From 4afc3a707e17f226bec8c60b27aae8f229891802 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 8 Nov 2020 20:00:23 +0100
Subject: [PATCH] 5.9-stable patches

added patches:
	iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain.patch
---
 ...l-pointer-dereference-in-find_domain.patch | 80 +++++++++++++++++++
 queue-5.9/series                              |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 queue-5.9/iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain.patch

diff --git a/queue-5.9/iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain.patch b/queue-5.9/iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain.patch
new file mode 100644
index 00000000000..4d1b7c084fd
--- /dev/null
+++ b/queue-5.9/iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain.patch
@@ -0,0 +1,80 @@
+From 6097df457adfb67cb75ca700fd1085ede2e1201d Mon Sep 17 00:00:00 2001
+From: Lu Baolu <baolu.lu@linux.intel.com>
+Date: Wed, 28 Oct 2020 15:07:25 +0800
+Subject: iommu/vt-d: Fix kernel NULL pointer dereference in find_domain()
+
+From: Lu Baolu <baolu.lu@linux.intel.com>
+
+commit 6097df457adfb67cb75ca700fd1085ede2e1201d upstream.
+
+If calling find_domain() for a device which hasn't been probed by the
+iommu core, below kernel NULL pointer dereference issue happens.
+
+[  362.736947] BUG: kernel NULL pointer dereference, address: 0000000000000038
+[  362.743953] #PF: supervisor read access in kernel mode
+[  362.749115] #PF: error_code(0x0000) - not-present page
+[  362.754278] PGD 0 P4D 0
+[  362.756843] Oops: 0000 [#1] SMP NOPTI
+[  362.760528] CPU: 0 PID: 844 Comm: cat Not tainted 5.9.0-rc4-intel-next+ #1
+[  362.767428] Hardware name: Intel Corporation Ice Lake Client Platform/IceLake
+               U DDR4 SODIMM PD RVP TLC, BIOS ICLSFWR1.R00.3384.A02.1909200816
+               09/20/2019
+[  362.781109] RIP: 0010:find_domain+0xd/0x40
+[  362.785234] Code: 48 81 fb 60 28 d9 b2 75 de 5b 41 5c 41 5d 5d c3 0f 1f 00 66
+                     2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 87 e0 02 00
+                     00 55 <48> 8b 40 38 48 89 e5 48 83 f8 fe 0f 94 c1 48 85 ff
+                     0f 94 c2 08 d1
+[  362.804041] RSP: 0018:ffffb09cc1f0bd38 EFLAGS: 00010046
+[  362.809292] RAX: 0000000000000000 RBX: ffff905b98e4fac8 RCX: 0000000000000000
+[  362.816452] RDX: 0000000000000001 RSI: ffff905b98e4fac8 RDI: ffff905b9ccd40d0
+[  362.823617] RBP: ffffb09cc1f0bda0 R08: ffffb09cc1f0bd48 R09: 000000000000000f
+[  362.830778] R10: ffffffffb266c080 R11: ffff905b9042602d R12: ffff905b98e4fac8
+[  362.837944] R13: ffffb09cc1f0bd48 R14: ffff905b9ccd40d0 R15: ffff905b98e4fac8
+[  362.845108] FS:  00007f8485460740(0000) GS:ffff905b9fc00000(0000)
+               knlGS:0000000000000000
+[  362.853227] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  362.858996] CR2: 0000000000000038 CR3: 00000004627a6003 CR4: 0000000000770ef0
+[  362.866161] PKRU: fffffffc
+[  362.868890] Call Trace:
+[  362.871363]  ? show_device_domain_translation+0x32/0x100
+[  362.876700]  ? bind_store+0x110/0x110
+[  362.880387]  ? klist_next+0x91/0x120
+[  362.883987]  ? domain_translation_struct_show+0x50/0x50
+[  362.889237]  bus_for_each_dev+0x79/0xc0
+[  362.893121]  domain_translation_struct_show+0x36/0x50
+[  362.898204]  seq_read+0x135/0x410
+[  362.901545]  ? handle_mm_fault+0xeb8/0x1750
+[  362.905755]  full_proxy_read+0x5c/0x90
+[  362.909526]  vfs_read+0xa6/0x190
+[  362.912782]  ksys_read+0x61/0xe0
+[  362.916037]  __x64_sys_read+0x1a/0x20
+[  362.919725]  do_syscall_64+0x37/0x80
+[  362.923329]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
+[  362.928405] RIP: 0033:0x7f84855c5e95
+
+Filter out those devices to avoid such error.
+
+Fixes: e2726daea583d ("iommu/vt-d: debugfs: Add support to show page table internals")
+Reported-and-tested-by: Xu Pengfei <pengfei.xu@intel.com>
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Cc: stable@vger.kernel.org#v5.6+
+Link: https://lore.kernel.org/r/20201028070725.24979-1-baolu.lu@linux.intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/intel/iommu.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/iommu/intel/iommu.c
++++ b/drivers/iommu/intel/iommu.c
+@@ -2490,6 +2490,9 @@ struct dmar_domain *find_domain(struct d
+ {
+ 	struct device_domain_info *info;
+ 
++	if (unlikely(!dev || !dev->iommu))
++		return NULL;
++
+ 	if (unlikely(attach_deferred(dev)))
+ 		return NULL;
+ 
diff --git a/queue-5.9/series b/queue-5.9/series
index db40811ecb2..0402641a109 100644
--- a/queue-5.9/series
+++ b/queue-5.9/series
@@ -60,3 +60,4 @@ gfs2-don-t-call-cancel_delayed_work_sync-from-within-delete-work-function.patch
 ring-buffer-fix-recursion-protection-transitions-between-interrupt-context.patch
 drm-amdgpu-update-golden-setting-for-sienna_cichlid.patch
 drm-amdgpu-resolved-asd-loading-issue-on-sienna.patch
+iommu-vt-d-fix-kernel-null-pointer-dereference-in-find_domain.patch
-- 
2.47.3