Re: [PATCH -next v2] iommu/amd: fix a null-ptr-deref in map_sg()

From: Joerg Roedel
Date: Tue May 07 2019 - 03:39:54 EST

Next message: Greg Kurz: "Re: [PATCH] vfio-pci/nvlink2: Fix potential VMA leak"
Previous message: Stephen Rothwell: "linux-next: Tree for May 7"
In reply to: Qian Cai: "[PATCH -next v2] iommu/amd: fix a null-ptr-deref in map_sg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Qian,

On Mon, May 06, 2019 at 12:44:40PM -0400, Qian Cai wrote:
> The commit 1a1079011da3 ("iommu/amd: Flush not present cache in
> iommu_map_page") added domain_flush_np_cache() in map_sg() which
> triggered a crash below during boot. sg_next() could return NULL if
> sg_is_last() is true, so after for_each_sg(sglist, s, nelems, i), "s"
> could be NULL which ends up deferencing a NULL pointer later here,
>
> domain_flush_np_cache(domain, s->dma_address, s->dma_length);
>
> so move domain_flush_np_cache() call inside for_each_sg() to loop over
> each sg element.

Thanks for the fix, but it is too late to merge it into the tree. I am
going to revert commit 1a1079011da3 for now and we can try again in the
next cycle.

Thanks,

Joerg

Next message: Greg Kurz: "Re: [PATCH] vfio-pci/nvlink2: Fix potential VMA leak"
Previous message: Stephen Rothwell: "linux-next: Tree for May 7"
In reply to: Qian Cai: "[PATCH -next v2] iommu/amd: fix a null-ptr-deref in map_sg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]