Re: [PATCH V2] dma-direct: Fix potential NULL pointer dereference
On 2020-09-17 12:05 p.m., Konrad Rzeszutek Wilk wrote: On Wed, Sep 16, 2020 at 02:51:06PM -0600, Thomas Tai wrote: When booting the kernel v5.9-rc4 on a VM, the kernel would panic when printing a warning message in swiotlb_map(). The dev->dma_mask must not be a NULL pointer when calling the dma mapping layer. A NULL pointer check can potentially avoid the panic. [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 0 BUG: kernel NULL pointer dereference, address: #PF: supervisor read access in kernel mode #PF: error_code(0x) - not-present page PGD 0 P4D 0 Oops: [#1] SMP PTI CPU: 1 PID: 331 Comm: systemd-udevd Not tainted 5.9.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1 04/01/2014 RIP: 0010:swiotlb_map+0x1ac/0x200 Code: e8 d9 fc ff ff 80 3d 92 ee 4c 01 00 75 51 49 8b 84 24 48 02 00 00 4d 8b 6c 24 50 c6 05 7c ee 4c 01 01 4d 8b bc 24 58 02 00 00 <4c> 8b 30 4d 85 ed 75 04 4d 8b 2c 24 4c 89 e7 e8 10 6b 4f 00 4d 89 RSP: 0018:9f96801af6f8 EFLAGS: 00010246 RAX: RBX: 1000 RCX: 0080 RDX: 007f RSI: 0202 RDI: 0202 RBP: 9f96801af748 R08: R09: 0020 R10: R11: 8fabfffa3000 R12: 8faad02c7810 R13: R14: 0020 R15: FS: 7fabc63588c0() GS:8fabf7c8() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 000151496005 CR4: 00370ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: dma_direct_map_sg+0x124/0x210 dma_map_sg_attrs+0x32/0x50 drm_gem_shmem_get_pages_sgt+0x6a/0x90 [drm] virtio_gpu_object_create+0x140/0x2f0 [virtio_gpu] ? ww_mutex_unlock+0x26/0x30 virtio_gpu_mode_dumb_create+0xab/0x160 [virtio_gpu] drm_mode_create_dumb+0x82/0x90 [drm] drm_client_framebuffer_create+0xaa/0x200 [drm] drm_fb_helper_generic_probe+0x59/0x150 [drm_kms_helper] drm_fb_helper_single_fb_probe+0x29e/0x3e0 [drm_kms_helper] __drm_fb_helper_initial_config_and_unlock+0x41/0xd0 [drm_kms_helper] drm_fbdev_client_hotplug+0xe6/0x1a0 [drm_kms_helper] drm_fbdev_generic_setup+0xaf/0x170 [drm_kms_helper] virtio_gpu_probe+0xea/0x100 [virtio_gpu] virtio_dev_probe+0x14b/0x1e0 [virtio] really_probe+0x1db/0x440 driver_probe_device+0xe9/0x160 device_driver_attach+0x5d/0x70 __driver_attach+0x8f/0x150 ? device_driver_attach+0x70/0x70 bus_for_each_dev+0x7e/0xc0 driver_attach+0x1e/0x20 bus_add_driver+0x152/0x1f0 driver_register+0x74/0xd0 ? 0xc0529000 register_virtio_driver+0x20/0x30 [virtio] virtio_gpu_driver_init+0x15/0x1000 [virtio_gpu] do_one_initcall+0x4a/0x1fa ? _cond_resched+0x19/0x30 ? kmem_cache_alloc_trace+0x16b/0x2e0 do_init_module+0x62/0x240 load_module+0xe0e/0x1100 ? security_kernel_post_read_file+0x5c/0x70 __do_sys_finit_module+0xbe/0x120 ? __do_sys_finit_module+0xbe/0x120 __x64_sys_finit_module+0x1a/0x20 do_syscall_64+0x38/0x50 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Signed-off-by: Thomas Tai Reviewed-by: Konrad Rzeszutek Wilk Thank you, Konrad for reviewing the fix. Thomas Thank you! --- include/linux/dma-direct.h | 3 --- kernel/dma/mapping.c | 11 +++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index 6e87225..0648708 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, { dma_addr_t end = addr + size - 1; - if (!dev->dma_mask) - return false; - if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn))) return false; diff --git a/kernel/dma/mapping.c b/kernel/dma/mapping.c index 0d12942..7133d5c 100644 --- a/kernel/dma/mapping.c +++ b/kernel/dma/mapping.c @@ -144,6 +144,10 @@ dma_addr_t dma_map_page_attrs(struct device *dev, struct page *page, dma_addr_t addr; BUG_ON(!valid_dma_direction(dir)); + + if (WARN_ON_ONCE(!dev->dma_mask)) + return DMA_MAPPING_ERROR; + if (dma_map_direct(dev, ops)) addr = dma_direct_map_page(dev, page, offset, size, dir, attrs); else @@ -179,6 +183,10 @@ int dma_map_sg_attrs(struct device *dev, struct scatterlist *sg, int nents, int ents; BUG_ON(!valid_dma_direction(dir)); + + if (WARN_ON_ONCE(!dev->dma_mask)) + return 0; + if (dma_map_direct(dev, ops)) ents = dma_direct_map_sg(dev, sg, nents, dir, attrs); else @@ -213,6
