diff options
author | Joerg Roedel <joro@8bytes.org> | 2014-03-25 23:16:40 +0400 |
---|---|---|
committer | Joerg Roedel <joro@8bytes.org> | 2014-03-25 23:36:09 +0400 |
commit | 11f1a7768cb9179b1f1ce6b8027df7531e0704e7 (patch) | |
tree | 18886a2d7dd7756ae1b46009092d4003a5faa09d | |
parent | cf04eee8bf0e842dd73a64d02cdcdcbb31b0102c (diff) | |
download | linux-11f1a7768cb9179b1f1ce6b8027df7531e0704e7.tar.xz |
iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init()
When ir_dev_scope_init() is called via a rootfs initcall it
will check for irq_remapping_enabled before it calls
(indirectly) into dmar_acpi_dev_scope_init() which uses the
dmar_tbl pointer without any checks.
The AMD IOMMU driver also sets the irq_remapping_enabled
flag which causes the dmar_acpi_dev_scope_init() function to
be called on systems with AMD IOMMU hardware too, causing a
boot-time kernel crash.
Signed-off-by: Joerg Roedel <joro@8bytes.org>
-rw-r--r-- | drivers/iommu/dmar.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c index 56e1c79dc77f..e531a2b07207 100644 --- a/drivers/iommu/dmar.c +++ b/drivers/iommu/dmar.c @@ -657,7 +657,12 @@ static void __init dmar_acpi_insert_dev_scope(u8 device_number, static int __init dmar_acpi_dev_scope_init(void) { - struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar); + struct acpi_dmar_andd *andd; + + if (dmar_tbl == NULL) + return -ENODEV; + + andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar); while (((unsigned long)andd) < ((unsigned long)dmar_tbl) + dmar_tbl->length) { |