Re: [PATCH 2/2] iommu/vt-d: Fix possible use-after-free of private domain

From: Alex Williamson
Date: Thu Aug 08 2019 - 16:11:00 EST

Next message: Joel Fernandes: "Re: [PATCH RFC v1 1/2] rcu/tree: Add basic support for kfree_rcu batching"
Previous message: Alex Williamson: "Re: [PATCH 1/2] iommu/vt-d: Detach domain before using a private one"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 6 Aug 2019 08:14:09 +0800
Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx> wrote:

> Multiple devices might share a private domain. One real example
> is a pci bridge and all devices behind it. When remove a private
> domain, make sure that it has been detached from all devices to
> avoid use-after-free case.
>
> Cc: Ashok Raj <ashok.raj@xxxxxxxxx>
> Cc: Jacob Pan <jacob.jun.pan@xxxxxxxxxxxxxxx>
> Cc: Kevin Tian <kevin.tian@xxxxxxxxx>
> Cc: Alex Williamson <alex.williamson@xxxxxxxxxx>
> Fixes: 942067f1b6b97 ("iommu/vt-d: Identify default domains replaced with private")
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> ---

Tested-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

> drivers/iommu/intel-iommu.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 37259b7f95a7..12d094d08c0a 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -4791,7 +4791,8 @@ static void __dmar_remove_one_dev_info(struct device_domain_info *info)
>
> /* free the private domain */
> if (domain->flags & DOMAIN_FLAG_LOSE_CHILDREN &&
> - !(domain->flags & DOMAIN_FLAG_STATIC_IDENTITY))
> + !(domain->flags & DOMAIN_FLAG_STATIC_IDENTITY) &&
> + list_empty(&domain->devices))
> domain_exit(info->domain);
>
> free_devinfo_mem(info);

Next message: Joel Fernandes: "Re: [PATCH RFC v1 1/2] rcu/tree: Add basic support for kfree_rcu batching"
Previous message: Alex Williamson: "Re: [PATCH 1/2] iommu/vt-d: Detach domain before using a private one"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]