From: Joerg Roedel <jroedel@suse.de> mainline inclusion from mainline-v5.0-rc1 commit da5d2748e4a4512237764d2a53bdf686eccee18b category:bugfix bugzilla:NA CVE:NA ------------------- The mtk_iommu_add_device() function keeps the fwspec in an on-stack pointer and calls mtk_iommu_create_mapping(), which might change its source, dev->iommu_fwspec. This causes the on-stack pointer to be obsoleted and the device initialization to fail. Update the on-stack fwspec pointer after mtk_iommu_create_mapping() has been called. Reported-by: Frank Wunderlich <frank-w@public-files.de> Fixes: a9bf2eec5a6f ('iommu/mediatek: Use helper functions to access dev->iommu_fwspec') Tested-by: Frank Wunderlich <frank-w@public-files.de> Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Chen Jun <chenjun102@huawei.com> Reviewed-by: Hanjun Guo <guohanjun@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- drivers/iommu/mtk_iommu_v1.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c index 96d30111c34e..3ddac0078a2b 100644 --- a/drivers/iommu/mtk_iommu_v1.c +++ b/drivers/iommu/mtk_iommu_v1.c @@ -440,6 +440,10 @@ static int mtk_iommu_add_device(struct device *dev) iommu_spec.args_count = count; mtk_iommu_create_mapping(dev, &iommu_spec); + + /* dev->iommu_fwspec might have changed */ + fwspec = dev_iommu_fwspec_get(dev); + of_node_put(iommu_spec.np); } -- 2.25.1