From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "stable@vger.kernel.org,
Cheng Chao" <cs.os.kernel@gmail.com>,
Cheng Chao <cs.os.kernel@gmail.com>
Subject: [PATCH 4.9 04/26] staging: android: ion: fix page is NULL
Date: Fri, 24 Sep 2021 14:43:52 +0200 [thread overview]
Message-ID: <20210924124328.494200946@linuxfoundation.org> (raw)
In-Reply-To: <20210924124328.336953942@linuxfoundation.org>
From: Cheng Chao <cs.os.kernel@gmail.com>
Fixes: commit e7f63771b60e ("ION: Sys_heap: Add cached pool to spead up cached buffer alloc")
the commit e7f63771b60e introduced the bug which didn't test page which maybe NULL.
and previous logic was right.
the e7f63771b60e has been merged in v4.8-rc3, only longterm 4.9.x has this bug,
and other longterm/stable version have not.
kernel panic is here when page is NULL:
Unable to handle kernel paging request at virtual address b0380000
pgd = d9d94000
[b0380000] *pgd=00000000
Internal error: Oops: 2805 [#1] PREEMPT SMP ARM
...
task: daa2dd00 task.stack: da194000
PC is at v7_dma_clean_range+0x1c/0x34
LR is at arm_dma_sync_single_for_device+0x44/0x58
pc : [<c011aa0c>] lr : [<c011645c>] psr: 200f0013
sp : da195da0 ip : dc1f9000 fp : c1043dc4
r10: 00000000 r9 : c16f1f58 r8 : 00000001
r7 : c1621f94 r6 : c0116418 r5 : 00000000 r4 : c011aa58
r3 : 0000003f r2 : 00000040 r1 : b0480000 r0 : b0380000
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5383d Table: 19d9406a DAC: 00000051
...
[<c011aa0c>] (v7_dma_clean_range) from [<c011645c>] (arm_dma_sync_single_for_device+0x44/0x58)
[<c011645c>] (arm_dma_sync_single_for_device) from [<c0117088>] (arm_dma_sync_sg_for_device+0x50/0x7c)
[<c0117088>] (arm_dma_sync_sg_for_device) from [<c0c033c4>] (ion_pages_sync_for_device+0xb0/0xec)
[<c0c033c4>] (ion_pages_sync_for_device) from [<c0c054ac>] (ion_system_heap_allocate+0x2a0/0x2e0)
[<c0c054ac>] (ion_system_heap_allocate) from [<c0c02c78>] (ion_alloc+0x12c/0x494)
[<c0c02c78>] (ion_alloc) from [<c0c03eac>] (ion_ioctl+0x510/0x63c)
[<c0c03eac>] (ion_ioctl) from [<c027c4b0>] (do_vfs_ioctl+0xa8/0x9b4)
[<c027c4b0>] (do_vfs_ioctl) from [<c027ce28>] (SyS_ioctl+0x6c/0x7c)
[<c027ce28>] (SyS_ioctl) from [<c0108a40>] (ret_fast_syscall+0x0/0x48)
Code: e3a02004 e1a02312 e2423001 e1c00003 (ee070f3a)
---[ end trace 89278304932c0e87 ]---
Kernel panic - not syncing: Fatal exception
Signed-off-by: Cheng Chao <cs.os.kernel@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/android/ion/ion_system_heap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/android/ion/ion_system_heap.c
+++ b/drivers/staging/android/ion/ion_system_heap.c
@@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(st
page = ion_page_pool_alloc(pool);
- if (cached)
+ if (page && cached)
ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order,
DMA_BIDIRECTIONAL);
return page;
next prev parent reply other threads:[~2021-09-24 12:46 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-24 12:43 [PATCH 4.9 00/26] 4.9.284-rc1 review Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 01/26] s390/bpf: Fix optimizing out zero-extensions Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 02/26] PM / wakeirq: Fix unbalanced IRQ enable for wakeirq Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 03/26] crypto: talitos - fix max key size for sha384 and sha512 Greg Kroah-Hartman
2021-09-24 12:43 ` Greg Kroah-Hartman [this message]
2021-09-24 12:43 ` [PATCH 4.9 05/26] sctp: validate chunk size in __rcv_asconf_lookup Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 06/26] sctp: add param size validation for SCTP_PARAM_SET_PRIMARY Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 07/26] dmaengine: acpi: Avoid comparison GSI with Linux vIRQ Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 08/26] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 09/26] 9p/trans_virtio: Remove sysfs file on probe failure Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 10/26] prctl: allow to setup brk for et_dyn executables Greg Kroah-Hartman
2021-09-24 12:43 ` [PATCH 4.9 11/26] profiling: fix shift-out-of-bounds bugs Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 12/26] pwm: lpc32xx: Dont modify HW state in .probe() after the PWM chip was registered Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 13/26] pwm: mxs: " Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 14/26] parisc: Move pci_dev_is_behind_card_dino to where it is used Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 15/26] dmaengine: ioat: depends on !UML Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 16/26] dmaengine: xilinx_dma: Set DMA mask for coherent APIs Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 17/26] ceph: lockdep annotations for try_nonblocking_invalidate Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 18/26] nilfs2: fix memory leak in nilfs_sysfs_create_device_group Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 19/26] nilfs2: fix NULL pointer in nilfs_##name##_attr_release Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 20/26] nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 21/26] nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 22/26] nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 23/26] nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 24/26] blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 25/26] drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV Greg Kroah-Hartman
2021-09-24 12:44 ` [PATCH 4.9 26/26] sctp: validate from_addr_param return Greg Kroah-Hartman
2021-09-24 13:52 ` [PATCH 4.9 00/26] 4.9.284-rc1 review Daniel Díaz
2021-09-24 17:50 ` Jon Hunter
2021-09-24 21:53 ` Shuah Khan
2021-09-24 21:53 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210924124328.494200946@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=cs.os.kernel@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).