From: Joerg Roedel Date: Tue, 25 Mar 2014 19:16:40 +0000 (+0100) Subject: iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=11f1a7768;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() When ir_dev_scope_init() is called via a rootfs initcall it will check for irq_remapping_enabled before it calls (indirectly) into dmar_acpi_dev_scope_init() which uses the dmar_tbl pointer without any checks. The AMD IOMMU driver also sets the irq_remapping_enabled flag which causes the dmar_acpi_dev_scope_init() function to be called on systems with AMD IOMMU hardware too, causing a boot-time kernel crash. Signed-off-by: Joerg Roedel --- diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c index 56e1c79dc77f..e531a2b07207 100644 --- a/drivers/iommu/dmar.c +++ b/drivers/iommu/dmar.c @@ -657,7 +657,12 @@ static void __init dmar_acpi_insert_dev_scope(u8 device_number, static int __init dmar_acpi_dev_scope_init(void) { - struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar); + struct acpi_dmar_andd *andd; + + if (dmar_tbl == NULL) + return -ENODEV; + + andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar); while (((unsigned long)andd) < ((unsigned long)dmar_tbl) + dmar_tbl->length) {