iommu/vt-d: Check for NULL pointer in dmar_acpi_dev_scope_init() When ir_dev_scope_init() is called via a rootfs initcall it will check for irq_remapping_enabled before it calls (indirectly) into dmar_acpi_dev_scope_init() which uses the dmar_tbl pointer without any checks. The AMD IOMMU driver also sets the irq_remapping_enabled flag which causes the dmar_acpi_dev_scope_init() function to be called on systems with AMD IOMMU hardware too, causing a boot-time kernel crash. Signed-off-by: Joerg Roedel <joro@8bytes.org>

commit: 11f1a7768cb9179b1f1ce6b8027df7531e0704e7 [log] [tgz]
author: Joerg Roedel <joro@8bytes.org> Tue Mar 25 20:16:40 2014 +0100
committer: Joerg Roedel <joro@8bytes.org> Tue Mar 25 20:36:09 2014 +0100
tree: 18886a2d7dd7756ae1b46009092d4003a5faa09d
parent: cf04eee8bf0e842dd73a64d02cdcdcbb31b0102c [diff] [blame]
diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
index 56e1c79..e531a2b 100644
--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c

@@ -657,7 +657,12 @@
 
 static int __init dmar_acpi_dev_scope_init(void)
 {
-	struct acpi_dmar_andd *andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
+	struct acpi_dmar_andd *andd;
+
+	if (dmar_tbl == NULL)
+		return -ENODEV;
+
+	andd = (void *)dmar_tbl + sizeof(struct acpi_table_dmar);
 
 	while (((unsigned long)andd) <
 	       ((unsigned long)dmar_tbl) + dmar_tbl->length) {
commit	11f1a7768cb9179b1f1ce6b8027df7531e0704e7	[log] [tgz]
author	Joerg Roedel <joro@8bytes.org>	Tue Mar 25 20:16:40 2014 +0100
committer	Joerg Roedel <joro@8bytes.org>	Tue Mar 25 20:36:09 2014 +0100
tree	18886a2d7dd7756ae1b46009092d4003a5faa09d
parent	cf04eee8bf0e842dd73a64d02cdcdcbb31b0102c [diff] [blame]