[PATCH] iommu/rockchip: Check of_find_device_by_node() return value
Robin Murphy
robin.murphy at arm.com
Tue Dec 9 03:43:55 PST 2025
On 2025-12-09 11:33 am, Haotian Zhang wrote:
> rk_iommu_of_xlate() calls of_find_device_by_node() without
> verifying it is non-NULL, which can lead to a NULL pointer
> dereference and crash.
No, it can't. Please look at how of_xlate is called - at this point we
are looking up the IOMMU device, which has a driver bound to it, which
has registered ops against this of_node that are the only way to reach
this function in the first place. If the device could have somehow
disappeared from underneath an active driver, this potential crash is
the least of the kernel's worries...
Thanks,
Robin.
> Add a check for a NULL return from of_find_device_by_node()
> and return -ENODEV upon failure.
>
> Fixes: 5fd577c3eac3 ("iommu/rockchip: Use OF_IOMMU to attach devices automatically")
> Signed-off-by: Haotian Zhang <vulab at iscas.ac.cn>
> ---
> drivers/iommu/rockchip-iommu.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/iommu/rockchip-iommu.c b/drivers/iommu/rockchip-iommu.c
> index 0861dd469bd8..e59d0617574b 100644
> --- a/drivers/iommu/rockchip-iommu.c
> +++ b/drivers/iommu/rockchip-iommu.c
> @@ -1153,6 +1153,8 @@ static int rk_iommu_of_xlate(struct device *dev,
> struct rk_iommudata *data;
>
> iommu_dev = of_find_device_by_node(args->np);
> + if (!iommu_dev)
> + return -ENODEV;
>
> data = devm_kzalloc(&iommu_dev->dev, sizeof(*data), GFP_KERNEL);
> if (!data)
More information about the linux-arm-kernel
mailing list