lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <e22ea775-84e3-4116-a81a-52031be9f176@arm.com>
Date: Tue, 9 Dec 2025 11:43:55 +0000
From: Robin Murphy <robin.murphy@....com>
To: Haotian Zhang <vulab@...as.ac.cn>, Joerg Roedel <joro@...tes.org>,
 Will Deacon <will@...nel.org>, Heiko Stuebner <heiko@...ech.de>
Cc: iommu@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org,
 linux-rockchip@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iommu/rockchip: Check of_find_device_by_node() return
 value

On 2025-12-09 11:33 am, Haotian Zhang wrote:
> rk_iommu_of_xlate() calls of_find_device_by_node() without
> verifying it is non-NULL, which can lead to a NULL pointer
> dereference and crash.

No, it can't. Please look at how of_xlate is called - at this point we 
are looking up the IOMMU device, which has a driver bound to it, which 
has registered ops against this of_node that are the only way to reach 
this function in the first place. If the device could have somehow 
disappeared from underneath an active driver, this potential crash is 
the least of the kernel's worries...

Thanks,
Robin.

> Add a check for a NULL return from of_find_device_by_node()
> and return -ENODEV upon failure.
> 
> Fixes: 5fd577c3eac3 ("iommu/rockchip: Use OF_IOMMU to attach devices automatically")
> Signed-off-by: Haotian Zhang <vulab@...as.ac.cn>
> ---
>   drivers/iommu/rockchip-iommu.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/iommu/rockchip-iommu.c b/drivers/iommu/rockchip-iommu.c
> index 0861dd469bd8..e59d0617574b 100644
> --- a/drivers/iommu/rockchip-iommu.c
> +++ b/drivers/iommu/rockchip-iommu.c
> @@ -1153,6 +1153,8 @@ static int rk_iommu_of_xlate(struct device *dev,
>   	struct rk_iommudata *data;
>   
>   	iommu_dev = of_find_device_by_node(args->np);
> +	if (!iommu_dev)
> +		return -ENODEV;
>   
>   	data = devm_kzalloc(&iommu_dev->dev, sizeof(*data), GFP_KERNEL);
>   	if (!data)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