linux

History

Jiang Liu 5ced12af69 iommu/vt-d: fix access after free issue in function free_dmar_iommu() Function free_dmar_iommu() may access domain->iommu_lock by spin_unlock_irqrestore(&domain->iommu_lock, flags); after freeing corresponding domain structure. Sample stack dump: [ 8.912818] ========================= [ 8.917072] [ BUG: held lock freed! ] [ 8.921335] 3.13.0-rc1-gerry+ #12 Not tainted [ 8.926375] ------------------------- [ 8.930629] swapper/0/1 is freeing memory ffff880c23b56040-ffff880c23b5613f, with a lock still held there! [ 8.941675] (&(&domain->iommu_lock)->rlock){......}, at: [<ffffffff81dc775c>] init_dmars+0x72c/0x95b [ 8.952582] 1 lock held by swapper/0/1: [ 8.957031] #0: (&(&domain->iommu_lock)->rlock){......}, at: [<ffffffff81dc775c>] init_dmars+0x72c/0x95b [ 8.968487] [ 8.968487] stack backtrace: [ 8.973602] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.0-rc1-gerry+ #12 [ 8.981556] Hardware name: Intel Corporation LH Pass ........../SVRBD-ROW_T, BIOS SE5C600.86B.99.99.x059.091020121352 09/10/2012 [ 8.994742] ffff880c23b56040 ffff88042dd33c98 ffffffff815617fd ffff88042dd38b28 [ 9.003566] ffff88042dd33cd0 ffffffff810a977a ffff880c23b56040 0000000000000086 [ 9.012403] ffff88102c4923c0 ffff88042ddb4800 ffffffff81b1e8c0 ffff88042dd33d28 [ 9.021240] Call Trace: [ 9.024138] [<ffffffff815617fd>] dump_stack+0x4d/0x66 [ 9.030057] [<ffffffff810a977a>] debug_check_no_locks_freed+0x15a/0x160 [ 9.037723] [<ffffffff811aa1c2>] kmem_cache_free+0x62/0x5b0 [ 9.044225] [<ffffffff81465e27>] domain_exit+0x197/0x1c0 [ 9.050418] [<ffffffff81dc7788>] init_dmars+0x758/0x95b [ 9.056527] [<ffffffff81dc7dfa>] intel_iommu_init+0x351/0x438 [ 9.063207] [<ffffffff81d8a711>] ? iommu_setup+0x27d/0x27d [ 9.069601] [<ffffffff81d8a739>] pci_iommu_init+0x28/0x52 [ 9.075910] [<ffffffff81000342>] do_one_initcall+0x122/0x180 [ 9.082509] [<ffffffff81077738>] ? parse_args+0x1e8/0x320 [ 9.088815] [<ffffffff81d850e8>] kernel_init_freeable+0x1e1/0x26c [ 9.095895] [<ffffffff81d84833>] ? do_early_param+0x88/0x88 [ 9.102396] [<ffffffff8154f580>] ? rest_init+0xd0/0xd0 [ 9.108410] [<ffffffff8154f58e>] kernel_init+0xe/0x130 [ 9.114423] [<ffffffff81574a2c>] ret_from_fork+0x7c/0xb0 [ 9.120612] [<ffffffff8154f580>] ? rest_init+0xd0/0xd0 Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com> Signed-off-by: Joerg Roedel <joro@8bytes.org>		2014-01-09 12:43:42 +01:00
..
