* [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL
@ 2021-09-11 11:21 Cheng Chao
2021-09-11 11:54 ` Greg KH
0 siblings, 1 reply; 9+ messages in thread
From: Cheng Chao @ 2021-09-11 11:21 UTC (permalink / raw)
To: labbott, sumit.semwal, gregkh, arve, riandrews, devel; +Cc: stable, Cheng Chao
kernel panic is here:
Unable to handle kernel paging request at virtual address b0380000
pgd = d9d94000
[b0380000] *pgd=00000000
Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
...
task: daa2dd00 task.stack: da194000
PC is at v7_dma_clean_range+0x1c/0x34
LR is at arm_dma_sync_single_for_device+0x44/0x58
pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
sp : da195da0 ip : dc1f9000 fp : c1043dc4
r10: 00000000 r9 : c16f1f58 r8 : 00000001
r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5383d Table: 19d9406a DAC: 00000051
...
[<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
[<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
[<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
[<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
[<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
[<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
[<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
[<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
[<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
---[ end trace 89278304932c0e87 ]---
Kernel panic - not syncing: Fatal exception
Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
---
drivers/staging/android/ion/ion_system_heap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
index 22c481f2ae4f..2a35b99cf628 100644
--- a/drivers/staging/android/ion/ion_system_heap.c
+++ b/drivers/staging/android/ion/ion_system_heap.c
@@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
page = ion_page_pool_alloc(pool);
- if (cached)
+ if (page && cached)
ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
DMA_BIDIRECTIONAL);
return page;
--
2.26.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-11 11:21 [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL Cheng Chao
@ 2021-09-11 11:54 ` Greg KH
2021-09-11 14:20 ` Cheng Chao
0 siblings, 1 reply; 9+ messages in thread
From: Greg KH @ 2021-09-11 11:54 UTC (permalink / raw)
To: Cheng Chao; +Cc: labbott, sumit.semwal, arve, riandrews, devel, stable
On Sat, Sep 11, 2021 at 07:21:15PM +0800, Cheng Chao wrote:
> kernel panic is here:
>
> Unable to handle kernel paging request at virtual address b0380000
> pgd = d9d94000
> [b0380000] *pgd=00000000
> Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
> ...
> task: daa2dd00 task.stack: da194000
> PC is at v7_dma_clean_range+0x1c/0x34
> LR is at arm_dma_sync_single_for_device+0x44/0x58
> pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
> sp : da195da0 ip : dc1f9000 fp : c1043dc4
> r10: 00000000 r9 : c16f1f58 r8 : 00000001
> r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
> r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
> Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> Control: 10c5383d Table: 19d9406a DAC: 00000051
> ...
> [<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
> [<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
> [<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
> [<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
> [<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
> [<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
> [<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
> [<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
> [<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
> Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
> ---[ end trace 89278304932c0e87 ]---
> Kernel panic - not syncing: Fatal exception
>
> Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
> ---
> drivers/staging/android/ion/ion_system_heap.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
> index 22c481f2ae4f..2a35b99cf628 100644
> --- a/drivers/staging/android/ion/ion_system_heap.c
> +++ b/drivers/staging/android/ion/ion_system_heap.c
> @@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
>
> page = ion_page_pool_alloc(pool);
>
> - if (cached)
> + if (page && cached)
> ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
> DMA_BIDIRECTIONAL);
> return page;
> --
> 2.26.3
>
Why is this just a 4.9 patch? Ion didn't get removed until 5.11, so
wouldn't this be an issue for anything 5.10 and older?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-11 11:54 ` Greg KH
@ 2021-09-11 14:20 ` Cheng Chao
2021-09-11 14:40 ` Cheng Chao
2021-09-23 14:18 ` Cheng Chao
0 siblings, 2 replies; 9+ messages in thread
From: Cheng Chao @ 2021-09-11 14:20 UTC (permalink / raw)
To: Greg KH; +Cc: labbott, Sumit Semwal, arve, riandrews, devel, stable
for longterm v4.4.283, the code has checked if (!page)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/android/ion/ion_system_heap.c?h=v4.4.283
static struct page *alloc_buffer_page(struct ion_system_heap *heap,
struct ion_buffer *buffer,
unsigned long order)
{
...
if (!cached) {
page = ion_page_pool_alloc(pool);
} else {
...
page = alloc_pages(gfp_flags | __GFP_COMP, order);
if (!page) <---
return NULL; <---
ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
...
