From: Joerg Roedel <joro@8bytes.org>
Date: Tue, 25 Mar 2014 19:16:40 +0000 (+0100)
Subject: iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init()
X-Git-Tag: firefly_0821_release~176^2~4013^2^2~6
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=11f1a7768cb9179b1f1ce6b8027df7531e0704e7;p=firefly-linux-kernel-4.4.55.git

iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init()

When ir_dev_scope_init() is called via a rootfs initcall it
will check for irq_remapping_enabled before it calls
(indirectly) into dmar_acpi_dev_scope_init() which uses the
dmar_tbl pointer without any checks.

The AMD IOMMU driver also sets the irq_remapping_enabled
flag which causes the dmar_acpi_dev_scope_init() function to
be called on systems with AMD IOMMU hardware too, causing a
boot-time kernel crash.

Signed-off-by: Joerg Roedel <joro@8bytes.org>
---

diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
index 56e1c79dc77f..e531a2b07207 100644
--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c
@@ -657,7 +657,12 @@ static void __init dmar_acpi_insert_dev_scope(u8 device_number,
 
 static int __init dmar_acpi_dev_scope_init(void)
 {
-	struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
+	struct acpi_dmar_andd *andd;
+
+	if (dmar_tbl == NULL)
+		return -ENODEV;
+
+	andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
 
 	while (((unsigned long)andd) <
 	       ((unsigned long)dmar_tbl) + dmar_tbl->length) {