Re: [PATCH V2] dma-direct: Fix potential NULL pointer dereference
On 2020-09-17 12:05 p.m., Konrad Rzeszutek Wilk wrote:
On Wed, Sep 16, 2020 at 02:51:06PM -0600, Thomas Tai wrote:
When booting the kernel v5.9-rc4 on a VM, the kernel would panic when
printing a warning message in swiotlb_map(). The dev->dma_mask must not
be a NULL pointer when calling the dma mapping layer. A NULL pointer check
can potentially avoid the panic.
[drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 0
BUG: kernel NULL pointer dereference, address:
#PF: supervisor read access in kernel mode
#PF: error_code(0x) - not-present page
PGD 0 P4D 0
Oops: [#1] SMP PTI
CPU: 1 PID: 331 Comm: systemd-udevd Not tainted 5.9.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS 1.13.0-1ubuntu1 04/01/2014
RIP: 0010:swiotlb_map+0x1ac/0x200
Code: e8 d9 fc ff ff 80 3d 92 ee 4c 01 00 75 51 49 8b 84 24 48 02 00 00
4d 8b 6c 24 50 c6 05 7c ee 4c 01 01 4d 8b bc 24 58 02 00 00 <4c> 8b 30
4d 85 ed 75 04 4d 8b 2c 24 4c 89 e7 e8 10 6b 4f 00 4d 89
RSP: 0018:9f96801af6f8 EFLAGS: 00010246
RAX: RBX: 1000 RCX: 0080
RDX: 007f RSI: 0202 RDI: 0202
RBP: 9f96801af748 R08: R09: 0020
R10: R11: 8fabfffa3000 R12: 8faad02c7810
R13: R14: 0020 R15:
FS: 7fabc63588c0() GS:8fabf7c8()
knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: CR3: 000151496005 CR4: 00370ee0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
dma_direct_map_sg+0x124/0x210
dma_map_sg_attrs+0x32/0x50
drm_gem_shmem_get_pages_sgt+0x6a/0x90 [drm]
virtio_gpu_object_create+0x140/0x2f0 [virtio_gpu]
? ww_mutex_unlock+0x26/0x30
virtio_gpu_mode_dumb_create+0xab/0x160 [virtio_gpu]
drm_mode_create_dumb+0x82/0x90 [drm]
drm_client_framebuffer_create+0xaa/0x200 [drm]
drm_fb_helper_generic_probe+0x59/0x150 [drm_kms_helper]
drm_fb_helper_single_fb_probe+0x29e/0x3e0 [drm_kms_helper]
__drm_fb_helper_initial_config_and_unlock+0x41/0xd0 [drm_kms_helper]
drm_fbdev_client_hotplug+0xe6/0x1a0 [drm_kms_helper]
drm_fbdev_generic_setup+0xaf/0x170 [drm_kms_helper]
virtio_gpu_probe+0xea/0x100 [virtio_gpu]
virtio_dev_probe+0x14b/0x1e0 [virtio]
really_probe+0x1db/0x440
driver_probe_device+0xe9/0x160
device_driver_attach+0x5d/0x70
__driver_attach+0x8f/0x150
? device_driver_attach+0x70/0x70
bus_for_each_dev+0x7e/0xc0
driver_attach+0x1e/0x20
bus_add_driver+0x152/0x1f0
driver_register+0x74/0xd0
? 0xc0529000
register_virtio_driver+0x20/0x30 [virtio]
virtio_gpu_driver_init+0x15/0x1000 [virtio_gpu]
do_one_initcall+0x4a/0x1fa
? _cond_resched+0x19/0x30
? kmem_cache_alloc_trace+0x16b/0x2e0
do_init_module+0x62/0x240
load_module+0xe0e/0x1100
? security_kernel_post_read_file+0x5c/0x70
__do_sys_finit_module+0xbe/0x120
? __do_sys_finit_module+0xbe/0x120
__x64_sys_finit_module+0x1a/0x20
do_syscall_64+0x38/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Thomas Tai
Reviewed-by: Konrad Rzeszutek Wilk
Thank you, Konrad for reviewing the fix.