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
for longterm v4.14.246, has no ion_pages_sync_for_device after
ion_page_pool_alloc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/android/ion/ion_system_heap.c?h=v4.14.246
static struct page *alloc_buffer_page(struct ion_system_heap *heap,
struct ion_buffer *buffer,
unsigned long order)
{
...
if (!cached)
pool = heap->uncached_pools[order_to_index(order)];
else
pool = heap->cached_pools[order_to_index(order)];
page = ion_page_pool_alloc(pool);
return page;
}
----------------------------------------------------------------------------------------------------------------------------------------------------------
after longterm v4.19.206(include),
static struct page *alloc_buffer_page(struct ion_system_heap *heap,
struct ion_buffer *buffer,
unsigned long order)
{
struct ion_page_pool *pool = heap->pools[order_to_index(order)];
return ion_page_pool_alloc(pool);
}
On Sat, Sep 11, 2021 at 7:54 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Sat, Sep 11, 2021 at 07:21:15PM +0800, Cheng Chao wrote:
> > kernel panic is here:
> >
> > Unable to handle kernel paging request at virtual address b0380000
> > pgd = d9d94000
> > [b0380000] *pgd=00000000
> > Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
> > ...
> > task: daa2dd00 task.stack: da194000
> > PC is at v7_dma_clean_range+0x1c/0x34
> > LR is at arm_dma_sync_single_for_device+0x44/0x58
> > pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
> > sp : da195da0 ip : dc1f9000 fp : c1043dc4
> > r10: 00000000 r9 : c16f1f58 r8 : 00000001
> > r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
> > r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
> > Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> > Control: 10c5383d Table: 19d9406a DAC: 00000051
> > ...
> > [<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
> > [<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
> > [<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
> > [<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
> > [<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
> > [<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
> > [<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
> > [<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
> > [<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
> > Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
> > ---[ end trace 89278304932c0e87 ]---
> > Kernel panic - not syncing: Fatal exception
> >
> > Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
> > ---
> > drivers/staging/android/ion/ion_system_heap.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
> > index 22c481f2ae4f..2a35b99cf628 100644
> > --- a/drivers/staging/android/ion/ion_system_heap.c
> > +++ b/drivers/staging/android/ion/ion_system_heap.c
> > @@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> >
> > page = ion_page_pool_alloc(pool);
> >
> > - if (cached)
> > + if (page && cached)
> > ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
> > DMA_BIDIRECTIONAL);
> > return page;
> > --
> > 2.26.3
> >
>
> Why is this just a 4.9 patch? Ion didn't get removed until 5.11, so
> wouldn't this be an issue for anything 5.10 and older?
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-11 14:20 ` Cheng Chao
@ 2021-09-11 14:40 ` Cheng Chao
2021-09-22 12:17 ` Cheng Chao
2021-09-23 14:18 ` Cheng Chao
1 sibling, 1 reply; 9+ messages in thread
From: Cheng Chao @ 2021-09-11 14:40 UTC (permalink / raw)
To: Greg KH; +Cc: labbott, Sumit Semwal, arve, riandrews, devel, stable
the bug has been introduced by the patch:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/staging/android/ion/ion_system_heap.c?h=v4.9.282&id=e7f63771b60e7802c5a9b437c5ab1a8e33a0bb35
On Sat, Sep 11, 2021 at 10:20 PM Cheng Chao <cs.os.kernel@gmail.com> wrote:
>
> for longterm v4.4.283, the code has checked if (!page)
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/android/ion/ion_system_heap.c?h=v4.4.283
>
>
> static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> struct ion_buffer *buffer,
> unsigned long order)
> {
> ...
> if (!cached) {
> page = ion_page_pool_alloc(pool);
> } else {
> ...
> page = alloc_pages(gfp_flags | __GFP_COMP, order);
> if (!page) <---
> return NULL; <---
>
> ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
> ...
> }
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> for longterm v4.14.246, has no ion_pages_sync_for_device after
> ion_page_pool_alloc
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/android/ion/ion_system_heap.c?h=v4.14.246
>
>
> static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> struct ion_buffer *buffer,
> unsigned long order)
> {
> ...
