lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Jun 2019 15:12:54 +0100
From:   Tom Murphy <>
To:     Joerg Roedel <>
Cc:     Qian Cai <>,,
Subject: Re: [PATCH -next v2] iommu/amd: fix a null-ptr-deref in map_sg()

Hi Joerg,

Is there anything I need to do to get this patch into linux-next? My
patch to convert the amd iommu driver to use the dma-iommu ops depends
on this patch.


On Tue, May 7, 2019 at 8:39 AM Joerg Roedel <> wrote:
> Hi Qian,
> On Mon, May 06, 2019 at 12:44:40PM -0400, Qian Cai wrote:
> > The commit 1a1079011da3 ("iommu/amd: Flush not present cache in
> > iommu_map_page") added domain_flush_np_cache() in map_sg() which
> > triggered a crash below during boot. sg_next() could return NULL if
> > sg_is_last() is true, so after for_each_sg(sglist, s, nelems, i), "s"
> > could be NULL which ends up deferencing a NULL pointer later here,
> >
> > domain_flush_np_cache(domain, s->dma_address, s->dma_length);
> >
> > so move domain_flush_np_cache() call inside for_each_sg() to loop over
> > each sg element.
> Thanks for the fix, but it is too late to merge it into the tree. I am
> going to revert commit 1a1079011da3 for now and we can try again in the
> next cycle.
> Thanks,
>         Joerg

Powered by blists - more mailing lists