diff options
author | Chen-Yu Tsai <wenst@chromium.org> | 2023-05-26 16:53:59 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-06-09 10:34:04 +0200 |
commit | 4fc2724f445f46822f7cb8de9b1c362c2f49ec0d (patch) | |
tree | 3c1aec142a71419d6825384b6a045eaf20458741 /drivers/iommu | |
parent | 9316fdd57f253acfcef1a8e4940d08d647c8cdfa (diff) | |
download | linux-stable-4fc2724f445f46822f7cb8de9b1c362c2f49ec0d.tar.gz linux-stable-4fc2724f445f46822f7cb8de9b1c362c2f49ec0d.tar.bz2 linux-stable-4fc2724f445f46822f7cb8de9b1c362c2f49ec0d.zip |
iommu/mediatek: Flush IOTLB completely only if domain has been attached
[ Upstream commit b3fc95709c54ffbe80f16801e0a792a4d2b3d55e ]
If an IOMMU domain was never attached, it lacks any linkage to the
actual IOMMU hardware. Attempting to do flush_iotlb_all() on it will
result in a NULL pointer dereference. This seems to happen after the
recent IOMMU core rework in v6.4-rc1.
Unable to handle kernel read from unreadable memory at virtual address 0000000000000018
Call trace:
mtk_iommu_flush_iotlb_all+0x20/0x80
iommu_create_device_direct_mappings.part.0+0x13c/0x230
iommu_setup_default_domain+0x29c/0x4d0
iommu_probe_device+0x12c/0x190
of_iommu_configure+0x140/0x208
of_dma_configure_id+0x19c/0x3c0
platform_dma_configure+0x38/0x88
really_probe+0x78/0x2c0
Check if the "bank" field has been filled in before actually attempting
the IOTLB flush to avoid it. The IOTLB is also flushed when the device
comes out of runtime suspend, so it should have a clean initial state.
Fixes: 08500c43d4f7 ("iommu/mediatek: Adjust the structure")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Yong Wu <yong.wu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20230526085402.394239-1-wenst@chromium.org
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/iommu')
-rw-r--r-- | drivers/iommu/mtk_iommu.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c index e93ca9dc37c8..2ae5a6058a34 100644 --- a/drivers/iommu/mtk_iommu.c +++ b/drivers/iommu/mtk_iommu.c @@ -737,7 +737,8 @@ static void mtk_iommu_flush_iotlb_all(struct iommu_domain *domain) { struct mtk_iommu_domain *dom = to_mtk_domain(domain); - mtk_iommu_tlb_flush_all(dom->bank->parent_data); + if (dom->bank) + mtk_iommu_tlb_flush_all(dom->bank->parent_data); } static void mtk_iommu_iotlb_sync(struct iommu_domain *domain, |