> if (!cached)
> pool = heap->uncached_pools[order_to_index(order)];
> else
> pool = heap->cached_pools[order_to_index(order)];
>
> page = ion_page_pool_alloc(pool);
>
> return page;
> }
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------
> after longterm v4.19.206(include),
>
> static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> struct ion_buffer *buffer,
> unsigned long order)
> {
> struct ion_page_pool *pool = heap->pools[order_to_index(order)];
>
> return ion_page_pool_alloc(pool);
> }
>
> On Sat, Sep 11, 2021 at 7:54 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Sat, Sep 11, 2021 at 07:21:15PM +0800, Cheng Chao wrote:
> > > kernel panic is here:
> > >
> > > Unable to handle kernel paging request at virtual address b0380000
> > > pgd = d9d94000
> > > [b0380000] *pgd=00000000
> > > Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
> > > ...
> > > task: daa2dd00 task.stack: da194000
> > > PC is at v7_dma_clean_range+0x1c/0x34
> > > LR is at arm_dma_sync_single_for_device+0x44/0x58
> > > pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
> > > sp : da195da0 ip : dc1f9000 fp : c1043dc4
> > > r10: 00000000 r9 : c16f1f58 r8 : 00000001
> > > r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
> > > r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
> > > Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> > > Control: 10c5383d Table: 19d9406a DAC: 00000051
> > > ...
> > > [<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
> > > [<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
> > > [<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
> > > [<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
> > > [<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
> > > [<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
> > > [<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
> > > [<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
> > > [<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
> > > Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
> > > ---[ end trace 89278304932c0e87 ]---
> > > Kernel panic - not syncing: Fatal exception
> > >
> > > Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
> > > ---
> > > drivers/staging/android/ion/ion_system_heap.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
> > > index 22c481f2ae4f..2a35b99cf628 100644
> > > --- a/drivers/staging/android/ion/ion_system_heap.c
> > > +++ b/drivers/staging/android/ion/ion_system_heap.c
> > > @@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> > >
> > > page = ion_page_pool_alloc(pool);
> > >
> > > - if (cached)
> > > + if (page && cached)
> > > ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
> > > DMA_BIDIRECTIONAL);
> > > return page;
> > > --
> > > 2.26.3
> > >
> >
> > Why is this just a 4.9 patch? Ion didn't get removed until 5.11, so
> > wouldn't this be an issue for anything 5.10 and older?
> >
> > thanks,
> >
> > greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-11 14:40 ` Cheng Chao
@ 2021-09-22 12:17 ` Cheng Chao
2021-09-23 8:05 ` Greg KH
2021-09-23 14:21 ` Cheng Chao
0 siblings, 2 replies; 9+ messages in thread
From: Cheng Chao @ 2021-09-22 12:17 UTC (permalink / raw)
To: Greg KH; +Cc: labbott, Sumit Semwal, arve, riandrews, devel, stable
I notice that v4.9.283 has released, but this patch is not merged.
It's exactly a bug.
On Sat, Sep 11, 2021 at 10:40 PM Cheng Chao <cs.os.kernel@gmail.com> wrote:
>
> the bug has been introduced by the patch:
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/staging/android/ion/ion_system_heap.c?h=v4.9.282&id=e7f63771b60e7802c5a9b437c5ab1a8e33a0bb35
>
> On Sat, Sep 11, 2021 at 10:20 PM Cheng Chao <cs.os.kernel@gmail.com> wrote:
> >
> > for longterm v4.4.283, the code has checked if (!page)
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/android/ion/ion_system_heap.c?h=v4.4.283
> >
> >
> > static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> > struct ion_buffer *buffer,
> > unsigned long order)
> > {
> > ...
> > if (!cached) {
> > page = ion_page_pool_alloc(pool);
> > } else {
> > ...
> > page = alloc_pages(gfp_flags | __GFP_COMP, order);
> > if (!page) <---
> > return NULL; <---
> >
> > ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
> > ...
> > }
> >
> > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > for longterm v4.14.246, has no ion_pages_sync_for_device after
> > ion_page_pool_alloc
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/staging/android/ion/ion_system_heap.c?h=v4.14.246
> >
> >
> > static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> > struct ion_buffer *buffer,
> > unsigned long order)
> > {
> > ...
