From 87997aaa1bad1fc37e4ff7eb27850172017017a0 Mon Sep 17 00:00:00 2001 From: Ohad Ben-Cohen Date: Wed, 22 Feb 2012 11:14:46 +0200 Subject: [PATCH] iommu/omap: fix NULL pointer dereference Fix this: root@omap4430-panda:~# cat /debug/iommu/ducati/mem [ 62.725708] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000001c [ 62.725708] pgd = e6240000 [ 62.737091] [0000001c] *pgd=a7168831, *pte=00000000, *ppte=00000000 [ 62.743682] Internal error: Oops: 17 [#1] SMP [ 62.743682] Modules linked in: omap_iommu_debug omap_iovmm virtio_rpmsg_bus o map_remoteproc remoteproc virtio_ring virtio mailbox_mach mailbox [ 62.743682] CPU: 0 Not tainted (3.3.0-rc1-00265-g382f84e-dirty #682) [ 62.743682] PC is at debug_read_mem+0x5c/0xac [omap_iommu_debug] [ 62.743682] LR is at 0x1004 [ 62.777832] pc : [] lr : [<00001004>] psr: 60000013 [ 62.777832] sp : e72c7f40 ip : c0763c00 fp : 00000001 [ 62.777832] r10: 00000000 r9 : 00000000 r8 : e72c7f80 [ 62.777832] r7 : e6ffdc08 r6 : bed1ac78 r5 : 00001000 r4 : e7276000 [ 62.777832] r3 : e60f3460 r2 : 00000000 r1 : e60f38c0 r0 : 00000000 [ 62.777832] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 62.816375] Control: 10c53c7d Table: a624004a DAC: 00000015 [ 62.816375] Process cat (pid: 1176, stack limit = 0xe72c62f8) [ 62.828369] Stack: (0xe72c7f40 to 0xe72c8000) ... [ 62.884185] [] (debug_read_mem+0x5c/0xac [omap_iommu_debug]) from [] (vfs_read+0xac/0x130) [ 62.884185] [] (vfs_read+0xac/0x130) from [] (sys_read+0x40/0x70) [ 62.884185] [] (sys_read+0x40/0x70) from [] (ret_fast_syscall+0x0/0x3c) Fix also its 'echo bla > /debug/iommu/ducati/mem' Oops sibling, too. Signed-off-by: Ohad Ben-Cohen Cc: Tony Lindgren Cc: Hiroshi Doyu Cc: Laurent Pinchart Cc: Russell King Cc: Joerg Roedel Cc: stable@vger.kernel.org Signed-off-by: Joerg Roedel --- drivers/iommu/omap-iommu-debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iommu/omap-iommu-debug.c b/drivers/iommu/omap-iommu-debug.c index bad9f9da990d..103dbd92e256 100644 --- a/drivers/iommu/omap-iommu-debug.c +++ b/drivers/iommu/omap-iommu-debug.c @@ -274,7 +274,7 @@ static ssize_t debug_read_mem(struct file *file, char __user *userbuf, mutex_lock(&iommu_debug_lock); area = omap_find_iovm_area(dev, (u32)ppos); - if (IS_ERR(area)) { + if (!area) { bytes = -EINVAL; goto err_out; } @@ -311,7 +311,7 @@ static ssize_t debug_write_mem(struct file *file, const char __user *userbuf, } area = omap_find_iovm_area(dev, (u32)ppos); - if (IS_ERR(area)) { + if (!area) { count = -EINVAL; goto err_out; }