xen/xsm: flask: Prevent NULL deference in flask_assign_{, dt}device()

flask_assign_{, dt}device() may be used to check whether you can test if
a device is assigned. In this case, the domain will be NULL.

However, flask_iommu_resource_use_perm() will be called and may end up
to deference a NULL pointer. This can be prevented by moving the call
after we check the validity for the domain pointer.

Coverity-ID: 1486741
Fixes: 71e617a6b8 ('use is_iommu_enabled() where appropriate...')
Signed-off-by: Julien Grall <julien.grall@arm.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Paul Durrant <paul@xen.org>
Release-acked-by: Juergen Gross <jgross@suse.com>

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3b30827764e8d630c157e6dfb1c56615617a1ae0..cf7f25cda208a42cf26a85c2d75d05b9bfcc50fb 100644 (file)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1296,11 +1296,13 @@ static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
     u32 dsid, rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
-    u32 dperm = flask_iommu_resource_use_perm(d);
+    u32 dperm;
 
     if ( !d )
         return flask_test_assign_device(machine_bdf);
 
+    dperm = flask_iommu_resource_use_perm(d);
+
     rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
     if ( rc )
         return rc;
@@ -1355,11 +1357,13 @@ static int flask_assign_dtdevice(struct domain *d, const char *dtpath)
     u32 dsid, rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
-    u32 dperm = flask_iommu_resource_use_perm(d);
+    u32 dperm;
 
     if ( !d )
         return flask_test_assign_dtdevice(dtpath);
 
+    dperm = flask_iommu_resource_use_perm(d);
+
     rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
     if ( rc )
         return rc;