> > if (!cached)
> > pool = heap->uncached_pools[order_to_index(order)];
> > else
> > pool = heap->cached_pools[order_to_index(order)];
> >
> > page = ion_page_pool_alloc(pool);
> >
> > return page;
> > }
> >
> > ----------------------------------------------------------------------------------------------------------------------------------------------------------
> > after longterm v4.19.206(include),
> >
> > static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> > struct ion_buffer *buffer,
> > unsigned long order)
> > {
> > struct ion_page_pool *pool = heap->pools[order_to_index(order)];
> >
> > return ion_page_pool_alloc(pool);
> > }
> >
> > On Sat, Sep 11, 2021 at 7:54 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Sat, Sep 11, 2021 at 07:21:15PM +0800, Cheng Chao wrote:
> > > > kernel panic is here:
> > > >
> > > > Unable to handle kernel paging request at virtual address b0380000
> > > > pgd = d9d94000
> > > > [b0380000] *pgd=00000000
> > > > Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
> > > > ...
> > > > task: daa2dd00 task.stack: da194000
> > > > PC is at v7_dma_clean_range+0x1c/0x34
> > > > LR is at arm_dma_sync_single_for_device+0x44/0x58
> > > > pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
> > > > sp : da195da0 ip : dc1f9000 fp : c1043dc4
> > > > r10: 00000000 r9 : c16f1f58 r8 : 00000001
> > > > r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
> > > > r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
> > > > Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> > > > Control: 10c5383d Table: 19d9406a DAC: 00000051
> > > > ...
> > > > [<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
> > > > [<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
> > > > [<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
> > > > [<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
> > > > [<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
> > > > [<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
> > > > [<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
> > > > [<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
> > > > [<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
> > > > Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
> > > > ---[ end trace 89278304932c0e87 ]---
> > > > Kernel panic - not syncing: Fatal exception
> > > >
> > > > Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
> > > > ---
> > > > drivers/staging/android/ion/ion_system_heap.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
> > > > index 22c481f2ae4f..2a35b99cf628 100644
> > > > --- a/drivers/staging/android/ion/ion_system_heap.c
> > > > +++ b/drivers/staging/android/ion/ion_system_heap.c
> > > > @@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
> > > >
> > > > page = ion_page_pool_alloc(pool);
> > > >
> > > > - if (cached)
> > > > + if (page && cached)
> > > > ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
> > > > DMA_BIDIRECTIONAL);
> > > > return page;
> > > > --
> > > > 2.26.3
> > > >
> > >
> > > Why is this just a 4.9 patch? Ion didn't get removed until 5.11, so
> > > wouldn't this be an issue for anything 5.10 and older?
> > >
> > > thanks,
> > >
> > > greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-22 12:17 ` Cheng Chao
@ 2021-09-23 8:05 ` Greg KH
2021-09-23 14:21 ` Cheng Chao
1 sibling, 0 replies; 9+ messages in thread
From: Greg KH @ 2021-09-23 8:05 UTC (permalink / raw)
To: Cheng Chao; +Cc: labbott, Sumit Semwal, arve, riandrews, devel, stable
On Wed, Sep 22, 2021 at 08:17:15PM +0800, Cheng Chao wrote:
> I notice that v4.9.283 has released, but this patch is not merged.
> It's exactly a bug.
Can you please resend this and include all of the information in this
thread in the changelog comment explaining why this is only needed for
this one branch? Trying to piece it all together on my own doesn't work
well :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-11 14:20 ` Cheng Chao
2021-09-11 14:40 ` Cheng Chao
@ 2021-09-23 14:18 ` Cheng Chao
2021-09-23 14:24 ` Greg KH
1 sibling, 1 reply; 9+ messages in thread
From: Cheng Chao @ 2021-09-23 14:18 UTC (permalink / raw)
To: labbott, sumit.semwal, gregkh, arve, riandrews, devel; +Cc: stable, Cheng Chao
Fixes: commit e7f63771b60e ("ION: Sys_heap: Add cached pool to spead up cached buffer alloc")
the commit e7f63771b60e introduced the bug which didn't test page which maybe NULL.
and previous logic was right.
the e7f63771b60e has been merged in v4.8-rc3, only longterm 4.9.x has this bug,
and other longterm/stable version have not.
kernel panic is here when page is NULL:
Unable to handle kernel paging request at virtual address b0380000
pgd = d9d94000
[b0380000] *pgd=00000000
Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
...
task: daa2dd00 task.stack: da194000
PC is at v7_dma_clean_range+0x1c/0x34
LR is at arm_dma_sync_single_for_device+0x44/0x58
pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
sp : da195da0 ip : dc1f9000 fp : c1043dc4
r10: 00000000 r9 : c16f1f58 r8 : 00000001
r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5383d Table: 19d9406a DAC: 00000051
...
