Patchwork iommu: WARN_ON when removing a device with no iommu_group associated

login
register
mail settings
Submitter Wei Yang
Date Aug. 23, 2013, 1:55 a.m.
Message ID <1377222911-12144-1-git-send-email-weiyang@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/269252/
State Not Applicable
Headers show

Comments

Wei Yang - Aug. 23, 2013, 1:55 a.m.
When removing a device from the system, iommu_group driver will try to
disconnect it from its group. While in some cases, one device may not
associated with any iommu_group. For example, not enough DMA address space.

In the generic bus notification, it will check dev->iommu_group before calling
iommu_group_remove_device(). While in some cases, developers may call
iommu_group_remove_device() in a different code path and without check. For
those devices with dev->iommu_group set to NULL, kernel will crash.

This patch gives a warning and return when trying to remove a device from an
iommu_group with dev->iommu_group set to NULL. This helps to indicate some bad
behavior and also guard the kernel.

Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com>
---
 drivers/iommu/iommu.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
Alex Williamson - Aug. 23, 2013, 3:33 a.m.
[+cc iommu]

On Fri, 2013-08-23 at 09:55 +0800, Wei Yang wrote:
> When removing a device from the system, iommu_group driver will try to
> disconnect it from its group. While in some cases, one device may not
> associated with any iommu_group. For example, not enough DMA address space.
> 
> In the generic bus notification, it will check dev->iommu_group before calling
> iommu_group_remove_device(). While in some cases, developers may call
> iommu_group_remove_device() in a different code path and without check. For
> those devices with dev->iommu_group set to NULL, kernel will crash.
> 
> This patch gives a warning and return when trying to remove a device from an
> iommu_group with dev->iommu_group set to NULL. This helps to indicate some bad
> behavior and also guard the kernel.
> 
> Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com>

Acked-by: Alex Williamson <alex.williamson@redhat.com>

> ---
>  drivers/iommu/iommu.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index fbe9ca7..43396f0 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -379,6 +379,9 @@ void iommu_group_remove_device(struct device *dev)
>  	struct iommu_group *group = dev->iommu_group;
>  	struct iommu_device *tmp_device, *device = NULL;
>  
> +	if (WARN_ON(!group))
> +		return;
> +
>  	/* Pre-notify listeners that a device is being removed. */
>  	blocking_notifier_call_chain(&group->notifier,
>  				     IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
Wei Yang - Sept. 3, 2013, 3:15 a.m.
Any more comments? Or this one is not proper?

On Thu, Aug 22, 2013 at 09:33:27PM -0600, Alex Williamson wrote:
>[+cc iommu]
>
>On Fri, 2013-08-23 at 09:55 +0800, Wei Yang wrote:
>> When removing a device from the system, iommu_group driver will try to
>> disconnect it from its group. While in some cases, one device may not
>> associated with any iommu_group. For example, not enough DMA address space.
>> 
>> In the generic bus notification, it will check dev->iommu_group before calling
>> iommu_group_remove_device(). While in some cases, developers may call
>> iommu_group_remove_device() in a different code path and without check. For
>> those devices with dev->iommu_group set to NULL, kernel will crash.
>> 
>> This patch gives a warning and return when trying to remove a device from an
>> iommu_group with dev->iommu_group set to NULL. This helps to indicate some bad
>> behavior and also guard the kernel.
>> 
>> Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com>
>
>Acked-by: Alex Williamson <alex.williamson@redhat.com>
>
>> ---
>>  drivers/iommu/iommu.c |    3 +++
>>  1 files changed, 3 insertions(+), 0 deletions(-)
>> 
>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>> index fbe9ca7..43396f0 100644
>> --- a/drivers/iommu/iommu.c
>> +++ b/drivers/iommu/iommu.c
>> @@ -379,6 +379,9 @@ void iommu_group_remove_device(struct device *dev)
>>  	struct iommu_group *group = dev->iommu_group;
>>  	struct iommu_device *tmp_device, *device = NULL;
>>  
>> +	if (WARN_ON(!group))
>> +		return;
>> +
>>  	/* Pre-notify listeners that a device is being removed. */
>>  	blocking_notifier_call_chain(&group->notifier,
>>  				     IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);
>
>

Patch

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index fbe9ca7..43396f0 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -379,6 +379,9 @@  void iommu_group_remove_device(struct device *dev)
 	struct iommu_group *group = dev->iommu_group;
 	struct iommu_device *tmp_device, *device = NULL;
 
+	if (WARN_ON(!group))
+		return;
+
 	/* Pre-notify listeners that a device is being removed. */
 	blocking_notifier_call_chain(&group->notifier,
 				     IOMMU_GROUP_NOTIFY_DEL_DEVICE, dev);