Thomas
Thank you!
---
include/linux/dma-direct.h | 3 ---
kernel/dma/mapping.c | 11 +++
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
index 6e87225..0648708 100644
--- a/include/linux/dma-direct.h
+++ b/include/linux/dma-direct.h
@@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t
addr, size_t size,
{
dma_addr_t end = addr + size - 1;
- if (!dev->dma_mask)
- return false;
-
if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) &&
min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn)))
return false;
diff --git a/kernel/dma/mapping.c b/kernel/dma/mapping.c
index 0d12942..7133d5c 100644
--- a/kernel/dma/mapping.c
+++ b/kernel/dma/mapping.c
@@ -144,6 +144,10 @@ dma_addr_t dma_map_page_attrs(struct device *dev, struct
page *page,
dma_addr_t addr;
BUG_ON(!valid_dma_direction(dir));
+
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return DMA_MAPPING_ERROR;
+
if (dma_map_direct(dev, ops))
addr = dma_direct_map_page(dev, page, offset, size, dir, attrs);
else
@@ -179,6 +183,10 @@ int dma_map_sg_attrs(struct device *dev, struct
scatterlist *sg, int nents,
int ents;
BUG_ON(!valid_dma_direction(dir));
+
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return 0;
+
if (dma_map_direct(dev, ops))
ents = dma_direct_map_sg(dev, sg, nents, dir, attrs);
else
@@ -213,6
Re: [PATCH V2] dma-direct: Fix potential NULL pointer dereference
On 2020-09-17 12:44 p.m., Christoph Hellwig wrote: Thanks, applied to the dma-mapping for-next tree. Thank you, Christoph for suggesting and applying the fix. Thomas ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH V2] dma-direct: Fix potential NULL pointer dereference
When booting the kernel v5.9-rc4 on a VM, the kernel would panic when
printing a warning message in swiotlb_map(). The dev->dma_mask must not
be a NULL pointer when calling the dma mapping layer. A NULL pointer check
can potentially avoid the panic.
[drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 0
BUG: kernel NULL pointer dereference, address:
#PF: supervisor read access in kernel mode
#PF: error_code(0x) - not-present page
PGD 0 P4D 0
Oops: [#1] SMP PTI
CPU: 1 PID: 331 Comm: systemd-udevd Not tainted 5.9.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS 1.13.0-1ubuntu1 04/01/2014
RIP: 0010:swiotlb_map+0x1ac/0x200
Code: e8 d9 fc ff ff 80 3d 92 ee 4c 01 00 75 51 49 8b 84 24 48 02 00 00
4d 8b 6c 24 50 c6 05 7c ee 4c 01 01 4d 8b bc 24 58 02 00 00 <4c> 8b 30
4d 85 ed 75 04 4d 8b 2c 24 4c 89 e7 e8 10 6b 4f 00 4d 89
RSP: 0018:9f96801af6f8 EFLAGS: 00010246
RAX: RBX: 1000 RCX: 0080
RDX: 007f RSI: 0202 RDI: 0202
RBP: 9f96801af748 R08: R09: 0020
R10: R11: 8fabfffa3000 R12: 8faad02c7810
R13: R14: 0020 R15:
FS: 7fabc63588c0() GS:8fabf7c8()
knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: CR3: 000151496005 CR4: 00370ee0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
dma_direct_map_sg+0x124/0x210
dma_map_sg_attrs+0x32/0x50
drm_gem_shmem_get_pages_sgt+0x6a/0x90 [drm]
virtio_gpu_object_create+0x140/0x2f0 [virtio_gpu]
? ww_mutex_unlock+0x26/0x30
virtio_gpu_mode_dumb_create+0xab/0x160 [virtio_gpu]
drm_mode_create_dumb+0x82/0x90 [drm]
drm_client_framebuffer_create+0xaa/0x200 [drm]
drm_fb_helper_generic_probe+0x59/0x150 [drm_kms_helper]