Re: [PATCH V2] dma-direct: Fix potential NULL pointer dereference
On 2020-09-17 12:44 p.m., Christoph Hellwig wrote: Thanks, applied to the dma-mapping for-next tree. Thank you, Christoph for suggesting and applying the fix. Thomas ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH V2] dma-direct: Fix potential NULL pointer dereference
When booting the kernel v5.9-rc4 on a VM, the kernel would panic when printing a warning message in swiotlb_map(). The dev->dma_mask must not be a NULL pointer when calling the dma mapping layer. A NULL pointer check can potentially avoid the panic. [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 0 BUG: kernel NULL pointer dereference, address: #PF: supervisor read access in kernel mode #PF: error_code(0x) - not-present page PGD 0 P4D 0 Oops: [#1] SMP PTI CPU: 1 PID: 331 Comm: systemd-udevd Not tainted 5.9.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1 04/01/2014 RIP: 0010:swiotlb_map+0x1ac/0x200 Code: e8 d9 fc ff ff 80 3d 92 ee 4c 01 00 75 51 49 8b 84 24 48 02 00 00 4d 8b 6c 24 50 c6 05 7c ee 4c 01 01 4d 8b bc 24 58 02 00 00 <4c> 8b 30 4d 85 ed 75 04 4d 8b 2c 24 4c 89 e7 e8 10 6b 4f 00 4d 89 RSP: 0018:9f96801af6f8 EFLAGS: 00010246 RAX: RBX: 1000 RCX: 0080 RDX: 007f RSI: 0202 RDI: 0202 RBP: 9f96801af748 R08: R09: 0020 R10: R11: 8fabfffa3000 R12: 8faad02c7810 R13: R14: 0020 R15: FS: 7fabc63588c0() GS:8fabf7c8() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 000151496005 CR4: 00370ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: dma_direct_map_sg+0x124/0x210 dma_map_sg_attrs+0x32/0x50 drm_gem_shmem_get_pages_sgt+0x6a/0x90 [drm] virtio_gpu_object_create+0x140/0x2f0 [virtio_gpu] ? ww_mutex_unlock+0x26/0x30 virtio_gpu_mode_dumb_create+0xab/0x160 [virtio_gpu] drm_mode_create_dumb+0x82/0x90 [drm] drm_client_framebuffer_create+0xaa/0x200 [drm] drm_fb_helper_generic_probe+0x59/0x150 [drm_kms_helper] drm_fb_helper_single_fb_probe+0x29e/0x3e0 [drm_kms_helper] __drm_fb_helper_initial_config_and_unlock+0x41/0xd0 [drm_kms_helper] drm_fbdev_client_hotplug+0xe6/0x1a0 [drm_kms_helper] drm_fbdev_generic_setup+0xaf/0x170 [drm_kms_helper] virtio_gpu_probe+0xea/0x100 [virtio_gpu] virtio_dev_probe+0x14b/0x1e0 [virtio] really_probe+0x1db/0x440 driver_probe_device+0xe9/0x160 device_driver_attach+0x5d/0x70 __driver_attach+0x8f/0x150 ? device_driver_attach+0x70/0x70 bus_for_each_dev+0x7e/0xc0 driver_attach+0x1e/0x20 bus_add_driver+0x152/0x1f0 driver_register+0x74/0xd0 ? 0xc0529000 register_virtio_driver+0x20/0x30 [virtio] virtio_gpu_driver_init+0x15/0x1000 [virtio_gpu] do_one_initcall+0x4a/0x1fa ? _cond_resched+0x19/0x30 ? kmem_cache_alloc_trace+0x16b/0x2e0 do_init_module+0x62/0x240 load_module+0xe0e/0x1100 ? security_kernel_post_read_file+0x5c/0x70 __do_sys_finit_module+0xbe/0x120 ? __do_sys_finit_module+0xbe/0x120 __x64_sys_finit_module+0x1a/0x20 do_syscall_64+0x38/0x50 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Signed-off-by: Thomas Tai --- include/linux/dma-direct.h | 3 --- kernel/dma/mapping.c | 11 +++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index 6e87225..0648708 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, { dma_addr_t end = addr + size - 1; - if (!dev->dma_mask) - return false; - if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn))) return false; diff --git