Virtual machine domains are created by intel_iommu_domain_init() and should be destroyed by intel_iommu_domain_destroy(). So avoid freeing virtual machine domain data structure in free_dmar_iommu() when doamin->iommu_count reaches zero, otherwise it may cause invalid memory access because the IOMMU framework still holds references to the domain structure. Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxxxxxxx> --- drivers/iommu/intel-iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index b1ac737b3196..fd58d8283802 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -1483,7 +1483,8 @@ static void free_dmar_iommu(struct intel_iommu *iommu) domain = iommu->domains[i]; clear_bit(i, iommu->domain_ids); - if (domain_detach_iommu(domain, iommu) == 0) + if (domain_detach_iommu(domain, iommu) == 0 && + !domain_type_is_vm(domain)) domain_exit(domain); } } -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe dmaengine" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html