From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6C0A19BC9 for ; Wed, 7 Jun 2023 20:38:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5983EC433D2; Wed, 7 Jun 2023 20:38:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1686170338; bh=rZU+on8aldc8VbKT6pL78ljWSRUlDbqcOfDXckrCiIM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2d5kQjgP0vjqU9S06d23mBD1wA0t1vhWHSlHr7Ls1mGow3Zf42V1bA9PHbOCXLeUv QU7qUsjMeKT9AAJuF+5KjKhe1A4iQ1QKnfYyQ9viiNvrW55nUUMy5FD9vveK2HJYnN zDX0lQN10S3zKP4fswh2HB7AGTHdlkOU2TQDt98o= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Chen-Yu Tsai , Yong Wu , AngeloGioacchino Del Regno , Joerg Roedel , Sasha Levin Subject: [PATCH 6.1 046/225] iommu/mediatek: Flush IOTLB completely only if domain has been attached Date: Wed, 7 Jun 2023 22:13:59 +0200 Message-ID: <20230607200915.859213729@linuxfoundation.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230607200913.334991024@linuxfoundation.org> References: <20230607200913.334991024@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Chen-Yu Tsai [ Upstream commit b3fc95709c54ffbe80f16801e0a792a4d2b3d55e ] If an IOMMU domain was never attached, it lacks any linkage to the actual IOMMU hardware. Attempting to do flush_iotlb_all() on it will result in a NULL pointer dereference. This seems to happen after the recent IOMMU core rework in v6.4-rc1. Unable to handle kernel read from unreadable memory at virtual address 0000000000000018 Call trace: mtk_iommu_flush_iotlb_all+0x20/0x80 iommu_create_device_direct_mappings.part.0+0x13c/0x230 iommu_setup_default_domain+0x29c/0x4d0 iommu_probe_device+0x12c/0x190 of_iommu_configure+0x140/0x208 of_dma_configure_id+0x19c/0x3c0 platform_dma_configure+0x38/0x88 really_probe+0x78/0x2c0 Check if the "bank" field has been filled in before actually attempting the IOTLB flush to avoid it. The IOTLB is also flushed when the device comes out of runtime suspend, so it should have a clean initial state. Fixes: 08500c43d4f7 ("iommu/mediatek: Adjust the structure") Signed-off-by: Chen-Yu Tsai Reviewed-by: Yong Wu Reviewed-by: AngeloGioacchino Del Regno Link: https://lore.kernel.org/r/20230526085402.394239-1-wenst@chromium.org Signed-off-by: Joerg Roedel Signed-off-by: Sasha Levin --- drivers/iommu/mtk_iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c index e93ca9dc37c8e..2ae5a6058a34a 100644 --- a/drivers/iommu/mtk_iommu.c +++ b/drivers/iommu/mtk_iommu.c @@ -737,7 +737,8 @@ static void mtk_iommu_flush_iotlb_all(struct iommu_domain *domain) { struct mtk_iommu_domain *dom = to_mtk_domain(domain); - mtk_iommu_tlb_flush_all(dom->bank->parent_data); + if (dom->bank) + mtk_iommu_tlb_flush_all(dom->bank->parent_data); } static void mtk_iommu_iotlb_sync(struct iommu_domain *domain, -- 2.39.2