drm_fb_helper_single_fb_probe+0x29e/0x3e0 [drm_kms_helper]
__drm_fb_helper_initial_config_and_unlock+0x41/0xd0 [drm_kms_helper]
drm_fbdev_client_hotplug+0xe6/0x1a0 [drm_kms_helper]
drm_fbdev_generic_setup+0xaf/0x170 [drm_kms_helper]
virtio_gpu_probe+0xea/0x100 [virtio_gpu]
virtio_dev_probe+0x14b/0x1e0 [virtio]
really_probe+0x1db/0x440
driver_probe_device+0xe9/0x160
device_driver_attach+0x5d/0x70
__driver_attach+0x8f/0x150
? device_driver_attach+0x70/0x70
bus_for_each_dev+0x7e/0xc0
driver_attach+0x1e/0x20
bus_add_driver+0x152/0x1f0
driver_register+0x74/0xd0
? 0xc0529000
register_virtio_driver+0x20/0x30 [virtio]
virtio_gpu_driver_init+0x15/0x1000 [virtio_gpu]
do_one_initcall+0x4a/0x1fa
? _cond_resched+0x19/0x30
? kmem_cache_alloc_trace+0x16b/0x2e0
do_init_module+0x62/0x240
load_module+0xe0e/0x1100
? security_kernel_post_read_file+0x5c/0x70
__do_sys_finit_module+0xbe/0x120
? __do_sys_finit_module+0xbe/0x120
__x64_sys_finit_module+0x1a/0x20
do_syscall_64+0x38/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Thomas Tai
---
include/linux/dma-direct.h | 3 ---
kernel/dma/mapping.c | 11 +++
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
index 6e87225..0648708 100644
--- a/include/linux/dma-direct.h
+++ b/include/linux/dma-direct.h
@@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t
addr, size_t size,
{
dma_addr_t end = addr + size - 1;
- if (!dev->dma_mask)
- return false;
-
if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) &&
min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn)))
return false;
diff --git a/kernel/dma/mapping.c b/kernel/dma/mapping.c
index 0d12942..7133d5c 100644
--- a/kernel/dma/mapping.c
+++ b/kernel/dma/mapping.c
@@ -144,6 +144,10 @@ dma_addr_t dma_map_page_attrs(struct device *dev, struct
page *page,
dma_addr_t addr;
BUG_ON(!valid_dma_direction(dir));
+
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return DMA_MAPPING_ERROR;
+
if (dma_map_direct(dev, ops))
addr = dma_direct_map_page(dev, page, offset, size, dir, attrs);
else
@@ -179,6 +183,10 @@ int dma_map_sg_attrs(struct device *dev, struct
scatterlist *sg, int nents,
int ents;
BUG_ON(!valid_dma_direction(dir));
+
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return 0;
+
if (dma_map_direct(dev, ops))
ents = dma_direct_map_sg(dev, sg, nents, dir, attrs);
else
@@ -213,6 +221,9 @@ dma_addr_t dma_map_resource(struct device *dev, phys_addr_t
phys_addr,
BUG_ON(!valid_dma_direction(dir));
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return DMA_MAPPING_ERROR;
+
/* Don't allow RAM to be mapped */
if (W
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 11:09 a.m., Christoph Hellwig wrote:
On Tue, Sep 15, 2020 at 10:40:39AM -0400, Thomas Tai wrote:
+++ b/include/linux/dma-direct.h
@@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t
addr, size_t size,
{
dma_addr_t end = addr + size - 1;
-if (!dev->dma_mask)
- return false;
-
I am concerned that some drivers may rely on this NULL checking. Would you
think we can keep this checking and use the following WARN_ON_ONCE()?
dma_capable is not a helper for drivers, but just for dma-direct
and related code. And this patch adds the checks for the three
places how we call into the ->map* methods.