a/kernel/dma/mapping.c b/kernel/dma/mapping.c index 0d12942..7133d5c 100644 --- a/kernel/dma/mapping.c +++ b/kernel/dma/mapping.c @@ -144,6 +144,10 @@ dma_addr_t dma_map_page_attrs(struct device *dev, struct page *page, dma_addr_t addr; BUG_ON(!valid_dma_direction(dir)); + + if (WARN_ON_ONCE(!dev->dma_mask)) + return DMA_MAPPING_ERROR; + if (dma_map_direct(dev, ops)) addr = dma_direct_map_page(dev, page, offset, size, dir, attrs); else @@ -179,6 +183,10 @@ int dma_map_sg_attrs(struct device *dev, struct scatterlist *sg, int nents, int ents; BUG_ON(!valid_dma_direction(dir)); + + if (WARN_ON_ONCE(!dev->dma_mask)) + return 0; + if (dma_map_direct(dev, ops)) ents = dma_direct_map_sg(dev, sg, nents, dir, attrs); else @@ -213,6 +221,9 @@ dma_addr_t dma_map_resource(struct device *dev, phys_addr_t phys_addr, BUG_ON(!valid_dma_direction(dir)); + if (WARN_ON_ONCE(!dev->dma_mask)) + return DMA_MAPPING_ERROR; + /* Don't allow RAM to be mapped */ if (W
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 11:09 a.m., Christoph Hellwig wrote: On Tue, Sep 15, 2020 at 10:40:39AM -0400, Thomas Tai wrote: +++ b/include/linux/dma-direct.h @@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, { dma_addr_t end = addr + size - 1; -if (!dev->dma_mask) - return false; - I am concerned that some drivers may rely on this NULL checking. Would you think we can keep this checking and use the following WARN_ON_ONCE()? dma_capable is not a helper for drivers, but just for dma-direct and related code. And this patch adds the checks for the three places how we call into the ->map* methods. Hi Christoph, I tried out the suggested changes, and it successfully warned the null pointer without panic. I notice that there are some places outside the dma-direct, which calls dma_capable(). https://elixir.bootlin.com/linux/v5.9-rc5/source/arch/x86/kernel/amd_gart_64.c#L187 https://elixir.bootlin.com/linux/v5.9-rc5/source/drivers/xen/swiotlb-xen.c#L387 Also, if I remove the null checking in dma_capable(), I may run into the risk of a null pointer dereference within the function. @@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, { dma_addr_t end = addr + size - 1; - if (!dev->dma_mask) - return false; - if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn))) return false; return end <= min_not_zero(*dev->dma_mask, dev->bus_dma_limit); ^ | ** risk of a null dereference ** } Given that the WARN_ON_ONCE already did the intended warning, would you be ok that I keep the null checking in dma_capable()? Thank you, Thomas ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 11:09 a.m., Christoph Hellwig wrote: On Tue, Sep 15, 2020 at 10:40:39AM -0400, Thomas Tai wrote: +++ b/include/linux/dma-direct.h @@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, { dma_addr_t end = addr + size - 1; -if (!dev->dma_mask) - return false; - I am concerned that some drivers may rely on this NULL checking. Would you think we can keep this checking and use the following WARN_ON_ONCE()? dma_capable is not a helper for drivers, but just for dma-direct and related code. And this patch adds the checks for the three places how we call into the ->map* methods. Ok. That sounds good to me. I will make the suggested changes and run some tests before sending out the V2 patch. Thank you, Thomas ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 10:26 a.m., Christoph Hellwig wrote: On Tue, Sep 15, 2020 at 10:11:51AM -0400, Thomas Tai wrote: On 2020-09-15 10:07 a.m., Christoph Hellwig wrote: On Tue, Sep 15, 2020 at 08:03:14AM -0600, Thomas Tai wrote: When booting the kernel v5.9-rc4 on a VM, the kernel would panic when printing