mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/kernel/dma
History
Will Deacon f2a6b3ed20 swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y 
[ Upstream commit 75961ffb5c ]

Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction
with dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following
crash when initialising the restricted pools at boot-time:

  | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
  | Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
  | pc : rmem_swiotlb_device_init+0xfc/0x1ec
  | lr : rmem_swiotlb_device_init+0xf0/0x1ec
  | Call trace:
  |  rmem_swiotlb_device_init+0xfc/0x1ec
  |  of_reserved_mem_device_init_by_idx+0x18c/0x238
  |  of_dma_configure_id+0x31c/0x33c
  |  platform_dma_configure+0x34/0x80

faddr2line reveals that the crash is in the list validation code:

  include/linux/list.h:83
  include/linux/rculist.h:79
  include/linux/rculist.h:106
  kernel/dma/swiotlb.c:306
  kernel/dma/swiotlb.c:1695

because add_mem_pool() is trying to list_add_rcu() to a NULL
'mem->pools'.

Fix the crash by initialising the 'mem->pools' list_head in
rmem_swiotlb_device_init() before calling add_mem_pool().

Reported-by: Nikita Ioffe <ioffe@google.com>
Tested-by: Nikita Ioffe <ioffe@google.com>
Fixes: 1aaa736815 ("swiotlb: allocate a new memory pool when existing pools are full")
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-05-17 12:02:08 +02:00
..
Kconfig dma-contiguous: fix the Kconfig entry for CONFIG_DMA_NUMA_CMA 2023-08-30 13:52:53 +02:00
Makefile dma-mapping: remove CONFIG_DMA_REMAP 2022-03-03 14:00:57 +03:00
coherent.c dma-mapping: clear dev->dma_mem to NULL after freeing it 2024-01-25 15:35:26 -08:00
contiguous.c Revert "dma-contiguous: check for memory region overlap" 2023-09-08 05:58:32 -03:00
debug.c dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock 2023-08-30 11:29:08 +02:00
debug.h dma-debug: teach add_dma_entry() about DMA_ATTR_SKIP_CPU_SYNC 2021-10-18 12:46:45 +02:00
direct.c dma-direct: Leak pages on dma_set_decrypted() failure 2024-04-13 13:07:32 +02:00
direct.h dma-mapping: force bouncing if the kmalloc() size is not cache-line-aligned 2023-06-19 16:19:23 -07:00
dummy.c dma-mapping: return error code from dma_dummy_map_sg() 2021-08-09 17:13:06 +02:00
map_benchmark.c dma-mapping: benchmark: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:51 -07:00
mapping.c dma-mapping: move arch_dma_set_mask() declaration to header 2023-07-31 17:54:28 +02:00
ops_helpers.c dma-mapping: handle vmalloc addresses in dma_common_{mmap,get_sgtable} 2021-07-16 11:30:26 +02:00
pool.c dma-pool: remove a __maybe_unused label in atomic_pool_expand 2023-08-31 14:12:37 +02:00
remap.c dma-remap: use kvmalloc_array/kvfree for larger dma memory remap 2023-06-07 15:06:28 +02:00
swiotlb.c swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y 2024-05-17 12:02:08 +02:00