Hi Christoph,
I tried out the suggested changes, and it successfully warned the null
pointer without panic. I notice that there are some places outside the
dma-direct, which calls dma_capable().
https://elixir.bootlin.com/linux/v5.9-rc5/source/arch/x86/kernel/amd_gart_64.c#L187
https://elixir.bootlin.com/linux/v5.9-rc5/source/drivers/xen/swiotlb-xen.c#L387
Also, if I remove the null checking in dma_capable(), I may run into the
risk of a null pointer dereference within the function.
@@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev,
dma_addr_t addr, size_t size,
{
dma_addr_t end = addr + size - 1;
- if (!dev->dma_mask)
- return false;
-
if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) &&
min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn)))
return false;
return end <= min_not_zero(*dev->dma_mask, dev->bus_dma_limit);
^
|
** risk of a null dereference **
}
Given that the WARN_ON_ONCE already did the intended warning, would you
be ok that I keep the null checking in dma_capable()?
Thank you,
Thomas
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 11:09 a.m., Christoph Hellwig wrote:
On Tue, Sep 15, 2020 at 10:40:39AM -0400, Thomas Tai wrote:
+++ b/include/linux/dma-direct.h
@@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t
addr, size_t size,
{
dma_addr_t end = addr + size - 1;
-if (!dev->dma_mask)
- return false;
-
I am concerned that some drivers may rely on this NULL checking. Would you
think we can keep this checking and use the following WARN_ON_ONCE()?
dma_capable is not a helper for drivers, but just for dma-direct
and related code. And this patch adds the checks for the three
places how we call into the ->map* methods.
Ok. That sounds good to me. I will make the suggested changes and run
some tests before sending out the V2 patch.
Thank you,
Thomas
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 10:26 a.m., Christoph Hellwig wrote:
On Tue, Sep 15, 2020 at 10:11:51AM -0400, Thomas Tai wrote:
On 2020-09-15 10:07 a.m., Christoph Hellwig wrote:
On Tue, Sep 15, 2020 at 08:03:14AM -0600, Thomas Tai wrote:
When booting the kernel v5.9-rc4 on a VM, the kernel would panic when
printing a warning message in swiotlb_map(). It is because dev->dma_mask
can potentially be a null pointer. Using the dma_get_mask() macro can
avoid the NULL pointer dereference.
dma_mask must not be zero. This means drm is calling DMA API functions
on something weird. This needs to be fixed in the caller.
Thanks, Christoph for your comment. The caller already fixed the null
pointer in the latest v5.9-rc5. I am thinking that if we had used the
dma_get_mask(), the kernel couldn't panic and could properly print out the
warning message.
If we want to solve this something like this patch is probably the
right way:
diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
index 6e87225600ae35..064870844f06c1 100644
--- a/include/linux/dma-direct.h
+++ b/include/linux/dma-direct.h
@@ -62,9 +62,6 @@ static inline bool dma_capable(struct device *dev, dma_addr_t
addr, size_t size,
{
dma_addr_t end = addr + size - 1;
- if (!dev->dma_mask)
- return false;
-
I am concerned that some drivers may rely on this NULL checking. Would
you think we can keep this checking and use the following WARN_ON_ONCE()?
