[PATCH 5.16 208/285] iommu/omap: Fix regression in probe for NULL pointer dereference

From: Greg Kroah-Hartman
Date: Tue Apr 12 2022 - 04:23:28 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.16 207/285] SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.16 254/285] drm/amdgpu/smu10: fix SoC/fclk units in auto mode"
In reply to: Greg Kroah-Hartman: "[PATCH 5.16 254/285] drm/amdgpu/smu10: fix SoC/fclk units in auto mode"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.16 207/285] SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tony Lindgren <tony@xxxxxxxxxxx>

[ Upstream commit 71ff461c3f41f6465434b9e980c01782763e7ad8 ]

Commit 3f6634d997db ("iommu: Use right way to retrieve iommu_ops") started
triggering a NULL pointer dereference for some omap variants:

__iommu_probe_device from probe_iommu_group+0x2c/0x38
probe_iommu_group from bus_for_each_dev+0x74/0xbc
bus_for_each_dev from bus_iommu_probe+0x34/0x2e8
bus_iommu_probe from bus_set_iommu+0x80/0xc8
bus_set_iommu from omap_iommu_init+0x88/0xcc
omap_iommu_init from do_one_initcall+0x44/0x24

This is caused by omap iommu probe returning 0 instead of ERR_PTR(-ENODEV)
as noted by Jason Gunthorpe <jgg@xxxxxxxx>.

Looks like the regression already happened with an earlier commit
6785eb9105e3 ("iommu/omap: Convert to probe/release_device() call-backs")
that changed the function return type and missed converting one place.

Cc: Drew Fustini <dfustini@xxxxxxxxxxxx>
Cc: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
Cc: Suman Anna <s-anna@xxxxxx>
Suggested-by: Jason Gunthorpe <jgg@xxxxxxxx>
Fixes: 6785eb9105e3 ("iommu/omap: Convert to probe/release_device() call-backs")
Fixes: 3f6634d997db ("iommu: Use right way to retrieve iommu_ops")
Signed-off-by: Tony Lindgren <tony@xxxxxxxxxxx>
Tested-by: Drew Fustini <dfustini@xxxxxxxxxxxx>
Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20220331062301.24269-1-tony@xxxxxxxxxxx
Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/iommu/omap-iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iommu/omap-iommu.c b/drivers/iommu/omap-iommu.c
index 91749654fd49..be60f6f3a265 100644
--- a/drivers/iommu/omap-iommu.c
+++ b/drivers/iommu/omap-iommu.c
@@ -1661,7 +1661,7 @@ static struct iommu_device *omap_iommu_probe_device(struct device *dev)
num_iommus = of_property_count_elems_of_size(dev->of_node, "iommus",
sizeof(phandle));
if (num_iommus < 0)
- return 0;
+ return ERR_PTR(-ENODEV);

arch_data = kcalloc(num_iommus + 1, sizeof(*arch_data), GFP_KERNEL);
if (!arch_data)
--
2.35.1

Next message: Greg Kroah-Hartman: "[PATCH 5.16 207/285] SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.16 254/285] drm/amdgpu/smu10: fix SoC/fclk units in auto mode"
In reply to: Greg Kroah-Hartman: "[PATCH 5.16 254/285] drm/amdgpu/smu10: fix SoC/fclk units in auto mode"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.16 207/285] SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]