a warning message in swiotlb_map(). It is because dev->dma_mask can potentially be a null pointer. Using the dma_get_mask() macro can avoid the NULL pointer dereference. dma_mask must not be zero. This means drm is calling DMA API functions on something weird. This needs to be fixed in the caller. Thanks, Christoph for your comment. The caller already fixed the null pointer in the latest v5.9-rc5. I am thinking that if we had used the dma_get_mask(), the kernel couldn't panic and could properly print out the warning message. If we want to solve this something like this patch is probably the right way: diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index 6e87225600ae35..064870844f06c1 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size, { dma_addr_t end = addr + size - 1; - if (!dev->dma_mask) - return false; - I am concerned that some drivers may rely on this NULL checking. Would you think we can keep this checking and use the following WARN_ON_ONCE()? if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn))) return false; diff --git a/kernel/dma/mapping.c b/kernel/dma/mapping.c index 0d129421e75fc8..2b01d8f7baf160 100644 --- a/kernel/dma/mapping.c +++ b/kernel/dma/mapping.c @@ -144,6 +144,10 @@ dma_addr_t dma_map_page_attrs(struct device *dev, struct page *page, dma_addr_t addr; BUG_ON(!valid_dma_direction(dir)); + + if (WARN_ON_ONCE(!dev->dma_mask)) + return DMA_MAPPING_ERROR; + if (dma_map_direct(dev, ops)) addr = dma_direct_map_page(dev, page, offset, size, dir, attrs); else @@ -179,6 +183,10 @@ int dma_map_sg_attrs(struct device *dev, struct scatterlist *sg, int nents, int ents; BUG_ON(!valid_dma_direction(dir)); + + if (WARN_ON_ONCE(!dev->dma_mask)) + return 0; + if (dma_map_direct(dev, ops)) ents = dma_direct_map_sg(dev, sg, nents, dir, attrs); else @@ -217,6 +225,9 @@ dma_addr_t dma_map_resource(struct device *dev, phys_addr_t phys_addr, if (WARN_ON_ONCE(pfn_valid(PHYS_PFN(phys_addr return DMA_MAPPING_ERROR; + if (WARN_ON_ONCE(!dev->dma_mask)) + return DMA_MAPPING_ERROR; + if (dma_map_direct(dev, ops)) addr = dma_direct_map_resource(dev, phys_addr, size, dir, attrs); else if (ops->map_resource) ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 10:07 a.m., Christoph Hellwig wrote: On Tue, Sep 15, 2020 at 08:03:14AM -0600, Thomas Tai wrote: When booting the kernel v5.9-rc4 on a VM, the kernel would panic when printing a warning message in swiotlb_map(). It is because dev->dma_mask can potentially be a null pointer. Using the dma_get_mask() macro can avoid the NULL pointer dereference. dma_mask must not be zero. This means drm is calling DMA API functions on something weird. This needs to be fixed in the caller. Thanks, Christoph for your comment. The caller already fixed the null pointer in the latest v5.9-rc5. I am thinking that if we had used the dma_get_mask(), the kernel couldn't panic and could properly print out the warning message. Thomas ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH] dma-direct: Fix potential NULL pointer dereference
When booting the kernel v5.9-rc4 on a VM, the kernel would panic when printing a warning message in swiotlb_map(). It is because dev->dma_mask can potentially be a null pointer. Using the dma_get_mask() macro can avoid the NULL pointer dereference. Fixes: d323bb44e4d2 ("drm/virtio: Call the right shmem helpers") [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 0 BUG: kernel NULL pointer dereference, address: #PF: supervisor read access in kernel mode #PF: error_code(0x) - not-present page PGD 0 P4D 0 Oops: [#1] SMP PTI CPU: 1 PID: 331 Comm: systemd-udevd Not tainted 5.9.