Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e60af429 authored by Patrick Daly's avatar Patrick Daly
Browse files

iommu/arm-smmu: Fix a Null pointer dereference 



Introduced by 99afd053.
"iommu/arm-smmu: Be explicit about security mechanism"

Internal error: Oops: 96000006 [#1] PREEMPT SMP
[<ffffffc0009f37d0>] arm_smmu_is_master_side_secure+0x14/0x28
[<ffffffc0009f029c>] io_pgtable_free_pages_exact+0x30/0x94
[<ffffffc0009f0388>] __arm_lpae_free_pgtable+0x88/0xf0
[<ffffffc0009f03e4>] __arm_lpae_free_pgtable+0xe4/0xf0
[<ffffffc0009f0410>] arm_lpae_free_pgtable+0x20/0x38
[<ffffffc0009f01cc>] free_io_pgtable_ops+0x24/0x30
[<ffffffc0009f4ce8>] arm_smmu_domain_destroy+0x1c/0xa8
[<ffffffc0009ed0cc>] iommu_domain_free+0x1c/0x34
[<ffffffc0009f35c4>] iommu_debug_device_profiling+0x660/0x6a4
[<ffffffc0009f361c>] iommu_debug_secure_profiling_show+0x14/0x24
[<ffffffc0001c4a2c>] seq_read+0x180/0x3b0

Found when running:
cat /sys/kernel/debug/iommu/tests/client_name/secure_profiling

Add a new smmu_domain variable to track whether the domain belongs to a
master-side or slave-side secure context.

Change-Id: Ib32cc6fb03f863522de10e416007114c6e91776f
Signed-off-by: default avatarPatrick Daly <pdaly@codeaurora.org>
parent 44729256

drivers/iommu/arm-smmu.c

+5 −3
Original line number Diff line number Diff line
@@ -452,6 +452,7 @@ struct arm_smmu_domain { 
	enum arm_smmu_domain_stage	stage;

	struct mutex			init_mutex; /* Protects smmu pointer */

	u32				attributes;

	bool				slave_side_secure;

	u32				secure_vmid;

	struct list_head		pte_info_list;

	struct list_head		unassign_list;
@@ -1491,14 +1492,14 @@ static bool arm_smmu_has_secure_vmid(struct arm_smmu_domain *smmu_domain) 


static bool arm_smmu_is_slave_side_secure(struct arm_smmu_domain *smmu_domain)

{

	return arm_smmu_has_secure_vmid(smmu_domain) &&

			arm_smmu_is_static_cb(smmu_domain->smmu);

	return arm_smmu_has_secure_vmid(smmu_domain)

		&& smmu_domain->slave_side_secure;

}



static bool arm_smmu_is_master_side_secure(struct arm_smmu_domain *smmu_domain)

{

	return arm_smmu_has_secure_vmid(smmu_domain)

		&& !arm_smmu_is_static_cb(smmu_domain->smmu);

		&& !smmu_domain->slave_side_secure;

}



static void arm_smmu_secure_domain_lock(struct arm_smmu_domain *smmu_domain)
@@ -2110,6 +2111,7 @@ static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device *dev) 
			dev_err(dev, "Failed to get valid context bank\n");

			goto err_disable_clocks;

		}

		smmu_domain->slave_side_secure = true;

	}



	/* Ensure that the domain is finalised */