From: Barak Biber bbiber@nvidia.com
stable inclusion from stable-v6.10.7 commit cc6bc2ab1663ec9353636416af22452b078510e9 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAOXZS CVE: CVE-2024-44994
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit fca5b78511e98bdff2cdd55c172b23200a7b3404 ]
When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return.
Instead the return was accidently deleted which results in trying to process the fault and an eventual crash.
Deleting the return was a typo, put it back.
Fixes: 3dfa64aecbaf ("iommu: Make iommu_report_device_fault() return void") Signed-off-by: Barak Biber bbiber@nvidia.com Signed-off-by: Jason Gunthorpe jgg@nvidia.com Reviewed-by: Lu Baolu baolu.lu@linux.intel.com Link: https://lore.kernel.org/r/0-v1-e7153d9c8cee+1c6-iommu_fault_fix_jgg@nvidia.c... Signed-off-by: Joerg Roedel jroedel@suse.de Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Lin Ruifeng linruifeng4@huawei.com --- drivers/iommu/io-pgfault.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/iommu/io-pgfault.c b/drivers/iommu/io-pgfault.c index 06d78fcc79fd..f2c87c695a17 100644 --- a/drivers/iommu/io-pgfault.c +++ b/drivers/iommu/io-pgfault.c @@ -192,6 +192,7 @@ void iommu_report_device_fault(struct device *dev, struct iopf_fault *evt) report_partial_fault(iopf_param, fault); iopf_put_dev_fault_param(iopf_param); /* A request that is not the last does not need to be ack'd */ + return; }
/*