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1 04/01/2014 RIP: 0010:swiotlb_map+0x1ac/0x200 Code: e8 d9 fc ff ff 80 3d 92 ee 4c 01 00 75 51 49 8b 84 24 48 02 00 00 4d 8b 6c 24 50 c6 05 7c ee 4c 01 01 4d 8b bc 24 58 02 00 00 <4c> 8b 30 4d 85 ed 75 04 4d 8b 2c 24 4c 89 e7 e8 10 6b 4f 00 4d 89 RSP: 0018:9f96801af6f8 EFLAGS: 00010246 RAX: RBX: 1000 RCX: 0080 RDX: 007f RSI: 0202 RDI: 0202 RBP: 9f96801af748 R08: R09: 0020 R10: R11: 8fabfffa3000 R12: 8faad02c7810 R13: R14: 0020 R15: FS: 7fabc63588c0() GS:8fabf7c8() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 000151496005 CR4: 00370ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: dma_direct_map_sg+0x124/0x210 dma_map_sg_attrs+0x32/0x50 drm_gem_shmem_get_pages_sgt+0x6a/0x90 [drm] virtio_gpu_object_create+0x140/0x2f0 [virtio_gpu] ? ww_mutex_unlock+0x26/0x30 virtio_gpu_mode_dumb_create+0xab/0x160 [virtio_gpu] drm_mode_create_dumb+0x82/0x90 [drm] drm_client_framebuffer_create+0xaa/0x200 [drm] drm_fb_helper_generic_probe+0x59/0x150 [drm_kms_helper] drm_fb_helper_single_fb_probe+0x29e/0x3e0 [drm_kms_helper] __drm_fb_helper_initial_config_and_unlock+0x41/0xd0 [drm_kms_helper] drm_fbdev_client_hotplug+0xe6/0x1a0 [drm_kms_helper] drm_fbdev_generic_setup+0xaf/0x170 [drm_kms_helper] virtio_gpu_probe+0xea/0x100 [virtio_gpu] virtio_dev_probe+0x14b/0x1e0 [virtio] really_probe+0x1db/0x440 driver_probe_device+0xe9/0x160 device_driver_attach+0x5d/0x70 __driver_attach+0x8f/0x150 ? device_driver_attach+0x70/0x70 bus_for_each_dev+0x7e/0xc0 driver_attach+0x1e/0x20 bus_add_driver+0x152/0x1f0 driver_register+0x74/0xd0 ? 0xc0529000 register_virtio_driver+0x20/0x30 [virtio] virtio_gpu_driver_init+0x15/0x1000 [virtio_gpu] do_one_initcall+0x4a/0x1fa ? _cond_resched+0x19/0x30 ? kmem_cache_alloc_trace+0x16b/0x2e0 do_init_module+0x62/0x240 load_module+0xe0e/0x1100 ? security_kernel_post_read_file+0x5c/0x70 __do_sys_finit_module+0xbe/0x120 ? __do_sys_finit_module+0xbe/0x120 __x64_sys_finit_module+0x1a/0x20 do_syscall_64+0x38/0x50 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Signed-off-by: Thomas Tai --- include/linux/dma-direct.h | 2 +- kernel/dma/swiotlb.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index 6e87225..7556067 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -168,7 +168,7 @@ static inline dma_addr_t dma_direct_map_page(struct device *dev, dev_WARN_ONCE(dev, 1, "DMA addr %pad+%zu overflow (mask %llx, bus limit %llx).\n", -_addr, size, *dev->dma_mask, dev->bus_dma_limit); +_addr, size, dma_get_mask(dev), dev->bus_dma_limit); return DMA_MAPPING_ERROR; } diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c index c19379fa..aa7727b 100644 --- a/kernel/dma/swiotlb.c +++ b/kernel/dma/swiotlb.c @@ -682,7 +682,7 @@ dma_addr_t swiotlb_map(struct device *dev, phys_addr_t paddr, size_t size, attrs | DMA_ATTR_SKIP_CPU_SYNC); dev_WARN_ONCE(dev, 1, "swiotlb addr %pad+%zu overflow (mask %llx, bus limit %llx).\n", - _addr, size, *dev->dma_mask, dev->bus_dma_limit); + _addr, size, dma_get_mask(dev), dev->bus_dma_limit); return DMA_MAPPING_ERROR; } -- 1.8.3.1 ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Is: virtio_gpu_object_shmem_init issues? Was:Re: upstream boot error: general protection fault in swiotlb_map
