From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B57913002D4 for ; Tue, 14 Oct 2025 15:58:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760457538; cv=none; b=URJUcLk5nNrmHlQB5JUWjJHcelNn2eISDLM8KkX2AK3H4o0C8PPotL5iz/awpjMQltuIsOElQv8aM/sv+70RdE8slBLiLulOiO4jrOuUNLnM6pg/5WLCCXo22jGJLxeu69S/D3ZJI9M3uwQmggzAt6IpxIkqWvq1G+FINz1twI8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760457538; c=relaxed/simple; bh=4R12Elq0KiwEDT0Uo1H8zV/rUXnHjxrq9TUm4xhJsEI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=eOkXmsZ7GuQ5are7mvCKDq5pU9g4TVFDWil2jDg7kfbJ0OJ4wDrtxW848a3ki22kz4Y7+FDO79IF1G8pxB92ZNHzRCUy8bYlNjhG92b2Oq9PyHbFrwk+ujSDcTN4Y17e7MSXVDXEjSfj+7IFCR6+mKPu4/TATED5fdGv+XKD0g8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EiWlwFKh; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EiWlwFKh" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88591C4CEF9; Tue, 14 Oct 2025 15:58:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1760457538; bh=4R12Elq0KiwEDT0Uo1H8zV/rUXnHjxrq9TUm4xhJsEI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EiWlwFKh/Uh5oke4E5khWNLGdaeuRe8S0q2Jxe0Rovlsy563kXuVAmOGSl85OX1/J CgYV6foElTtLw5964fVXh7M88Eoyk9mOi+DZu5RK7SA3wCQWoSw0YB9dGHmRpfqBxY 4xzM0/b0Gbae+z5OHedCZMUZZKX4wMXUCbnaqWQqok3Zemi6ddSQzVnbVzQLy94NJR SWJCjmYA6Z1u2qu8dd17UxoGhlmG7UGp4Z78GKQPhmOFUxmt9Z+p+aaMmSDllffZop nZmsW+v+bmt6mQJNtCWEKSI9jxPeeNpcRHHP1CC2IGkay1KfnvyZWyyY75IR1j+Ewj /JBeS3rzd9c0A== From: Sasha Levin To: stable@vger.kernel.org Cc: Shin'ichiro Kawasaki , Manivannan Sadhasivam , Damien Le Moal , =?UTF-8?q?Krzysztof=20Wilczy=C5=84ski?= , Sasha Levin Subject: [PATCH 6.12.y 2/2] PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Date: Tue, 14 Oct 2025 11:58:54 -0400 Message-ID: <20251014155854.154310-2-sashal@kernel.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251014155854.154310-1-sashal@kernel.org> References: <2025101340-marbled-uneven-a896@gregkh> <20251014155854.154310-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Shin'ichiro Kawasaki [ Upstream commit 85afa9ea122dd9d4a2ead104a951d318975dcd25 ] The fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be NULL even after EPF initialization. Then it is prudent to check that they have non-NULL values before releasing the channels. Add the checks in pci_epf_test_clean_dma_chan(). Without the checks, NULL pointer dereferences happen and they can lead to a kernel panic in some cases: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Call trace: dma_release_channel+0x2c/0x120 (P) pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test] pci_epc_deinit_notify+0x74/0xc0 tegra_pcie_ep_pex_rst_irq+0x250/0x5d8 irq_thread_fn+0x34/0xb8 irq_thread+0x18c/0x2e8 kthread+0x14c/0x210 ret_from_fork+0x10/0x20 Fixes: 8353813c88ef ("PCI: endpoint: Enable DMA tests for endpoints with DMA capabilities") Fixes: 5ebf3fc59bd2 ("PCI: endpoint: functions/pci-epf-test: Add DMA support to transfer data") Signed-off-by: Shin'ichiro Kawasaki [mani: trimmed the stack trace] Signed-off-by: Manivannan Sadhasivam Reviewed-by: Damien Le Moal Reviewed-by: Krzysztof WilczyƄski Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20250916025756.34807-1-shinichiro.kawasaki@wdc.com Signed-off-by: Sasha Levin --- drivers/pci/endpoint/functions/pci-epf-test.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c index 0a7646a8b104f..eeb7fbc2d67a5 100644 --- a/drivers/pci/endpoint/functions/pci-epf-test.c +++ b/drivers/pci/endpoint/functions/pci-epf-test.c @@ -282,15 +282,20 @@ static void pci_epf_test_clean_dma_chan(struct pci_epf_test *epf_test) if (!epf_test->dma_supported) return; - dma_release_channel(epf_test->dma_chan_tx); - if (epf_test->dma_chan_tx == epf_test->dma_chan_rx) { + if (epf_test->dma_chan_tx) { + dma_release_channel(epf_test->dma_chan_tx); + if (epf_test->dma_chan_tx == epf_test->dma_chan_rx) { + epf_test->dma_chan_tx = NULL; + epf_test->dma_chan_rx = NULL; + return; + } epf_test->dma_chan_tx = NULL; - epf_test->dma_chan_rx = NULL; - return; } - dma_release_channel(epf_test->dma_chan_rx); - epf_test->dma_chan_rx = NULL; + if (epf_test->dma_chan_rx) { + dma_release_channel(epf_test->dma_chan_rx); + epf_test->dma_chan_rx = NULL; + } } static void pci_epf_test_print_rate(struct pci_epf_test *epf_test, -- 2.51.0