From 11f1a7768cb9179b1f1ce6b8027df7531e0704e7 Mon Sep 17 00:00:00 2001 From: Joerg Roedel Date: Tue, 25 Mar 2014 20:16:40 +0100 Subject: [PATCH] iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() When ir_dev_scope_init() is called via a rootfs initcall it will check for irq_remapping_enabled before it calls (indirectly) into dmar_acpi_dev_scope_init() which uses the dmar_tbl pointer without any checks. The AMD IOMMU driver also sets the irq_remapping_enabled flag which causes the dmar_acpi_dev_scope_init() function to be called on systems with AMD IOMMU hardware too, causing a boot-time kernel crash. Signed-off-by: Joerg Roedel --- drivers/iommu/dmar.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c index 56e1c79dc77f..e531a2b07207 100644 --- a/drivers/iommu/dmar.c +++ b/drivers/iommu/dmar.c @@ -657,7 +657,12 @@ static void __init dmar_acpi_insert_dev_scope(u8 device_number, static int __init dmar_acpi_dev_scope_init(void) { - struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar); + struct acpi_dmar_andd *andd; + + if (dmar_tbl == NULL) + return -ENODEV; + + andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar); while (((unsigned long)andd) < ((unsigned long)dmar_tbl) + dmar_tbl->length) {