amd_iommu_init.c	iommu/amd: Clean up unnecessary MSI/MSI-X capability find	2013-08-14 12:18:52 +02:00
amd_iommu_proto.h	perf/x86/amd: Add IOMMU Performance Counter resource management	2013-06-19 13:04:52 +02:00
amd_iommu_types.h	perf/x86/amd: Add IOMMU Performance Counter resource management	2013-06-19 13:04:52 +02:00
amd_iommu_v2.c	IOMMU Updates for Linux v3.6-rc1	2012-07-24 16:24:11 -07:00
amd_iommu.c	iommu/amd: Fix resource leak in iommu_init_device()	2013-08-14 22:15:46 +02:00
arm-smmu.c	iommu/arm-smmu: fix error return code in arm_smmu_device_dt_probe()	2013-12-06 16:44:25 +00:00
dmar.c	iommu/vt-d: keep shared resources when failed to initialize iommu devices	2014-01-09 12:43:40 +01:00
exynos-iommu.c	iommu/exynos: Remove dead code (set_prefbuf)	2013-08-14 11:28:45 +02:00
fsl_pamu_domain.c	iommu/fsl: Fix whitespace problems noticed by git-am	2013-08-14 11:42:29 +02:00
fsl_pamu_domain.h	iommu/fsl: Freescale PAMU driver and iommu implementation.	2013-08-14 11:38:34 +02:00
fsl_pamu.c	iommu/fsl: Remove unnecessary 'fsl-pamu' prefixes	2013-08-14 11:44:30 +02:00
fsl_pamu.h	iommu/fsl: Freescale PAMU driver and iommu implementation.	2013-08-14 11:38:34 +02:00
intel_irq_remapping.c	iommu/vt-d, trivial: simplify code with existing macros	2014-01-09 12:43:37 +01:00
intel-iommu.c	iommu/vt-d: fix access after free issue in function free_dmar_iommu()	2014-01-09 12:43:42 +01:00
iommu-traces.c	iommu: Add iommu_error class event to iommu trace	2013-09-25 11:07:04 +02:00
iommu.c	Merge branches 'iommu/fixes', 'tracing', 'core', 'arm/tegra', 'x86/vt-d', 'arm/smmu' and 'arm/shmobile' into next	2013-11-01 14:44:25 +01:00
iova.c	iommu: Fix typo in iommu	2012-07-24 12:58:49 +02:00
irq_remapping.c	iommu/vt-d: Mark function eoi_ioapic_pin_remapped() as static in irq_remapping.c	2013-12-30 15:37:23 +01:00
irq_remapping.h	iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets	2013-04-18 17:00:47 +02:00
Kconfig	Don't try to compile shmobile-iommu outside of ARM	2013-11-15 18:57:42 -08:00
Makefile	iommu: Add event tracing feature to iommu	2013-09-24 12:35:24 +02:00
msm_iommu_dev.c	drivers/iommu: remove unnecessary platform_set_drvdata()	2013-09-11 15:56:24 -07:00
msm_iommu_hw-8xxx.h	iommu/msm: Move mach includes to iommu directory	2013-08-06 11:18:03 -07:00
msm_iommu.c	iommu/msm: Move mach includes to iommu directory	2013-08-06 11:18:03 -07:00
msm_iommu.h	iommu/msm: Move mach includes to iommu directory	2013-08-06 11:18:03 -07:00
of_iommu.c	iommu: Add DMA window parser, of_get_dma_window()	2012-06-25 13:50:28 +02:00
omap-iommu2.c	iommu/omap: Adapt to runtime pm	2012-12-03 18:48:23 +01:00
omap-iommu-debug.c	ARM: OMAP2+: Move iommu/iovmm headers to platform_data	2012-11-20 10:05:01 -08:00
omap-iommu.c	drivers/iommu: remove unnecessary platform_set_drvdata()	2013-09-11 15:56:24 -07:00
omap-iommu.h	iommu/omap: Adapt to runtime pm	2012-12-03 18:48:23 +01:00
omap-iopgtable.h	drivers/iommu/omap-iopgtable.h: remove unneeded cast of void*	2013-11-13 12:09:00 +09:00
omap-iovmm.c	iommu/omap: fix checkpatch warnings in omap iommu code	2013-06-20 16:53:26 +02:00
pci.h	iommu: Move swap_pci_ref function to drivers/iommu/pci.h.	2013-04-23 14:55:00 +02:00
shmobile-iommu.c	iommu/fsl: Make iova dma_addr_t in the iommu_iova_to_phys API.	2013-04-02 18:20:53 +02:00
shmobile-ipmmu.c	iommu/shmobile: Add iommu driver for Renesas IPMMU modules	2013-02-06 10:57:25 +01:00
shmobile-ipmmu.h	iommu/shmobile: Add iommu driver for Renesas IPMMU modules	2013-02-06 10:57:25 +01:00
tegra-gart.c	iommu/tegra-gart: Staticize tegra_gart_pm_ops	2013-11-01 14:23:20 +01:00
tegra-smmu.c	iommu/tegra-smmu: Staticize tegra_smmu_pm_ops	2013-11-01 14:23:33 +01:00