linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH V2 1/1] ARM: dmabounce: fix dmabounce may cause crash issue
@ 2011-03-28  5:53 Aisheng.Dong
  2011-05-16 16:16 ` Dong Aisheng
  0 siblings, 1 reply; 2+ messages in thread
From: Aisheng.Dong @ 2011-03-28  5:53 UTC (permalink / raw)
  To: linux-arm-kernel

The map_single does not check if dev is NULL which may cause kernel panic
like follows:
Unable to handle kernel NULL pointer dereference at virtual address 000000bc
pgd = 80004000
[000000bc] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT
last sysfs file:
Modules linked in:
CPU: 0    Not tainted  (2.6.35.3-00845-g204c152-dirty #112)
PC is at dma_map_single+0x2c/0x2a0
LR is at fec_enet_interrupt+0x1d4/0x450
pc : [<8003cf04>]    lr : [<802936b8>]    psr: 60000193
sp : 80809ec8  ip : 00000080  fp : 99308040
r10: 99308040  r9 : 00000002  r8 : 99074f00
r7 : fa0a5000  r6 : 00000000  r5 : 00000060  r4 : 992e4000
r3 : 00000002  r2 : 8080cac0  r1 : 99308040  r0 : 00000000

The patch checks the dev to avoid this issue and align with the
original dma_map_single to allow dev is NULL.

Signed-off-by: Aisheng.Dong <b29396@freescale.com>
Signed-off-by: Jason.Liu <r64343@freescale.com>

---
Changes for v2:
 Address the comments from Mikael:
 -Fix device_info may be used uninitialized.
---
 arch/arm/common/dmabounce.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/arm/common/dmabounce.c b/arch/arm/common/dmabounce.c
index e568163..789e84a 100644
--- a/arch/arm/common/dmabounce.c
+++ b/arch/arm/common/dmabounce.c
@@ -222,16 +222,19 @@ static struct safe_buffer *find_safe_buffer_dev(struct device *dev,
 static inline dma_addr_t map_single(struct device *dev, void *ptr, size_t size,
 		enum dma_data_direction dir)
 {
-	struct dmabounce_device_info *device_info = dev->archdata.dmabounce;
+	struct dmabounce_device_info *device_info = NULL;
 	dma_addr_t dma_addr;
 	int needs_bounce = 0;
 
+	if (dev)
+		device_info = dev->archdata.dmabounce;
+
 	if (device_info)
 		DO_STATS ( device_info->map_op_count++ );
 
 	dma_addr = virt_to_dma(dev, ptr);
 
-	if (dev->dma_mask) {
+	if (dev && dev->dma_mask) {
 		unsigned long mask = *dev->dma_mask;
 		unsigned long limit;
 
-- 
1.7.0.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH V2 1/1] ARM: dmabounce: fix dmabounce may cause crash issue
  2011-03-28  5:53 [PATCH V2 1/1] ARM: dmabounce: fix dmabounce may cause crash issue Aisheng.Dong
@ 2011-05-16 16:16 ` Dong Aisheng
  0 siblings, 0 replies; 2+ messages in thread
From: Dong Aisheng @ 2011-05-16 16:16 UTC (permalink / raw)
  To: linux-arm-kernel

2011/3/28 Aisheng.Dong <b29396@freescale.com>:
> The map_single does not check if dev is NULL which may cause kernel panic
> like follows:
> Unable to handle kernel NULL pointer dereference at virtual address 000000bc
> pgd = 80004000
> [000000bc] *pgd=00000000
> Internal error: Oops: 5 [#1] PREEMPT
> last sysfs file:
> Modules linked in:
> CPU: 0 ? ?Not tainted ?(2.6.35.3-00845-g204c152-dirty #112)
> PC is at dma_map_single+0x2c/0x2a0
> LR is at fec_enet_interrupt+0x1d4/0x450
> pc : [<8003cf04>] ? ?lr : [<802936b8>] ? ?psr: 60000193
> sp : 80809ec8 ?ip : 00000080 ?fp : 99308040
> r10: 99308040 ?r9 : 00000002 ?r8 : 99074f00
> r7 : fa0a5000 ?r6 : 00000000 ?r5 : 00000060 ?r4 : 992e4000
> r3 : 00000002 ?r2 : 8080cac0 ?r1 : 99308040 ?r0 : 00000000
>
> The patch checks the dev to avoid this issue and align with the
> original dma_map_single to allow dev is NULL.
>
> Signed-off-by: Aisheng.Dong <b29396@freescale.com>
> Signed-off-by: Jason.Liu <r64343@freescale.com>
>
> ---
> Changes for v2:
> ?Address the comments from Mikael:
> ?-Fix device_info may be used uninitialized.
> ---
> ?arch/arm/common/dmabounce.c | ? ?7 +++++--
> ?1 files changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/common/dmabounce.c b/arch/arm/common/dmabounce.c
> index e568163..789e84a 100644
> --- a/arch/arm/common/dmabounce.c
> +++ b/arch/arm/common/dmabounce.c
> @@ -222,16 +222,19 @@ static struct safe_buffer *find_safe_buffer_dev(struct device *dev,
> ?static inline dma_addr_t map_single(struct device *dev, void *ptr, size_t size,
> ? ? ? ? ? ? ? ?enum dma_data_direction dir)
> ?{
> - ? ? ? struct dmabounce_device_info *device_info = dev->archdata.dmabounce;
> + ? ? ? struct dmabounce_device_info *device_info = NULL;
> ? ? ? ?dma_addr_t dma_addr;
> ? ? ? ?int needs_bounce = 0;
>
> + ? ? ? if (dev)
> + ? ? ? ? ? ? ? device_info = dev->archdata.dmabounce;
> +
> ? ? ? ?if (device_info)
> ? ? ? ? ? ? ? ?DO_STATS ( device_info->map_op_count++ );
>
> ? ? ? ?dma_addr = virt_to_dma(dev, ptr);
>
> - ? ? ? if (dev->dma_mask) {
> + ? ? ? if (dev && dev->dma_mask) {
> ? ? ? ? ? ? ? ?unsigned long mask = *dev->dma_mask;
> ? ? ? ? ? ? ? ?unsigned long limit;
>
> --
> 1.7.0.4
>
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>

PING...

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-05-16 16:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-28  5:53 [PATCH V2 1/1] ARM: dmabounce: fix dmabounce may cause crash issue Aisheng.Dong
2011-05-16 16:16 ` Dong Aisheng

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).