if (is_ram && !IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) &&
min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn)))
return false;
diff --git a/kernel/dma/mapping.c b/kernel/dma/mapping.c
index 0d129421e75fc8..2b01d8f7baf160 100644
--- a/kernel/dma/mapping.c
+++ b/kernel/dma/mapping.c
@@ -144,6 +144,10 @@ dma_addr_t dma_map_page_attrs(struct device *dev, struct
page *page,
dma_addr_t addr;
BUG_ON(!valid_dma_direction(dir));
+
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return DMA_MAPPING_ERROR;
+
if (dma_map_direct(dev, ops))
addr = dma_direct_map_page(dev, page, offset, size, dir, attrs);
else
@@ -179,6 +183,10 @@ int dma_map_sg_attrs(struct device *dev, struct
scatterlist *sg, int nents,
int ents;
BUG_ON(!valid_dma_direction(dir));
+
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return 0;
+
if (dma_map_direct(dev, ops))
ents = dma_direct_map_sg(dev, sg, nents, dir, attrs);
else
@@ -217,6 +225,9 @@ dma_addr_t dma_map_resource(struct device *dev, phys_addr_t
phys_addr,
if (WARN_ON_ONCE(pfn_valid(PHYS_PFN(phys_addr
return DMA_MAPPING_ERROR;
+ if (WARN_ON_ONCE(!dev->dma_mask))
+ return DMA_MAPPING_ERROR;
+
if (dma_map_direct(dev, ops))
addr = dma_direct_map_resource(dev, phys_addr, size, dir,
attrs);
else if (ops->map_resource)
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] dma-direct: Fix potential NULL pointer dereference
On 2020-09-15 10:07 a.m., Christoph Hellwig wrote: On Tue, Sep 15, 2020 at 08:03:14AM -0600, Thomas Tai wrote: When booting the kernel v5.9-rc4 on a VM, the kernel would panic when printing a warning message in swiotlb_map(). It is because dev->dma_mask can potentially be a null pointer. Using the dma_get_mask() macro can avoid the NULL pointer dereference. dma_mask must not be zero. This means drm is calling DMA API functions on something weird. This needs to be fixed in the caller. Thanks, Christoph for your comment. The caller already fixed the null pointer in the latest v5.9-rc5. I am thinking that if we had used the dma_get_mask(), the kernel couldn't panic and could properly print out the warning message. Thomas ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH] dma-direct: Fix potential NULL pointer dereference
When booting the kernel v5.9-rc4 on a VM, the kernel would panic when
printing a warning message in swiotlb_map(). It is because dev->dma_mask
can potentially be a null pointer. Using the dma_get_mask() macro can
avoid the NULL pointer dereference.
Fixes: d323bb44e4d2 ("drm/virtio: Call the right shmem helpers")
[drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 0
BUG: kernel NULL pointer dereference, address:
#PF: supervisor read access in kernel mode
#PF: error_code(0x) - not-present page
PGD 0 P4D 0
Oops: [#1] SMP PTI
CPU: 1 PID: 331 Comm: systemd-udevd Not tainted 5.9.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS 1.13.0-1ubuntu1 04/01/2014
RIP: 0010:swiotlb_map+0x1ac/0x200
Code: e8 d9 fc ff ff 80 3d 92 ee 4c 01 00 75 51 49 8b 84 24 48 02 00 00
4d 8b 6c 24 50 c6 05 7c ee 4c 01 01 4d 8b bc 24 58 02 00 00 <4c> 8b 30
4d 85 ed 75 04 4d 8b 2c 24 4c 89 e7 e8 10 6b 4f 00 4d 89
RSP: 0018:9f96801af6f8 EFLAGS: 00010246
RAX: RBX: 1000 RCX: 0080
RDX: 007f RSI: 0202 RDI: 0202
RBP: 9f96801af748 R08: R09: 0020
R10: R11: 8fabfffa3000 R12: 8faad02c7810
R13: R14: 0020 R15:
FS: 7fabc63588c0() GS:8fabf7c8()
knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: CR3: 000151496005 CR4: 00370ee0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
dma_direct_map_sg+0x124/0x210
dma_map_sg_attrs+0x32/0x50
drm_gem_shmem_get_pages_sgt+0x6a/0x90 [drm]
virtio_gpu_object_create+0x140/0x2f0 [virtio_gpu]
? ww_mutex_unlock+0x26/0x30
virtio_gpu_mode_dumb_create+0xab/0x160 [virtio_gpu]
drm_mode_create_dumb+0x82/0x90 [drm]
drm_client_framebuffer_create+0xaa/0x200 [drm]
drm_fb_helper_generic_probe+0x59/0x150 [drm_kms_helper]
drm_fb_helper_single_fb_probe+0x29e/0x3e0 [drm_kms_helper]
__drm_fb_helper_initial_config_and_unlock+0x41/0xd0 [drm_kms_helper]
drm_fbdev_client_hotplug+0xe6/0x1a0 [drm_kms_helper]
drm_fbdev_generic_setup+0xaf/0x170 [drm_kms_helper]
virtio_gpu_probe+0xea/0x100 [virtio_gpu]
virtio_dev_probe+0x14b/0x1e0 [virtio]
really_probe+0x1db/0x440
driver_probe_device+0xe9/0x160
device_driver_attach+0x5d/0x70
__driver_attach+0x8f/0x150
? device_driver_attach+0x70/0x70
bus_for_each_dev+0x7e/0xc0
driver_attach+0x1e/0x20
bus_add_driver+0x152/0x1f0
driver_register+0x74/0xd0
? 0xc0529000
register_virtio_driver+0x20/0x30 [virtio]
virtio_gpu_driver_init+0x15/0x1000 [virtio_gpu]
do_one_initcall+0x4a/0x1fa
? _cond_resched+0x19/0x30
? kmem_cache_alloc_trace+0x16b/0x2e0
do_init_module+0x62/0x240
load_module+0xe0e/0x1100
? security_kernel_post_read_file+0x5c/0x70
__do_sys_finit_module+0xbe/0x120
? __do_sys_finit_module+0xbe/0x120
__x64_sys_finit_module+0x1a/0x20
do_syscall_64+0x38/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Thomas Tai
---
include/linux/dma-direct.h | 2 +-
kernel/dma/swiotlb.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
index 6e87225..7556067 100644
--- a/include/linux/dma-direct.h
+++ b/include/linux/dma-direct.h
@@ -168,7 +168,7 @@ static inline dma_addr_t dma_direct_map_page(struct device
*dev,
dev_WARN_ONCE(dev, 1,
"DMA addr %pad+%zu overflow (mask %llx, bus limit
%llx).\n",
-_addr, size, *dev->dma_mask,
dev->bus_dma_limit);
+_addr, size, dma_get_mask(dev),
dev->bus_dma_limit);
return DMA_MAPPING_ERROR;
}
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index c19379fa..aa7727b 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -682,7 +682,7 @@ dma_addr_t swiotlb_map(struct device *dev, phys_addr_t
paddr, size_t size,
attrs | DMA_ATTR_SKIP_CPU_SYNC);
dev_WARN_ONCE(dev, 1,
"swiotlb addr %pad+%zu overflow (mask %llx, bus limit
%llx).\n",
- _addr, size, *dev->dma_mask, dev->bus_dma_limit);
+ _addr, size, dma_get_mask(dev), dev->bus_dma_limit);
return DMA_MAPPING_ERROR;
}
--
1.8.3.1
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Is: virtio_gpu_object_shmem_init issues? Was:Re: upstream boot error: general protection fault in swiotlb_map
Hello, I had a similiar panic when booting an ARM VM with kernel v5.9-rc1. git bisect identified following bad commit. After reverting the bad commit, the VM boot ok. Maybe we should look into the following commit. d323bb44e4d23802eb25d13de1f93f2335bd60d0 is the first bad commit commit d323bb44e4d23802eb25d13de1f93f2335bd60d0 Author: Daniel Vetter Date: Mon May 11 11:35:49 2020 +0200 drm/virtio: Call the right shmem helpers drm_gem_shmem_get_sg_table is meant to implement obj->funcs->get_sg_table, for prime exporting. The one we want is drm_gem_shmem_get_pages_sgt, which also handles imported dma-buf, not just native objects. v2: Rebase, this stuff moved around in commit 2f2aa13724d56829d910b2fa8e80c502d388f106 Author: Gerd Hoffmann Date: Fri Feb 7 08:46:38 2020 +0100 drm/virtio: move virtio_gpu_mem_entry initialization to new function Acked-by: Thomas Zimmermann Signed-off-by: Daniel Vetter Cc: David Airlie Cc: Gerd Hoffmann Cc: virtualizat...