iommu: iommu-debug: fix null-ptr-deref in atos write

iommu_debug_atos_write checks for invalid phys address before atos write. If done without domain attach this can result in null-ptr-deref. example call trace: iommu_iova_to_phys+0x10 iommu_debug_atos_write+0x74 __vfs_write+0x60 vfs_write+0xe4 ksys_write+0x78 __arm64_sys_write+0x1c el0_svc_common+0xbc el0_svc_handler+0x68 el0_svc+0x8 Fix this by checking for valid domain attached. Change-Id: Ib35ae624ed5a9d18c4772697df73887dba8b4bb6 Signed-off-by: Prakash Gupta <guptap@codeaurora.org>
2021-05-19 17:40:33 +05:30 · 2021-05-19 17:40:33 +05:30 · ad33dcba50
commit ad33dcba50
parent 825798613d
1 changed files with 6 additions and 1 deletions
--- a/drivers/iommu/iommu-debug.c
+++ b/drivers/iommu/iommu-debug.c
@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
- * Copyright (c) 2015-2020, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2015-2021, The Linux Foundation. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 and
@ -1546,6 +1546,11 @@ static ssize_t iommu_debug_atos_write(struct file *file,
 		return -EINVAL;
 	}

+	if (!ddev->domain) {
+		pr_err_ratelimited("No domain. Did you already attach?\n");
+		return -EINVAL;
+	}
+
 	phys = iommu_iova_to_phys(ddev->domain, iova);
 	pfn = __phys_to_pfn(phys);
 	if (!pfn_valid(pfn)) {