On Tue, Aug 09, 2016 at 04:23:17PM +0100, Robin Murphy wrote:
> Due to the limitations of having to wait until we see a device's DMA
> restrictions before we know how we want an IOVA domain initialised,
> there is a window for error if a DMA ops domain is allocated but later
> freed without ever being used. In that case, init_iova_domain() was
> never called, so calling put_iova_domain() from iommu_put_dma_cookie()
> ends up trying to take an uninitialised lock and crashing.
>
> Make things robust by skipping the call unless the IOVA domain actually
> has been initialised, as we probably should have done from the start.
>
> Fixes: 0db2e5d18f76 ("iommu: Implement common IOMMU ops for DMA mapping")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Nate Watterson <nwatters@xxxxxxxxxxxxxx>
> Reviewed-by: Nate Watterson <nwatters@xxxxxxxxxxxxxx>
> Tested-by: Nate Watterson <nwatters@xxxxxxxxxxxxxx>
> Reviewed-by: Eric Auger <eric.auger@xxxxxxxxxx>
> Tested-by: Eric Auger <eric.auger@xxxxxxxxxx>
> Signed-off-by: Robin Murphy <robin.murphy@xxxxxxx>
> ---
> drivers/iommu/dma-iommu.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Wow, that was quick :)
Applied to iommu/fixes, thanks.
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html