[PATCH v2 2/2] iommu/omap: fix NULL pointer dereference

public inbox for linux-arm-kernel@lists.infradead.org 
 help / color / mirror / Atom feed

From: Joerg.Roedel@amd•com (Joerg Roedel)
To: linux-arm-kernel@lists•infradead.org
Subject: [PATCH v2 2/2] iommu/omap: fix NULL pointer dereference
Date: Thu, 23 Feb 2012 17:11:09 +0100	[thread overview]
Message-ID: <20120223161109.GB2454@amd.com> (raw)
In-Reply-To: <1329902086-13868-1-git-send-email-ohad@wizery.com>

I guess these patches are 3.3 material? How about tagging them for
stable too?

On Wed, Feb 22, 2012 at 11:14:46AM +0200, Ohad Ben-Cohen wrote:
> Fix this:
> 
> root at omap4430-panda:~# cat /debug/iommu/ducati/mem
> [   62.725708] Unable to handle kernel NULL pointer dereference at virtual addre
> ss 0000001c
> [   62.725708] pgd = e6240000
> [   62.737091] [0000001c] *pgd=a7168831, *pte=00000000, *ppte=00000000
> [   62.743682] Internal error: Oops: 17 [#1] SMP
> [   62.743682] Modules linked in: omap_iommu_debug omap_iovmm virtio_rpmsg_bus o
> map_remoteproc remoteproc virtio_ring virtio mailbox_mach mailbox
> [   62.743682] CPU: 0    Not tainted  (3.3.0-rc1-00265-g382f84e-dirty #682)
> [   62.743682] PC is at debug_read_mem+0x5c/0xac [omap_iommu_debug]
> [   62.743682] LR is at 0x1004
> [   62.777832] pc : [<bf033178>]    lr : [<00001004>]    psr: 60000013
> [   62.777832] sp : e72c7f40  ip : c0763c00  fp : 00000001
> [   62.777832] r10: 00000000  r9 : 00000000  r8 : e72c7f80
> [   62.777832] r7 : e6ffdc08  r6 : bed1ac78  r5 : 00001000  r4 : e7276000
> [   62.777832] r3 : e60f3460  r2 : 00000000  r1 : e60f38c0  r0 : 00000000
> [   62.777832] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
> [   62.816375] Control: 10c53c7d  Table: a624004a  DAC: 00000015
> [   62.816375] Process cat (pid: 1176, stack limit = 0xe72c62f8)
> [   62.828369] Stack: (0xe72c7f40 to 0xe72c8000)
> ...
> [   62.884185] [<bf033178>] (debug_read_mem+0x5c/0xac [omap_iommu_debug]) from [
> <c010e354>] (vfs_read+0xac/0x130)
> [   62.884185] [<c010e354>] (vfs_read+0xac/0x130) from [<c010e4a8>] (sys_read+0x
> 40/0x70)
> [   62.884185] [<c010e4a8>] (sys_read+0x40/0x70) from [<c0014a00>] (ret_fast_sys
> call+0x0/0x3c)
> 
> Fix also its 'echo bla > /debug/iommu/ducati/mem' Oops sibling, too.
> 
> Signed-off-by: Ohad Ben-Cohen <ohad@wizery•com>
> Cc: Tony Lindgren <tony@atomide•com>
> Cc: Hiroshi Doyu <hdoyu@nvidia•com>
> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard•com>
> Cc: Russell King <linux@arm•linux.org.uk>
> Cc: Joerg Roedel <Joerg.Roedel@amd•com>
> ---
> v2: omap_find_iovm_area only returns NULL for errors. thanks, rmk.
> 
>  drivers/iommu/omap-iommu-debug.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/iommu/omap-iommu-debug.c b/drivers/iommu/omap-iommu-debug.c
> index bad9f9d..103dbd9 100644
> --- a/drivers/iommu/omap-iommu-debug.c
> +++ b/drivers/iommu/omap-iommu-debug.c
> @@ -274,7 +274,7 @@ static ssize_t debug_read_mem(struct file *file, char __user *userbuf,
>  	mutex_lock(&iommu_debug_lock);
>  
>  	area = omap_find_iovm_area(dev, (u32)ppos);
> -	if (IS_ERR(area)) {
> +	if (!area) {
>  		bytes = -EINVAL;
>  		goto err_out;
>  	}
> @@ -311,7 +311,7 @@ static ssize_t debug_write_mem(struct file *file, const char __user *userbuf,
>  	}
>  
>  	area = omap_find_iovm_area(dev, (u32)ppos);
> -	if (IS_ERR(area)) {
> +	if (!area) {
>  		count = -EINVAL;
>  		goto err_out;
>  	}
> -- 
> 1.7.5.4
> 

-- 
AMD Operating System Research Center

Advanced Micro Devices GmbH Einsteinring 24 85609 Dornach
General Managers: Alberto Bozzo
Registration: Dornach, Landkr. Muenchen; Registerger. Muenchen, HRB Nr. 43632

next prev parent reply	other threads:[~2012-02-23 16:11 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-22  9:14 [PATCH v2 2/2] iommu/omap: fix NULL pointer dereference Ohad Ben-Cohen
2012-02-23 16:11 ` Joerg Roedel [this message]
2012-02-23 16:16   ` Ohad Ben-Cohen
2012-02-23 16:37     ` Joerg Roedel
2012-02-24 13:16     ` Joerg Roedel
2012-02-26 10:20       ` Ohad Ben-Cohen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120223161109.GB2454@amd.com \
    --to=joerg.roedel@amd$(echo .)com \
    --cc=linux-arm-kernel@lists$(echo .)infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox