linux/drivers/iommu
Jiang Liu b5f36d9e61 iommu/vt-d: fix invalid memory access when freeing DMAR irq
In function free_dmar_iommu(), it sets IRQ handler data to NULL
before calling free_irq(), which will cause invalid memory access
because free_irq() will access IRQ handler data when calling
function dmar_msi_mask(). So only set IRQ handler data to NULL
after calling free_irq().

Sample stack dump:
[   13.094010] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
[   13.103215] IP: [<ffffffff810a97cd>] __lock_acquire+0x4d/0x12a0
[   13.110104] PGD 0
[   13.112614] Oops: 0000 [#1] SMP
[   13.116585] Modules linked in:
[   13.120260] CPU: 60 PID: 1 Comm: swapper/0 Tainted: G        W    3.13.0-rc1-gerry+ #9
[   13.129367] Hardware name: Intel Corporation LH Pass ........../SVRBD-ROW_T, BIOS SE5C600.86B.99.99.x059.091020121352 09/10/2012
[   13.142555] task: ffff88042dd38010 ti: ffff88042dd32000 task.ti: ffff88042dd32000
[   13.151179] RIP: 0010:[<ffffffff810a97cd>]  [<ffffffff810a97cd>] __lock_acquire+0x4d/0x12a0
[   13.160867] RSP: 0000:ffff88042dd33b78  EFLAGS: 00010046
[   13.166969] RAX: 0000000000000046 RBX: 0000000000000002 RCX: 0000000000000000
[   13.175122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000048
[   13.183274] RBP: ffff88042dd33bd8 R08: 0000000000000002 R09: 0000000000000001
[   13.191417] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88042dd38010
[   13.199571] R13: 0000000000000000 R14: 0000000000000048 R15: 0000000000000000
[   13.207725] FS:  0000000000000000(0000) GS:ffff88103f200000(0000) knlGS:0000000000000000
[   13.217014] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   13.223596] CR2: 0000000000000048 CR3: 0000000001a0b000 CR4: 00000000000407e0
[   13.231747] Stack:
[   13.234160]  0000000000000004 0000000000000046 ffff88042dd33b98 ffffffff810a567d
[   13.243059]  ffff88042dd33c08 ffffffff810bb14c ffffffff828995a0 0000000000000046
[   13.251969]  0000000000000000 0000000000000000 0000000000000002 0000000000000000
[   13.260862] Call Trace:
[   13.263775]  [<ffffffff810a567d>] ? trace_hardirqs_off+0xd/0x10
[   13.270571]  [<ffffffff810bb14c>] ? vprintk_emit+0x23c/0x570
[   13.277058]  [<ffffffff810ab1e3>] lock_acquire+0x93/0x120
[   13.283269]  [<ffffffff814623f7>] ? dmar_msi_mask+0x47/0x70
[   13.289677]  [<ffffffff8156b449>] _raw_spin_lock_irqsave+0x49/0x90
[   13.296748]  [<ffffffff814623f7>] ? dmar_msi_mask+0x47/0x70
[   13.303153]  [<ffffffff814623f7>] dmar_msi_mask+0x47/0x70
[   13.309354]  [<ffffffff810c0d93>] irq_shutdown+0x53/0x60
[   13.315467]  [<ffffffff810bdd9d>] __free_irq+0x26d/0x280
[   13.321580]  [<ffffffff810be920>] free_irq+0xf0/0x180
[   13.327395]  [<ffffffff81466591>] free_dmar_iommu+0x271/0x2b0
[   13.333996]  [<ffffffff810a947d>] ? trace_hardirqs_on+0xd/0x10
[   13.340696]  [<ffffffff81461a17>] free_iommu+0x17/0x50
[   13.346597]  [<ffffffff81dc75a5>] init_dmars+0x691/0x77a
[   13.352711]  [<ffffffff81dc7afd>] intel_iommu_init+0x351/0x438
[   13.359400]  [<ffffffff81d8a711>] ? iommu_setup+0x27d/0x27d
[   13.365806]  [<ffffffff81d8a739>] pci_iommu_init+0x28/0x52
[   13.372114]  [<ffffffff81000342>] do_one_initcall+0x122/0x180
[   13.378707]  [<ffffffff81077738>] ? parse_args+0x1e8/0x320
[   13.385016]  [<ffffffff81d850e8>] kernel_init_freeable+0x1e1/0x26c
[   13.392100]  [<ffffffff81d84833>] ? do_early_param+0x88/0x88
[   13.398596]  [<ffffffff8154f8b0>] ? rest_init+0xd0/0xd0
[   13.404614]  [<ffffffff8154f8be>] kernel_init+0xe/0x130
[   13.410626]  [<ffffffff81574d6c>] ret_from_fork+0x7c/0xb0
[   13.416829]  [<ffffffff8154f8b0>] ? rest_init+0xd0/0xd0
[   13.422842] Code: ec 99 00 85 c0 8b 05 53 05 a5 00 41 0f 45 d8 85 c0 0f 84 ff 00 00 00 8b 05 99 f9 7e 01 49 89 fe 41 89 f7 85 c0 0f 84 03 01 00 00 <49> 8b 06 be 01 00 00 00 48 3d c0 0e 01 82 0f 44 de 41 83 ff 01
[   13.450191] RIP  [<ffffffff810a97cd>] __lock_acquire+0x4d/0x12a0
[   13.458598]  RSP <ffff88042dd33b78>
[   13.462671] CR2: 0000000000000048
[   13.466551] ---[ end trace c5bd26a37c81d760 ]---

Reviewed-by: Yijing Wang <wangyijing@huawei.com>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Signed-off-by: Joerg Roedel <joro@8bytes.org>
2014-01-09 12:43:38 +01:00
..
