iova_domain data members are accessed. To prevent this from occurring, this patch adds a check to make sure that the domain is non-NULL and that the domain granule is non-zero. The granule can be used to check if the domain was properly initialized because calling init_iova_domain with a granule of zero would have already triggered a BUG statement crashing the kernel. Signed-off-by: Nate Watterson <nwatters@...eaurora.org> --- drivers/iommu/iova.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c index e23001b..3511a1c 100644 --- a/drivers/iommu/iova.c +++ b/drivers/iommu/iova.c @@ -459,6 +459,10 @@ void put_iova_domain(struct iova_domain *iovad) struct rb_node *node; unsigned long flags; + /* Only teardown properly initialized domains */ + if (!iovad || !iovad->granule) + return; + free_iova_rcaches(iovad); spin_lock_irqsave(&iovad->iova_rbtree_lock, flags); node = rb_first(&iovad->rbroot); -- Qualcomm Datacenter Technologies, Inc. on behalf of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.
Powered by blists - more mailing lists