[<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
[<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
[<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
[<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
[<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
[<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
[<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
[<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
[<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
---[ end trace 89278304932c0e87 ]---
Kernel panic - not syncing: Fatal exception
Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
---
drivers/staging/android/ion/ion_system_heap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
index 22c481f2ae4f..2a35b99cf628 100644
--- a/drivers/staging/android/ion/ion_system_heap.c
+++ b/drivers/staging/android/ion/ion_system_heap.c
@@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
page = ion_page_pool_alloc(pool);
- if (cached)
+ if (page && cached)
ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
DMA_BIDIRECTIONAL);
return page;
--
2.26.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-22 12:17 ` Cheng Chao
2021-09-23 8:05 ` Greg KH
@ 2021-09-23 14:21 ` Cheng Chao
1 sibling, 0 replies; 9+ messages in thread
From: Cheng Chao @ 2021-09-23 14:21 UTC (permalink / raw)
To: labbott, sumit.semwal, gregkh, arve, riandrews, devel; +Cc: stable, Cheng Chao
Fixes: commit e7f63771b60e ("ION: Sys_heap: Add cached pool to spead up cached buffer alloc")
the commit e7f63771b60e introduced the bug which didn't test page which maybe NULL.
and previous logic was right.
the e7f63771b60e has been merged in v4.8-rc3, only longterm 4.9.x has this bug,
and other longterm/stable version have not.
kernel panic is here when page is NULL:
Unable to handle kernel paging request at virtual address b0380000
pgd = d9d94000
[b0380000] *pgd=00000000
Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
...
task: daa2dd00 task.stack: da194000
PC is at v7_dma_clean_range+0x1c/0x34
LR is at arm_dma_sync_single_for_device+0x44/0x58
pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
sp : da195da0 ip : dc1f9000 fp : c1043dc4
r10: 00000000 r9 : c16f1f58 r8 : 00000001
r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5383d Table: 19d9406a DAC: 00000051
...
[<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
[<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
[<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
[<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
[<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
[<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
[<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
[<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
[<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
---[ end trace 89278304932c0e87 ]---
Kernel panic - not syncing: Fatal exception
Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
---
drivers/staging/android/ion/ion_system_heap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
index 22c481f2ae4f..2a35b99cf628 100644
--- a/drivers/staging/android/ion/ion_system_heap.c
+++ b/drivers/staging/android/ion/ion_system_heap.c
@@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap,
page = ion_page_pool_alloc(pool);
- if (cached)
+ if (page && cached)
ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
DMA_BIDIRECTIONAL);
return page;
--
2.26.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 4.9] staging: android: ion: fix page is NULL
2021-09-23 14:18 ` Cheng Chao
@ 2021-09-23 14:24 ` Greg KH
0 siblings, 0 replies; 9+ messages in thread
From: Greg KH @ 2021-09-23 14:24 UTC (permalink / raw)
To: Cheng Chao; +Cc: labbott, sumit.semwal, arve, riandrews, devel, stable
On Thu, Sep 23, 2021 at 10:18:14PM +0800, Cheng Chao wrote:
> Fixes: commit e7f63771b60e ("ION: Sys_heap: Add cached pool to spead up cached buffer alloc")
> the commit e7f63771b60e introduced the bug which didn't test page which maybe NULL.
> and previous logic was right.
>
> the e7f63771b60e has been merged in v4.8-rc3, only longterm 4.9.x has this bug,
> and other longterm/stable version have not.
<snip>
thanks for this, now queued up.
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-09-23 14:24 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-11 11:21 [PATCH] [PATCH 4.9] staging: android: ion: fix page is NULL Cheng Chao
2021-09-11 11:54 ` Greg KH
2021-09-11 14:20 ` Cheng Chao
2021-09-11 14:40 ` Cheng Chao
2021-09-22 12:17 ` Cheng Chao
2021-09-23 8:05 ` Greg KH
2021-09-23 14:21 ` Cheng Chao
2021-09-23 14:18 ` Cheng Chao
2021-09-23 14:24 ` Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.