amd_iommu_init.c iommu/amd: Clean up unnecessary MSI/MSI-X capability find 2013-08-14 12:18:52 +02:00
amd_iommu_proto.h perf/x86/amd: Add IOMMU Performance Counter resource management 2013-06-19 13:04:52 +02:00
amd_iommu_types.h perf/x86/amd: Add IOMMU Performance Counter resource management 2013-06-19 13:04:52 +02:00
amd_iommu_v2.c IOMMU Updates for Linux v3.6-rc1 2012-07-24 16:24:11 -07:00
amd_iommu.c iommu/amd: Fix resource leak in iommu_init_device() 2013-08-14 22:15:46 +02:00
arm-smmu.c iommu/arm-smmu: fix error return code in arm_smmu_device_dt_probe() 2013-12-06 16:44:25 +00:00
dmar.c iommu/vt-d, trivial: simplify code with existing macros 2014-01-09 12:43:37 +01:00
exynos-iommu.c iommu/exynos: Remove dead code (set_prefbuf) 2013-08-14 11:28:45 +02:00
fsl_pamu_domain.c iommu/fsl: Fix whitespace problems noticed by git-am 2013-08-14 11:42:29 +02:00
fsl_pamu_domain.h iommu/fsl: Freescale PAMU driver and iommu implementation. 2013-08-14 11:38:34 +02:00
fsl_pamu.c iommu/fsl: Remove unnecessary 'fsl-pamu' prefixes 2013-08-14 11:44:30 +02:00
fsl_pamu.h iommu/fsl: Freescale PAMU driver and iommu implementation. 2013-08-14 11:38:34 +02:00
intel_irq_remapping.c iommu/vt-d, trivial: simplify code with existing macros 2014-01-09 12:43:37 +01:00
intel-iommu.c iommu/vt-d: fix invalid memory access when freeing DMAR irq 2014-01-09 12:43:38 +01:00
iommu-traces.c iommu: Add iommu_error class event to iommu trace 2013-09-25 11:07:04 +02:00
iommu.c Merge branches 'iommu/fixes', 'tracing', 'core', 'arm/tegra', 'x86/vt-d', 'arm/smmu' and 'arm/shmobile' into next 2013-11-01 14:44:25 +01:00
iova.c iommu: Fix typo in iommu 2012-07-24 12:58:49 +02:00
irq_remapping.c iommu/vt-d: Mark function eoi_ioapic_pin_remapped() as static in irq_remapping.c 2013-12-30 15:37:23 +01:00
irq_remapping.h iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets 2013-04-18 17:00:47 +02:00
Kconfig Don't try to compile shmobile-iommu outside of ARM 2013-11-15 18:57:42 -08:00
Makefile iommu: Add event tracing feature to iommu 2013-09-24 12:35:24 +02:00
msm_iommu_dev.c drivers/iommu: remove unnecessary platform_set_drvdata() 2013-09-11 15:56:24 -07:00
msm_iommu_hw-8xxx.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
msm_iommu.c iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
msm_iommu.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
of_iommu.c iommu: Add DMA window parser, of_get_dma_window() 2012-06-25 13:50:28 +02:00
omap-iommu2.c iommu/omap: Adapt to runtime pm 2012-12-03 18:48:23 +01:00
omap-iommu-debug.c ARM: OMAP2+: Move iommu/iovmm headers to platform_data 2012-11-20 10:05:01 -08:00
omap-iommu.c drivers/iommu: remove unnecessary platform_set_drvdata() 2013-09-11 15:56:24 -07:00
omap-iommu.h iommu/omap: Adapt to runtime pm 2012-12-03 18:48:23 +01:00
omap-iopgtable.h drivers/iommu/omap-iopgtable.h: remove unneeded cast of void* 2013-11-13 12:09:00 +09:00
omap-iovmm.c iommu/omap: fix checkpatch warnings in omap iommu code 2013-06-20 16:53:26 +02:00
pci.h iommu: Move swap_pci_ref function to drivers/iommu/pci.h. 2013-04-23 14:55:00 +02:00
shmobile-iommu.c iommu/fsl: Make iova dma_addr_t in the iommu_iova_to_phys API. 2013-04-02 18:20:53 +02:00
shmobile-ipmmu.c iommu/shmobile: Add iommu driver for Renesas IPMMU modules 2013-02-06 10:57:25 +01:00
shmobile-ipmmu.h iommu/shmobile: Add iommu driver for Renesas IPMMU modules 2013-02-06 10:57:25 +01:00
tegra-gart.c iommu/tegra-gart: Staticize tegra_gart_pm_ops 2013-11-01 14:23:20 +01:00
tegra-smmu.c iommu/tegra-smmu: Staticize tegra_smmu_pm_ops 2013-11-01 14:23:33 +01:00