@lists.linux-foundation.org Link: https://patchwork.freedesktop.org/patch/msgid/20200511093554.211493-5-daniel.vet...@ffwll.ch Thank you, Thomas On 2020-08-24 11:06 a.m., Konrad Rzeszutek Wilk wrote: On Thu, Aug 06, 2020 at 03:46:23AM -0700, syzbot wrote: Hello, syzbot found the following issue on: HEAD commit:47ec5303 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16fe1dea90 kernel config: https://syzkaller.appspot.com/x/.config?x=7c06047f622c5724 dashboard link: https://syzkaller.appspot.com/bug?extid=3f86afd0b1e4bf1cb64c compiler: gcc (GCC) 10.1.0-syz 20200507 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3f86afd0b1e4bf1cb...@syzkaller.appspotmail.com ceph: loaded (mds proto 32) NET: Registered protocol family 38 async_tx: api initialized (async) Key type asymmetric registered Asymmetric key parser 'x509' registered Asymmetric key parser 'pkcs8' registered Key type pkcs7_test registered Asymmetric key parser 'tpm_parser' registered Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered hgafb: HGA card not detected. hgafb: probe of hgafb.0 failed with error -22 usbcore: registered new interface driver udlfb uvesafb: failed to execute /sbin/v86d uvesafb: make sure that the v86d helper is installed and executable uvesafb: Getting VBE info block failed (eax=0x4f00, err=-2) uvesafb: vbe_init() failed with -22 uvesafb: probe of uvesafb.0 failed with error -22 vga16fb: mapped to 0x8aac772d Console: switching to colour frame buffer device 80x30 fb0: VGA16 VGA frame buffer device input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: Power Button [PWRF] ioatdma: Intel(R) QuickData Technology Driver 5.00 PCI Interrupt Link [GSIF] enabled at IRQ 21 PCI Interrupt Link [GSIG] enabled at IRQ 22 PCI Interrupt Link [GSIH] enabled at IRQ 23 N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A Cyclades driver 2.6 Initializing Nozomi driver 2.1d RocketPort device driver module, version 2.09, 12-June-2003 No rocketport ports found; unloading driver Non-volatile memory driver v1.3 Linux agpgart interface v0.103 [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 usbcore: registered new interface driver udl [drm] pci: virtio-vga detected at :00:01.0 fb0: switching to virtiodrmfb from VGA16 VGA Console: switching to colour VGA+ 80x25 virtio-pci :00:01.0: vgaarb: deactivate vga console Console: switching to colour dummy device 80x25 [drm] features: -virgl +edid [drm] number of scanouts: 1 [drm] number of cap sets: 0 [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 2 general protection fault, probably for non-canonical address 0xdc00: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x-0x0007] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:swiotlb_map+0x5ac/0x700 kernel/dma/swiotlb.c:683 Code: 28 04 00 00 48 c1 ea 03 80 3c 02 00 0f 85 4d 01 00 00 4c 8b a5 18 04 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 1e 01 00 00 48 8d 7d 50 4d 8b 24 24 48 b8 00 00 RSP: :c934f3e0 EFLAGS: 00010246 RAX: dc00 RBX: RCX: 8162cc1d RDX: RSI: 8162cc98 RDI: 88802971a470 RBP: 88802971a048 R08: 0001 R09: 8c5dba77 R10: R11: R12: R13: 7ac0 R14:
