Commit de59b74d authored Sep 15, 2023 by Pratyush Brahma

iommu: Fix missing return check of arm_lpae_init_pte



UAF scenario may occur in clients with EL1 privileges for
iova mappings when we miss to check the return value of
arm_lpae_init_pte which may lead to an PTE be counted as
it was set even if it was already existing. This can cause a
dangling IOMMU PTE to be left mapped pointing to a
freed object and cause UAF in the client if the dangling PTE
is accessed after a failed unmap operation.

Fixes: 27de1978 ("ANDROID: GKI: iommu/io-pgtable-arm: LPAE related updates by vendor")
Change-Id: I674b9b520e705b8f8e63ba20ed76e64cb2fe0f47
Signed-off-by: Pratyush Brahma <quic_pbrahma@quicinc.com>

parent 73d97f46

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 5b654974
· Nov 05, 2025

mentioned in commit 5b654974

mentioned in commit 5b654974acbed3d3334c3f3013293aebcb5b65c4

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit af727f7d
· Nov 05, 2025

mentioned in commit af727f7d

mentioned in commit af727f7dd188cf4b7a288760a8f33d1cd273c4d2

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 351c2eb7
· Nov 05, 2025

mentioned in commit 351c2eb7

mentioned in commit 351c2eb74ebf89504507f76f2fc53081ea3e12e9

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 76c88cc6
· Nov 05, 2025

mentioned in commit 76c88cc6

mentioned in commit 76c88cc6bf55b0d5b558a6995d650216d1bc91b0

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 264b6876
· Nov 05, 2025

mentioned in commit 264b6876

mentioned in commit 264b6876498ef93d1b7a8e2a6a6b3e9f650e67a7

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit db3079d8
· Nov 05, 2025

mentioned in commit db3079d8

mentioned in commit db3079d8a2541d167714ab48b55ee6ba7daad054

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit e69ae8c7
· Nov 05, 2025

mentioned in commit e69ae8c7

mentioned in commit e69ae8c72b617ed11cd2fac00d7ea8ac2dd18825

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 2ca30a9b
· Nov 05, 2025

mentioned in commit 2ca30a9b

mentioned in commit 2ca30a9b5198149e18b9699a40cf9d44c4fda55a

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 2b32670c
· Nov 05, 2025

mentioned in commit 2b32670c

mentioned in commit 2b32670c00e438b2d698ec4dba1d6165f58a41b5

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 7e23ab1a
· Nov 05, 2025

mentioned in commit 7e23ab1a

mentioned in commit 7e23ab1a8565ce1b43a50c4aa29dbc83487e835f

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit b0e46129
· Nov 05, 2025

mentioned in commit b0e46129

mentioned in commit b0e461298d2522fe5626979d8c77d4ce41090a86

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 10e22d30
· Nov 05, 2025

mentioned in commit 10e22d30

mentioned in commit 10e22d3078be8309d84c84b76dcf347cb966cf6e

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 881fbebf
· Nov 05, 2025

mentioned in commit 881fbebf

mentioned in commit 881fbebf2292e9308ff05e85e1f01084e4bfc7da

Toggle commit list

Please to comment