linux-stable/kernel/dma
Geert Uytterhoeven 22293c3373 dma-mapping: save base/size instead of pointer to shared DMA pool
On RZ/Five, which is non-coherent, and uses CONFIG_DMA_GLOBAL_POOL=y:

    Oops - store (or AMO) access fault [#1]
    CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-rc1-00015-g8a6e02d0c00e #201
    Hardware name: Renesas SMARC EVK based on r9a07g043f01 (DT)
    epc : __memset+0x60/0x100
     ra : __dma_alloc_from_coherent+0x150/0x17a
    epc : ffffffff8062d2bc ra : ffffffff80053a94 sp : ffffffc60000ba20
     gp : ffffffff812e9938 tp : ffffffd601920000 t0 : ffffffc6000d0000
     t1 : 0000000000000000 t2 : ffffffffe9600000 s0 : ffffffc60000baa0
     s1 : ffffffc6000d0000 a0 : ffffffc6000d0000 a1 : 0000000000000000
     a2 : 0000000000001000 a3 : ffffffc6000d1000 a4 : 0000000000000000
     a5 : 0000000000000000 a6 : ffffffd601adacc0 a7 : ffffffd601a841a8
     s2 : ffffffd6018573c0 s3 : 0000000000001000 s4 : ffffffd6019541e0
     s5 : 0000000200000022 s6 : ffffffd6018f8410 s7 : ffffffd6018573e8
     s8 : 0000000000000001 s9 : 0000000000000001 s10: 0000000000000010
     s11: 0000000000000000 t3 : 0000000000000000 t4 : ffffffffdefe62d1
     t5 : 000000001cd6a3a9 t6 : ffffffd601b2aad6
    status: 0000000200000120 badaddr: ffffffc6000d0000 cause: 0000000000000007
    [<ffffffff8062d2bc>] __memset+0x60/0x100
    [<ffffffff80053e1a>] dma_alloc_from_global_coherent+0x1c/0x28
    [<ffffffff80053056>] dma_direct_alloc+0x98/0x112
    [<ffffffff8005238c>] dma_alloc_attrs+0x78/0x86
    [<ffffffff8035fdb4>] rz_dmac_probe+0x3f6/0x50a
    [<ffffffff803a0694>] platform_probe+0x4c/0x8a

If CONFIG_DMA_GLOBAL_POOL=y, the reserved_mem structure passed to
rmem_dma_setup() is saved for later use, by saving the passed pointer.
However, when dma_init_reserved_memory() is called later, the pointer
has become stale, causing a crash.

E.g. in the RZ/Five case, the referenced memory now contains the
reserved_mem structure for the "mmode_resv0@30000" node (with base
0x30000 and size 0x10000), instead of the correct "pma_resv0@58000000"
node (with base 0x58000000 and size 0x8000000).

Fix this by saving the needed reserved_mem structure's contents instead.

Fixes: 8a6e02d0c0 ("of: reserved_mem: Restructure how the reserved memory regions are processed")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Oreoluwa Babatunde <quic_obabatun@quicinc.com>
Tested-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2024-11-14 10:45:09 +01:00
..
coherent.c dma-mapping: save base/size instead of pointer to shared DMA pool 2024-11-14 10:45:09 +01:00
contiguous.c mm/cma: drop CONFIG_CMA_DEBUG 2024-02-22 10:24:53 -08:00
debug.c dma-debug: remove DMA_API_DEBUG_SG 2024-10-29 08:53:37 +01:00
debug.h dma-debug: teach add_dma_entry() about DMA_ATTR_SKIP_CPU_SYNC 2021-10-18 12:46:45 +02:00
direct.c dma-direct: optimize page freeing when it is not addressable 2024-09-04 07:08:51 +03:00
direct.h swiotlb: reduce swiotlb pool lookups 2024-07-10 07:59:03 +02:00
dummy.c dma-mapping: call ->unmap_page and ->unmap_sg unconditionally 2024-08-22 06:18:11 +02:00
Kconfig dma-debug: remove DMA_API_DEBUG_SG 2024-10-29 08:53:37 +01:00
Makefile dma-mapping: clearly mark DMA ops as an architecture feature 2024-09-04 07:08:51 +03:00
map_benchmark.c dma-mapping: benchmark: Don't starve others when doing the test 2024-07-09 07:48:32 +02:00
mapping.c dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err 2024-11-08 14:56:39 +01:00
ops_helpers.c dma-mapping: use IOMMU DMA calls for common alloc/free page calls 2024-09-05 14:29:42 +03:00
pool.c dma-mapping: replace zone_dma_bits by zone_dma_limit 2024-08-22 06:18:00 +02:00
remap.c dma-mapping: use bit masking to check VM_DMA_COHERENT 2024-08-22 06:15:35 +02:00
swiotlb.c dma-mapping: replace zone_dma_bits by zone_dma_limit 2024-08-22 06:18:00 +02:00