From: Joerg Roedel jroedel@suse.de
mainline inclusion from mainline-v5.0-rc1 commit da5d2748e4a4512237764d2a53bdf686eccee18b category:bugfix bugzilla:NA CVE:NA
-------------------
The mtk_iommu_add_device() function keeps the fwspec in an on-stack pointer and calls mtk_iommu_create_mapping(), which might change its source, dev->iommu_fwspec. This causes the on-stack pointer to be obsoleted and the device initialization to fail. Update the on-stack fwspec pointer after mtk_iommu_create_mapping() has been called.
Reported-by: Frank Wunderlich frank-w@public-files.de Fixes: a9bf2eec5a6f ('iommu/mediatek: Use helper functions to access dev->iommu_fwspec') Tested-by: Frank Wunderlich frank-w@public-files.de Signed-off-by: Joerg Roedel jroedel@suse.de Signed-off-by: Chen Jun chenjun102@huawei.com Reviewed-by: Hanjun Guo guohanjun@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/iommu/mtk_iommu_v1.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c index 96d30111c34e..3ddac0078a2b 100644 --- a/drivers/iommu/mtk_iommu_v1.c +++ b/drivers/iommu/mtk_iommu_v1.c @@ -440,6 +440,10 @@ static int mtk_iommu_add_device(struct device *dev) iommu_spec.args_count = count;
mtk_iommu_create_mapping(dev, &iommu_spec); + + /* dev->iommu_fwspec might have changed */ + fwspec = dev_iommu_fwspec_get(dev); + of_node_put(iommu_spec.np); }