Patch "iommu: Check if group is NULL before remove device" has been added to the 5.4-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 21 Aug 2021 22:42:02 -0400

This is a note to let you know that I've just added the patch titled

    iommu: Check if group is NULL before remove device

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     iommu-check-if-group-is-null-before-remove-device.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 31572e7a3b58674bcd68893db81d12835435fdcd
Author: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
Date:   Sat Jul 31 09:47:37 2021 +0200

    iommu: Check if group is NULL before remove device
    
    [ Upstream commit 5aa95d8834e07907e64937d792c12ffef7fb271f ]
    
    If probe_device is failing, iommu_group is not initialized because
    iommu_group_add_device is not reached, so freeing it will result
    in NULL pointer access.
    
    iommu_bus_init
      ->bus_iommu_probe
          ->probe_iommu_group in for each:/* return -22 in fail case */
              ->iommu_probe_device
                  ->__iommu_probe_device       /* return -22 here.*/
                      -> ops->probe_device          /* return -22 here.*/
                      -> iommu_group_get_for_dev
                            -> ops->device_group
                            -> iommu_group_add_device //good case
      ->remove_iommu_group  //in fail case, it will remove group
         ->iommu_release_device
             ->iommu_group_remove_device // here we don't have group
    
    In my case ops->probe_device (mtk_iommu_probe_device from
    mtk_iommu_v1.c) is due to failing fwspec->ops mismatch.
    
    Fixes: d72e31c93746 ("iommu: IOMMU Groups")
    Signed-off-by: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20210731074737.4573-1-linux@xxxxxxxxx
    Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 9d7232e26ecf..c5758fb696cc 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -775,6 +775,9 @@ void iommu_group_remove_device(struct device *dev)
 	struct iommu_group *group = dev->iommu_group;
 	struct group_device *tmp_device, *device = NULL;
 
+	if (!group)
+		return;
+
 	dev_info(dev, "Removing from iommu group %d\n", group->id);
 
 	/* Pre-notify listeners that a device is being removed. */






