iommu/vt-d: Fix mm reference leak (4b602f68) · Commits · e / devices / android_kernel_fairphone_FP4

[ Upstream commit 902baf61adf6b187f0a6b789e70d788ea71ff5bc ] Move canonical address check before mmget_not_zero() to avoid mm reference leak. Fixes: ("iommu/vt-d: IOMMU Page Request needs to check if address is canonical.") Signed-off-by:

Jacob Pan <jacob.jun.pan@linux.intel.com> Acked-by:

Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by:

Joerg Roedel <jroedel@suse.de> Signed-off-by:

Sasha Levin <sashal@kernel.org>

drivers/iommu/intel-svm.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -620,14 +620,15 @@ static irqreturn_t prq_event_thread(int irq, void *d)
		* any faults on kernel addresses. */
		if (!svm->mm)
		goto bad_req;
		/* If the mm is already defunct, don't handle faults. */
		if (!mmget_not_zero(svm->mm))
		goto bad_req;

		/* If address is not canonical, return invalid response */
		if (!is_canonical_address(address))
		goto bad_req;

		/* If the mm is already defunct, don't handle faults. */
		if (!mmget_not_zero(svm->mm))
		goto bad_req;

		down_read(&svm->mm->mmap_sem);
		vma = find_extend_vma(svm->mm, address);
		if (!vma \|\| address < vma->vm_start)