[PATCH] iommu/iova: Add NULL check in iova_magazine

public inbox for iommu@lists.linux-foundation.org
 help / color / mirror / Atom feed

* [PATCH] iommu/iova: Add NULL check in iova_magazine_free()
@ 2026-02-14  8:09 Lynn Liu
  2026-03-17 12:28 ` Jörg Rödel
  0 siblings, 1 reply; 2+ messages in thread
From: Lynn Liu @ 2026-02-14  8:09 UTC (permalink / raw)
  To: joro, will, robin.murphy; +Cc: iommu, linux-kernel, lynn

From: lynn <liulynn@google.com>

When iova_domain_init_rcaches() fails to allocate an iova_magazine
during the initialization of per-cpu rcaches, it jumps to out_err and
calls free_iova_rcaches() for cleanup.

In free_iova_rcaches(), the code iterates through all possible CPUs to
free both cpu_rcache->loaded and cpu_rcache->prev. However, if the
original allocation failed mid-way through the CPU loop, the pointers
for the remaining CPUs remain NULL.

Since kmem_cache_free() does not explicitly handle NULL pointers like
kfree() does, passing these NULL pointers leads to a kernel paging
request fault.

Add a NULL check in iova_magazine_free() to safely handle partially
initialized rcaches in error paths.

Signed-off-by: lynn <liulynn@google.com>
---
 drivers/iommu/iova.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c
index 18f839721813..e026be5e068b 100644
--- a/drivers/iommu/iova.c
+++ b/drivers/iommu/iova.c
@@ -611,7 +611,8 @@ static struct iova_magazine *iova_magazine_alloc(gfp_t flags)

 static void iova_magazine_free(struct iova_magazine *mag)
 {
-	kmem_cache_free(iova_magazine_cache, mag);
+	if (mag)
+		kmem_cache_free(iova_magazine_cache, mag);
 }

 static void
-- 
2.53.0.273.g2a3d683680-goog

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] iommu/iova: Add NULL check in iova_magazine_free()
  2026-02-14  8:09 [PATCH] iommu/iova: Add NULL check in iova_magazine_free() Lynn Liu
@ 2026-03-17 12:28 ` Jörg Rödel
  0 siblings, 0 replies; 2+ messages in thread
From: Jörg Rödel @ 2026-03-17 12:28 UTC (permalink / raw)
  To: Lynn Liu; +Cc: will, robin.murphy, iommu, linux-kernel

On Sat, Feb 14, 2026 at 08:09:19AM +0000, Lynn Liu wrote:
> From: lynn <liulynn@google.com>
> 
> When iova_domain_init_rcaches() fails to allocate an iova_magazine
> during the initialization of per-cpu rcaches, it jumps to out_err and
> calls free_iova_rcaches() for cleanup.
> 
> In free_iova_rcaches(), the code iterates through all possible CPUs to
> free both cpu_rcache->loaded and cpu_rcache->prev. However, if the
> original allocation failed mid-way through the CPU loop, the pointers
> for the remaining CPUs remain NULL.
> 
> Since kmem_cache_free() does not explicitly handle NULL pointers like
> kfree() does, passing these NULL pointers leads to a kernel paging
> request fault.
> 
> Add a NULL check in iova_magazine_free() to safely handle partially
> initialized rcaches in error paths.
> 
> Signed-off-by: lynn <liulynn@google.com>
> ---
>  drivers/iommu/iova.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Applied, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-17 12:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-14  8:09 [PATCH] iommu/iova: Add NULL check in iova_magazine_free() Lynn Liu
2026-03-17 12:28 ` Jörg Rödel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox