Re: [PATCH] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
From: Chunyan Zhang
Date: Wed Jul 17 2024 - 02:20:43 EST
On Tue, 16 Jul 2024 at 20:55, Artem Chernyshev
<artem.chernyshev@xxxxxxxxxxx> wrote:
>
> In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()
> dom->sdev is equal to NULL, which leads to null dereference.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 9afea57384d4 ("iommu/sprd: Release dma buffer to avoid memory leak")
> Signed-off-by: Artem Chernyshev <artem.chernyshev@xxxxxxxxxxx>
Thanks for fixing this.
Reviewed-by: Chunyan Zhang <zhang.lyra@xxxxxxxxx>
> ---
> drivers/iommu/sprd-iommu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/sprd-iommu.c b/drivers/iommu/sprd-iommu.c
> index ba53571a8239..a2f4ffe6d949 100644
> --- a/drivers/iommu/sprd-iommu.c
> +++ b/drivers/iommu/sprd-iommu.c
> @@ -232,8 +232,8 @@ static void sprd_iommu_cleanup(struct sprd_iommu_domain *dom)
>
> pgt_size = sprd_iommu_pgt_size(&dom->domain);
> dma_free_coherent(dom->sdev->dev, pgt_size, dom->pgt_va, dom->pgt_pa);
> - dom->sdev = NULL;
> sprd_iommu_hw_en(dom->sdev, false);
> + dom->sdev = NULL;
> }
>
> static void sprd_iommu_domain_free(struct iommu_domain *domain)
> --
> 2.44.0
>