[PATCH] x86: dma-mapping: Fix arch_dma_alloc_attrs() oops with NULL dev

From: ville . syrjala
Date: Sun Oct 25 2015 - 17:11:52 EST

Next message: Marcin Wojtas: "Re: [PATCH 3/5] irqchip: armada-370-xp: re-enable per-CPU interrupts at resume time"
Previous message: Hauke Mehrtens: "Re: [PATCH 10/16] compile error: MIPS: add definitions for extended context"
Next in thread: Meelis Roos: "Re: [PATCH] x86: dma-mapping: Fix arch_dma_alloc_attrs() oops with NULL dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ville SyrjÃlÃ <ville.syrjala@xxxxxxxxxxxxxxx>

Commit 6894258eda2f ("dma-mapping: consolidate dma_{alloc,free}_{attrs,coherent}")
broke drivers that pass NULL as the device for dma_alloc.
Fix things by moving the ISA DMA fallback dev assignment earlier.

A quick search suggest that Meelis Roos has hit this with sb16, and I
caught it with smsc-ircc2. Here's the oops I got:

BUG: unable to handle kernel NULL pointer dereference at 000001c0
IP: [<c100840d>] arch_dma_alloc_attrs+0xd/0x80
*pde = 00000000
Oops: 0000 [#1] PREEMPT
Modules linked in: smsc_ircc2(+) irda crc_ccitt sch_fq_codel binfmt_misc joydev mousedev ipw2100 libipw snd_intel8x0 lib80211 snd_ac97_codec cfg80211 iTCO_wdt ac97_bus evdev psmouse firewire_ohci snd_pcm input_leds firewire_core crc_itu_t intel_agp 8139too mii led_class snd_timer snd intel_gtt soundcore lpc_ich mfd_core i2c_i801 i2c_core agpgart rng_core rfkill
CPU: 0 PID: 2135 Comm: modprobe Not tainted 4.2.0-dma-oops+ #41
Hardware name: FUJITSU SIEMENS LIFEBOOK S6010/FJNB159, BIOS Version 1.07 10/28/2002
task: f39ba7c0 ti: f39d4000 task.ti: f39d4000
EIP: 0060:[<c100840d>] EFLAGS: 00010246 CPU: 0
EIP is at arch_dma_alloc_attrs+0xd/0x80
EAX: f39d5d7c EBX: 00000000 ECX: 000080d0 EDX: f39d5d78
ESI: f39ce800 EDI: c16325a0 EBP: f39d5d30 ESP: f39d5d2c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
CR0: 8005003b CR2: 000001c0 CR3: 339a8000 CR4: 000006d0
Stack:
00000400 f39d5dbc f88ca8bb f39d5d88 00000002 00000000 00000400 000002e8
00000003 00000003 00000003 c1e8e600 00000404 00000407 00000003 00000003
f39ceda0 f39cee34 000002e8 000080d0 00000000 c108c0b4 00000000 ffffffff
Call Trace:
[<f88ca8bb>] smsc_ircc_open+0x5eb/0x8f0 [smsc_ircc2]
[<c108c0b4>] ? vprintk_default+0x34/0x40
[<c1101fde>] ? printk+0x16/0x18
[<f88f9656>] ? smsc_superio_flat+0xcd/0x103 [smsc_ircc2]
[<f88f9676>] smsc_superio_flat+0xed/0x103 [smsc_ircc2]
[<f88f9b77>] smsc_ircc_init+0x43f/0x8c8 [smsc_ircc2]
[<c107964b>] ? trace_hardirqs_on+0xb/0x10
[<c1000413>] ? do_one_initcall+0x73/0x1b0
[<f88f9738>] ? smsc_superio_paged+0xac/0xac [smsc_ircc2]
[<c100041e>] do_one_initcall+0x7e/0x1b0
[<f88f9738>] ? smsc_superio_paged+0xac/0xac [smsc_ircc2]
[<c1093412>] ? rcu_read_lock_sched_held+0x62/0x90
[<c1149915>] ? kmem_cache_alloc_trace+0xe5/0x2b0
[<c11392a5>] ? __vunmap+0xb5/0x100
[<c11020cc>] ? do_init_module+0x21/0x1b5
[<c11020fa>] do_init_module+0x4f/0x1b5
[<c10b91b9>] load_module+0x1c19/0x2040
[<c10b9741>] SyS_finit_module+0x61/0x80
[<c148ba17>] sysenter_do_call+0x12/0x12
Code: 3b 4d e4 77 e7 42 83 c0 14 39 fa 75 be 90 83 c4 10 31 c0 5b 5e 5f 5d c3 66 90 66 90 66 90 55 89 e5 53 3e 8d 74 26 00 8b 18 8b 0a <8b> 9b c0 01 00 00 85 db 75 29 f6 c1 01 75 2c 83 e1 f8 89 0a 8b
EIP: [<c100840d>] arch_dma_alloc_attrs+0xd/0x80 SS:ESP 0068:f39d5d2c
CR2: 00000000000001c0
---[ end trace fbf24ded74a1e64a ]---

Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
Cc: Meelis Roos <mroos@xxxxxxxx>
References: http://permalink.gmane.org/gmane.linux.kernel/2048042
Fixes: 6894258eda2f ("dma-mapping: consolidate dma_{alloc,free}_{attrs,coherent}")
Signed-off-by: Ville SyrjÃlÃ <ville.syrjala@xxxxxxxxxxxxxxx>
---
arch/x86/kernel/pci-dma.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 1b55de1..cd99433 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -131,11 +131,12 @@ void dma_generic_free_coherent(struct device *dev, size_t size, void *vaddr,

bool arch_dma_alloc_attrs(struct device **dev, gfp_t *gfp)
{
+ if (!*dev)
+ *dev = &x86_dma_fallback_dev;
+
*gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
*gfp = dma_alloc_coherent_gfp_flags(*dev, *gfp);

- if (!*dev)
- *dev = &x86_dma_fallback_dev;
if (!is_device_dma_capable(*dev))
return false;
return true;
--
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marcin Wojtas: "Re: [PATCH 3/5] irqchip: armada-370-xp: re-enable per-CPU interrupts at resume time"
Previous message: Hauke Mehrtens: "Re: [PATCH 10/16] compile error: MIPS: add definitions for extended context"
Next in thread: Meelis Roos: "Re: [PATCH] x86: dma-mapping: Fix arch_dma_alloc_attrs() oops with NULL dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]