Hello, I had a similiar panic when booting an ARM VM with kernel v5.9-rc1. git bisect identified following bad commit. After reverting the bad commit, the VM boot ok. Maybe we should look into the following commit. d323bb44e4d23802eb25d13de1f93f2335bd60d0 is the first bad commit commit d323bb44e4d23802eb25d13de1f93f2335bd60d0 Author: Daniel Vetter Date: Mon May 11 11:35:49 2020 +0200 drm/virtio: Call the right shmem helpers drm_gem_shmem_get_sg_table is meant to implement obj->funcs->get_sg_table, for prime exporting. The one we want is drm_gem_shmem_get_pages_sgt, which also handles imported dma-buf, not just native objects. v2: Rebase, this stuff moved around in commit 2f2aa13724d56829d910b2fa8e80c502d388f106 Author: Gerd Hoffmann Date: Fri Feb 7 08:46:38 2020 +0100 drm/virtio: move virtio_gpu_mem_entry initialization to new function Acked-by: Thomas Zimmermann Signed-off-by: Daniel Vetter Cc: David Airlie Cc: Gerd Hoffmann Cc: virtualizat...@lists.linux-foundation.org Link: https://patchwork.freedesktop.org/patch/msgid/20200511093554.211493-5-daniel.vet...@ffwll.ch Thank you, Thomas On 2020-08-24 11:06 a.m., Konrad Rzeszutek Wilk wrote: On Thu, Aug 06, 2020 at 03:46:23AM -0700, syzbot wrote: Hello, syzbot found the following issue on: HEAD commit:47ec5303 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16fe1dea90 kernel config: https://syzkaller.appspot.com/x/.config?x=7c06047f622c5724 dashboard link: https://syzkaller.appspot.com/bug?extid=3f86afd0b1e4bf1cb64c compiler: gcc (GCC) 10.1.0-syz 20200507 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3f86afd0b1e4bf1cb...@syzkaller.appspotmail.com ceph: loaded (mds proto 32) NET: Registered protocol family 38 async_tx: api initialized (async) Key type asymmetric registered Asymmetric key parser 'x509' registered Asymmetric key parser 'pkcs8' registered Key type pkcs7_test registered Asymmetric key parser 'tpm_parser' registered Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered hgafb: HGA card not detected. hgafb: probe of hgafb.0 failed with error -22 usbcore: registered new interface driver udlfb uvesafb: failed to execute /sbin/v86d uvesafb: make sure that the v86d helper is installed and executable uvesafb: Getting VBE info block failed (eax=0x4f00, err=-2) uvesafb: vbe_init() failed with -22 uvesafb: probe of uvesafb.0 failed with error -22 vga16fb: mapped to 0x8aac772d Console: switching to colour frame buffer device 80x30 fb0: VGA16 VGA frame buffer device input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: Power Button [PWRF] ioatdma: Intel(R) QuickData Technology Driver 5.00 PCI Interrupt Link [GSIF] enabled at IRQ 21 PCI Interrupt Link [GSIG] enabled at IRQ 22 PCI Interrupt Link [GSIH] enabled at IRQ 23 N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A Cyclades driver 2.6 Initializing Nozomi driver 2.1d RocketPort device driver module, version 2.09, 12-June-2003 No rocketport ports found; unloading driver Non-volatile memory driver v1.3 Linux agpgart interface v0.103 [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 usbcore: registered new interface driver udl [drm] pci: virtio-vga detected at :00:01.0 fb0: switching to virtiodrmfb from VGA16 VGA Console: switching to colour VGA+ 80x25 virtio-pci :00:01.0: vgaarb: deactivate vga console Console: switching to colour dummy device 80x25 [drm] features: -virgl +edid [drm] number of scanouts: 1 [drm] number of cap sets: 0 [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 2 general protection fault, probably for non-canonical address 0xdc00: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x-0x0007] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:swiotlb_map+0x5ac/0x700 kernel/dma/swiotlb.c:683 Code: 28 04 00 00 48 c1 ea 03 80 3c 02 00 0f 85 4d 01 00 00 4c 8b a5 18 04 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 1e 01 00 00 48 8d 7d 50 4d 8b 24 24 48 b8 00 00 RSP: :c934f3e0 EFLAGS: 00010246 RAX: dc00 RBX: RCX: 8162cc1d RDX: RSI: 8162cc98 RDI: 88802971a470 RBP: 88802971a048 R08: 0001 R09: 8c5dba77 R10: R11: R12: R13: 7ac0 R14: