| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170824124733.GH19768@x1>
Date: Thu, 24 Aug 2017 20:47:33 +0800
From: Baoquan He <bhe@...hat.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org,
joro@...tes.org
Subject: Re: [PATCH] iommu/amd: Check if domain is NULL before dereference it
On 08/24/17 at 03:32pm, Dan Carpenter wrote:
> Take a look at this code for example. But all the places which call
> get_domain() are the same:
>
> drivers/iommu/amd_iommu.c
> 2648 page = virt_to_page(virt_addr);
> 2649 size = PAGE_ALIGN(size);
> 2650
> 2651 domain = get_domain(dev);
> ^^^^^^^^^^^^^^
> imagined get_domain() returns NULL.
>
> 2652 if (IS_ERR(domain))
> 2653 goto free_mem;
> 2654
> 2655 dma_dom = to_dma_ops_domain(domain);
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> This will Oops.
I see, it's a problem. Thanks for telling!
How about below change? But I am not very sure which errno should be
picked, seems the latter one, EBUSY is better since it has passed the
check_device() checking.
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 16f1e6af00b0..2d7d04472555 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -2262,6 +2262,9 @@ static struct protection_domain *get_domain(struct device *dev)
domain = to_pdomain(io_domain);
attach_device(dev, domain);
}
+ if (domain == NULL)
+ return ERR_PTR(-EBUSY);
+
if (!dma_ops_domain(domain))
return ERR_PTR(-EBUSY);
--
2.5.5
Powered by blists - more mailing lists